Cannot connect to FTP site through HTTP proxy

Message

fab · #1 Post by **fab** » 2004-05-12 17:54

I installed Filezilla on a machine behind a firewall. Access to HTTP and FTP is only possible through an HTTP proxy.

I configured Filezilla to use the HTTP proxy. It fails. If I use Internet Explorer with an ftp:// URL, it works.

From an Ethereal dump, I saw that Filezilla sends CONNECT <site name>:21 to the proxy, while IE sends GET ftp://<site name>/ . The proxy then sends the 200 OK reply to IE, while Filezilla gets a 302 Redirected (the URL to which the request is redirected, browsed with IE, says that proxy blocked access).

So, maybe Filezilla should use a plain GET, or allow the user to choose between GET and CONNECT.

#2 Post by **botg** » 2004-05-12 17:59

Using CONNECT, the HTTP proxy acts as tunnel, using GET the proxy acts as FTP to HTTP gateway.
But FileZilla is a FTP client and does not support the HTTP protocol the proxy uses on GET.
Please configure your proxy to allow CONNECT or use a true ftp proxy.

neal · #3 Post by **neal** » 2004-07-23 18:49

If you don't support the HTTP protocol then why does the Proxy Settings page have a choice "HTTP 1.1 proxy". (I don't see this choice in any of the documentation, but it is present in the GUI.) I assume that this choice uses basic authentication (send user/pwd in the clear) as opposed to NTLM. There's another thread asking about NTLM authentication to the proxy server. Is this something that you see as a possibility?

FZ is great (and would be better if I could use it at work through our proxy server that only allows NTLM authentication).. Thanks!

#4 Post by **botg** » 2004-07-24 10:46

FileZilla does support one specific method of the HTTP protocol.

In order to use the other methods, FileZilla would have to have an HTML parser, since most http proxies to return HTML pages if using for example the GET option.

polo23 · #5 Post by **polo23** » 2004-09-15 15:04

I encounter the same problem.

Do you think this html piece of work could be put on the todo list, in order to have the GET method ?

"wget" does get through such a proxy. and wget is quite a lightweight app

By the way, the proxy is Squid.

#6 Post by **botg** » 2004-09-15 16:12

To support GET, FZ would have to be a complete HTTP client. So that won't be implemented soon. *May* be a project for the distant future.

polo23 · #7 Post by **polo23** » 2004-09-15 16:24

Would you know if authorizing a connect method to port 21 is of any security concern ?

#8 Post by **botg** » 2004-09-15 16:42

Any internet access, regarding of used port or protocol is a security concern, even normal GET on port 80. Everything can be encoded in the GET command or in the reply.

There is no reason not to allow CONNECT if you allow GET.

pritchag · #9 Post by **pritchag** » 2008-11-25 23:07

For those of you who have an HTTP proxy configured to allow only NTLM authentication and allows you to use HTTP CONNECT:

You can use a tool called cntlm that will allow you to set up a local proxy that does NOT require NTLM authentication, that will pass any requests you send to it through your corporate proxy with NTLM authentication. You just need to set up FileZilla to point to the local proxy.

Check out http://cntlm.awk.cz/.

This allow you to use any application that supports HTTP proxy but not NTLM authentication.

Hope this helps somebody!

FileZilla Forums

Cannot connect to FTP site through HTTP proxy

Cannot connect to FTP site through HTTP proxy

Re: Cannot connect to FTP site through HTTP proxy