FileZilla Forums

Server does claim it supports MLSD, see FEAT response.

The 'Compliance level' feat is sent only by few servers, it's no part of the official FEAT response. Filezilla can't rely on it.
If the server claims to support MLSx, it must support the latest version (there are no such things as version numbers for FEAT).
But still, Filezilla should have a fallback option, either automatically (detect nonconform lists) or manually (user forces LIST).

After reading this thread, I'm not convinced alienating the users of this [awesome, free] software is the best approach. There are valid concerns for disabling that command even if a server considers it valid.

Case in point - a Checkpoint firewall will not permit the MLSD command. It doesn't give a hollar or hoot about what server and client you are using on either end. You put filezilla in front of that firewall, with a server that *does accept* MLSD commands behind the firewall, and you've now castrated those filezilla users, despite the client and server agreeing. There's a good case for falling back when it's out of the control of the client *and* server.

From a purely PC standpoint, wouldn't it be better to allow an override or fallback to accomodate such conditions instead of throwing RFCs in the face of certain products? What about IPS systems and the link that scan FTP traffic and disallow in similar fashion?

That firewall is broken and needs to be fixed.

I don't know squat about the standards that have been quoted here. I don't have a clue who to contact about upgrading a server or even where that server might be. I use FileZilla as a tool and I haven't the foggiest how it works behind its very user friendly interface.

Having said that, all I know is that the previously very friendly FileZilla user interface has let me down and will no longer allow me to do my work. Personally, I have no choice but to find another FTP client -- even if I have to pay for it.

For those of you who are developers of FileZilla -- You have done a GREAT job. It is a fantastic tool (back in the days when it worked for me) and I have nothing but respect for all of you. I only wish that you would remember the end user when racing to include the latest standards. In real life, many servers do not have fulltime admins to make these upgrades and for many who are admins, it is just another task assigned to them to juggle while doing their real job. Unfortunately, we are not all computer savvy out here.

I do care very much about the users of FileZilla. That is why on servers not supporting MLSD, LIST gets used still. However if the server actively advertises MLSD support yet it doesn't work, then it clearly isn't my fault. Likewise, if some firewall prevents MLSD yet doesn't change the FEAT response accordingly, that firewall is broken and needs to be fixed.

Millions of users and only a handful of users is reporting problems. A very vocal minority though.

If the firewall does'nt know about MLSD, and broke it because it cannot handle it, it does not mean that the firewall is broken, it only means that the firewall only support FTP and not FTP extensions, and can thus only be used with FTP softwares able to use standard ftp without extension... with a single option Filezilla could be compatible...

When i use filezilla, i would be glad to be able to choose to only use FTP standard protocol and not any further extension...

If i told you that a firewall allow only unencrypted FTP connections, but filezilla refuse to connect unencrypted because the server told that it can *also* use encrypted connection, did you still think that the firewall is broken ? My point of view is that the user must configure his software to comply his internet connexion, and thus that the software used should be able to be configured...

Then why didn't the firewall filter out unknown extensions from the FEAT reply?



Same thing, firewall would have to filter the advertised features.

Besides, a firewall that only allows unencrypted connections, that's scary.

Maybe because FEAT command is not part of the FTP protocol, but only extension, and thus a firewall only supporting FTP may not know this command and just ignore it... I know that a good firewall *should* discard any unknown command, but it's not the point here to judge if a firewall is good or not, nor to tell that a firewall is broken just because it does not do it.

The only interesting point here is to allow or not filezilla to work in a "standard FTP" mode, without extensions, the reasons "why to do it" are multiple, i see personnaly in this thread a couple of fully valid reasons, now you have the right to have a different opinion, i respect that, but please at least stop arguing only by telling any "ftp only" component is broken because it's not compatible with extensions provided in RFC 3659.

When you need to use PASV because your are behind some NAT router, even if the server told that it can work without PASV, the user does not expect an answer telling him "change your router", but only an answer telling him where to change the PASV config in Filezilla, it's exactly the same here : nobody say that it's the fault of Filezilla if in some situations MLSD does not work, nobody want to know if the firewall is bad, if the server is bad, we just want to be able to disable MLSD wich is not part of the FTP protocol.

Your broken firewall doesn't ignore it, it passes it through unfiltered.



Stop using your stupid firewall then, it's not part of the FTP protocol.

I'm usually a very calm person, but I'm short of smashing things due to your irrational reluctance to fix broken servers and firewalls. Closing this topic before I go insane.