You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Tony at Bluehaze <to...@bluehaze.com.au> on 2004/06/29 16:55:46 UTC
[users@httpd] Proxypass of FTP via apache 2 - is it possible?
Hi,
We have a number of virtual hosts defined at our main apache gateway (unix)
in our DMZ at work which are ProxyPass'd into our internal backend servers.
This has always worked well.
But a new target I had to add last week (an IIS box) also requires FTP access
(anonymous). So I added a new virt host block for it, and the proxypass
fired up immediately for HTTP, but I can't get FTP proxying to go. I've just
spent the last 3 days searching everywhere for any references to the use of
ftp_proxy, but found very little.
Has anyone set proxy_ftp up before and got it running? Or am I just
misunderstanding the purpose of proxy_ftp?
-------------------
For the sake of completeness, the apache 2 build config I used is:
--------- snip --------
configure --prefix=/usr/local/apache2 --enable-module=all --enable-ssl \
--disable-auth --enable-proxy -enable-proxy-connect -enable-proxy-ftp \
-enable-proxy-http --enable-rewrite --with-ssl=/usr/local/ssl
--------- snip --------
I've tried these to my httpd.conf:
--------- snip --------
Listen 150.229.66.21:21
--------- snip --------
(150.229.66.21 being the gateway system's normal IP).
This certainly helped - I now get a connection when I try it, but no session.
I've even tried an extra virt host entry (total guesswork) as follows:
--------- snip --------
<VirtualHost 150.229.66.21:21>
ServerAdmin webmaster@xxx.domain
DocumentRoot /usr/local/apache/htdocs
ServerName www.domain
AddHandler cgi-script cgi
ProxyPass / ftp://www-ge.domain/
ProxyPassReverse / ftp://www-ge.domain/
ErrorLog logs/ftp.xxx.domain-error_log
CustomLog logs/ftp.xxx.domain-access_log combined
<Directory proxy:ftp://www-ge.domain.au/>
order allow,deny
allow from all
</Directory>
Options Indexes FollowSymlinks ExecCGI
</VirtualHost>
--------- snip --------
but this seemed to have no effect. The access log as defined above is full
of these sorts of lines:
aaaa.bbbb.cccc.dddd - - [29/Jun/2004:12:33:59 +1000] "quit" 501 318 "-" "-"
Tony
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Re: Proxypass of FTP via apache 2 - is it possible?
Posted by Joshua Slive <js...@gmail.com>.
On Wed, 30 Jun 2004 01:56:38 +1000 (EST), Tony at Bluehaze
<to...@bluehaze.com.au> wrote:
> Aha - the penny is starting to fall. So with proxy_ftp, I shouldn't
> have apache *listening* on port 21 at all - I need a std virt host
> container called (eg) ftp.blah which then proxies thru to the FTP machine?
Right.
>
> Sorry to keep pounding on this - but what proxy lines would u use to make
> that happen? The doco in this area is still pretty sparse. Would we use
> proxypass or what?
NameVirtualHost *:80
<VirtualHost *:80>
ServerName ftp.proxy.example.com
ProxyPass / ftp://internal.example.com/
</VirtualHost>
(ProxyPassReverse is irrelevant since there will be no HTTP headers to rewrite.)
Then the client makes requests like http://ftp.proxy.example.com/dir/file
Note that you'll need a very recent version of apache, since there
were some fixes in this area. And also, as I mentioned, I've never
done this myself so I can't guarentee that it works. But the idea
sounds right.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
[users@httpd] Re: Proxypass of FTP via apache 2 - is it possible?
Posted by Tony at Bluehaze <to...@bluehaze.com.au>.
On Tue, 29 Jun 2004, Joshua Slive wrote:
> Yes, this should work (although I've never done it myself). Just to
> be clear: the client would need to make an http request (not
> ftp://whatever) and then your reverse proxy could map that to the ftp
> server.
>
> Joshua.
Aha - the penny is starting to fall. So with proxy_ftp, I shouldn't
have apache *listening* on port 21 at all - I need a std virt host
container called (eg) ftp.blah which then proxies thru to the FTP machine?
Sorry to keep pounding on this - but what proxy lines would u use to make
that happen? The doco in this area is still pretty sparse. Would we use
proxypass or what?
Tony
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Re: Proxypass of FTP via apache 2 - is it possible?
Posted by Joshua Slive <js...@gmail.com>.
On Wed, 30 Jun 2004 01:32:23 +1000 (EST), Tony at Bluehaze
<to...@bluehaze.com.au> wrote:
>
> New (desired) arrangement:
>
> Browser <-|-> Apache <-|-> IIS server (running both HTTP:80 and FTP:21)
>
> In other words, as you put it - "allow apache to act as an FTP client in
> order to grab contents from an FTP server and deliver them to an HTTP client".
>
> I gather from what you say that the data fetched from the FTP client will be
> transformed on the way though into a standard web page for browser display?
> (In much the same way as apache shows directory listings?)
>
> Meaning that a standard FTP session won't work through it?
>
> But it may still be useful. A rendered web page may still allow clients
> to download files from the FTP system, even if uploading is not possible.
> If so, I'd still be interested if anyone knows how to fire this up.
Yes, this should work (although I've never done it myself). Just to
be clear: the client would need to make an http request (not
ftp://whatever) and then your reverse proxy could map that to the ftp
server.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
[users@httpd] Re: Proxypass of FTP via apache 2 - is it possible?
Posted by Tony at Bluehaze <to...@bluehaze.com.au>.
On Tue, 29 Jun 2004, Joshua Slive wrote:
> Apache will *not* act as an FTP server (without the use of third-party
> modules). The FTP proxy support will only allow apache to act as an
> FTP client in order to grab contents from an FTP server and deliver
> them to an HTTP client. In other words, you cannot point an FTP
> client at apache and expect apache to respond.
>
> Joshua.
Thanks Joshua,
That does sound close, though. That is, to move from:
Current arrangement:
Browser <-|-> IIS server (running both HTTP:80 and FTP:21)
where users currently access the IIS server for both web *and* anon FTP to:
New (desired) arrangement:
Browser <-|-> Apache <-|-> IIS server (running both HTTP:80 and FTP:21)
In other words, as you put it - "allow apache to act as an FTP client in
order to grab contents from an FTP server and deliver them to an HTTP client".
I gather from what you say that the data fetched from the FTP client will be
transformed on the way though into a standard web page for browser display?
(In much the same way as apache shows directory listings?)
Meaning that a standard FTP session won't work through it?
But it may still be useful. A rendered web page may still allow clients
to download files from the FTP system, even if uploading is not possible.
If so, I'd still be interested if anyone knows how to fire this up.
Tony
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Proxypass of FTP via apache 2 - is it possible?
Posted by Joshua Slive <js...@gmail.com>.
On Wed, 30 Jun 2004 00:55:46 +1000 (EST), Tony at Bluehaze
<to...@bluehaze.com.au> wrote:
> But a new target I had to add last week (an IIS box) also requires FTP access
> (anonymous). So I added a new virt host block for it, and the proxypass
> fired up immediately for HTTP, but I can't get FTP proxying to go. I've just
> spent the last 3 days searching everywhere for any references to the use of
> ftp_proxy, but found very little.
Apache will *not* act as an FTP server (without the use of third-party
modules). The FTP proxy support will only allow apache to act as an
FTP client in order to grab contents from an FTP server and deliver
them to an HTTP client. In other words, you cannot point an FTP
client at apache and expect apache to respond.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org