Re: [RFC] ignore ftp_epsv off for IPv6

From: Alex Rousskov <rousskov_at_measurement-factory.com>
Date: Tue, 28 Jan 2014 13:24:35 -0700

On 01/25/2014 06:05 PM, Amos Jeffries wrote:
> On 25/01/2014 9:27 a.m., Alex Rousskov wrote:
>
>> I propose to limit squid.conf "ftp_epsv off" prohibition to IPv4 FTP
>> servers.
...
>> Do you think it would be OK to allow the use of EPSV commands with IPv6
>> servers even if ftp_epsv is off?

> "off" should never be abused to mean half-off. We are having enough
> trouble with "forwarded_for off" historically meaning something other
> than disable XFF feature.

The problem here is that the directive itself was misnamed IMO. It
should have been ftp_epsv_for_ipv4 or similar.

> I think extending the directive to allow selective disabling with
> no-ipv6 or no-ipv4 values would be better.

I do not like negative names so I would suggest "ipv6" instead of "no-ipv4".

However, what should Squid do when it is talking to an IPv6 server and
ftp_epsv is "off" or "ipv4"? Does it really make sense to write more
code to handle that essentially misconfigured (but inherited from the
old configs) case? I doubt...

How about this alternative:

1. Add ftp_epsv_for_ipv4 on/off.
2. Deprecate ftp_epsv in favor of the newly added ftp_epsv_for_ipv4.
3. Treat ftp_epsv on/off as ftp_epsv_for_ipv4 on/off.

This would avoid writing useless code to handle misconfigurations
because it would be impossible to misconfigure Squid in this area.

Thank you,

Alex.
Received on Tue Jan 28 2014 - 20:24:57 MST

This archive was generated by hypermail 2.2.0 : Wed Jan 29 2014 - 12:00:14 MST