Proxy servers keep botching FTP anonymous login

Proxy servers keep botching FTP anonymous login

Post by Georg Buehle » Wed, 19 Nov 1997 04:00:00



Hi,

I maintain an FTP server, which serves as an archive for a number of
software demos. We're using ncftpd. Most people download from this archive
by going to a web page, and clicking a link to the particular FTP URL for a
demo.

Most of the time this works just fine. But occasionally, somebody who is
connected to the web via a proxy server will try to download something from
my archive and get the following message from their proxy server: "Couldn't
access remote site -- the user name was rejected."

Invariably, if I get these people to manually log in through a simple FTP
client, they can download. It's only when they try to let their web client
do the anonymous connection that they run into trouble. I am assuming that
for some reason the proxy server is not using the username "anonymous" when
it tries to connect to my FTP server. I have no idea why.

This problem pops up enough that I have to address the issue. Those who
experience problems (including my own remote developers) insist that they
never have difficulties with other ftp sites, just mine. So I can't just
blame it all on the proxy server configuration . . . I must be doing
_something_ different from everyone else.

Can anyone shed some light on this? I would settle for a hack workaround if
a true solution does not exist.

--Georg Buehler
Elsinore Technologies, Inc

 
 
 

Proxy servers keep botching FTP anonymous login

Post by Marc Slemk » Wed, 19 Nov 1997 04:00:00



Quote:>Hi,
>I maintain an FTP server, which serves as an archive for a number of
>software demos. We're using ncftpd. Most people download from this archive
>by going to a web page, and clicking a link to the particular FTP URL for a
>demo.
>Most of the time this works just fine. But occasionally, somebody who is
>connected to the web via a proxy server will try to download something from
>my archive and get the following message from their proxy server: "Couldn't
>access remote site -- the user name was rejected."

What do your logfiles say for your ftp server?

What is the name of the ftp server so people can try and see?

What proxy are people using when they have trouble?

Could be the proxy using "ftp" instead of "anonymous" and your



 
 
 

Proxy servers keep botching FTP anonymous login

Post by Tero Peland » Fri, 21 Nov 1997 04:00:00


...

Quote:>Invariably, if I get these people to manually log in through a simple FTP
>client, they can download. It's only when they try to let their web client
>do the anonymous connection that they run into trouble. I am assuming that
>for some reason the proxy server is not using the username "anonymous" when
>it tries to connect to my FTP server. I have no idea why.

The reason is simple. Your ftp server _requires_ a password that
looks like a real email address for user anonymous. For example some


fullfill it. (At least wu-ftpd is quite happy with those as it can supply
the end itself.)
 
 
 

Proxy servers keep botching FTP anonymous login

Post by Georg Buehle » Tue, 25 Nov 1997 04:00:00


My thanks to those who proposed solutions to my problem. I did manage to
figure out what was going on.

Your suggests were really close to the actual cause. I was using ncftpd,
which has a configuration option that will completely skip the prompt for
password when username "anonymous" is used. The browsers kept trying to pass
both username and password when the server did not expect it. When I changed
the configuration back to prompting for a password, everything went fine.

Doh!

Thanks again for you help.

--Georg


>Hi,

>I maintain an FTP server, which serves as an archive for a number of
>software demos. We're using ncftpd. Most people download from this archive
>by going to a web page, and clicking a link to the particular FTP URL for a
>demo.

>Most of the time this works just fine. But occasionally, somebody who is
>connected to the web via a proxy server will try to download something from
>my archive and get the following message from their proxy server: "Couldn't
>access remote site -- the user name was rejected."

>Invariably, if I get these people to manually log in through a simple FTP
>client, they can download. It's only when they try to let their web client
>do the anonymous connection that they run into trouble. I am assuming that
>for some reason the proxy server is not using the username "anonymous" when
>it tries to connect to my FTP server. I have no idea why.

>This problem pops up enough that I have to address the issue. Those who
>experience problems (including my own remote developers) insist that they
>never have difficulties with other ftp sites, just mine. So I can't just
>blame it all on the proxy server configuration . . . I must be doing
>_something_ different from everyone else.

>Can anyone shed some light on this? I would settle for a hack workaround if
>a true solution does not exist.

>--Georg Buehler
>Elsinore Technologies, Inc


 
 
 

1. Where is Anonymous FTP user login log kept ?

|> I can't see where in the ftpd man page that it might say where a log
|> is kept of anonymous ftp usage.   Does anyone know where it is kept?
|> Do I have to do something to turn it on?   Where is it documanted?

From ftpd(8):

     If the -d option is specified, debugging information is
     written to the syslog.
                    ^^^^^^

     If the -l option is specified, each ftp session is logged in
     the syslog.
         ^^^^^^

SEE ALSO
     ftp(1C), getusershell(3), syslogd(8)
                               ^^^^^^^^^^

What this doesn't tell you is that ftpd uses the "daemon" facility for doing
its logging; this is, however, documented in syslog(3), which is referenced by
syslogd(8).

Of course, all of this is a ridiculous amount of link chasing just to find out
that you need to modify your syslog.conf in order to log daemon messages in
order to capture ftpd logging; the fact that ftpd uses the "daemon" facility
should probably be mentioned explicitly in the ftpd(8) man page.

--

MIT Information Systems/Athena              Moderator, news.answers
    (Send correspondence related to the news.answers newsgroup
        {and ONLY correspondence related to the newsgroup}

2. conqueror window size

3. allow ftp server anonymous login

4. CPU Utilization

5. ~/ftp/pub owner of an anonymous ftp server

6. UNIX GURUS : Urgent help please....

7. Anonymous and non-anonymous proxies

8. Viper 330 - What's better for XF86?

9. HTTP proxy fails with anonymous FTP

10. How to set up ftp-proxy for connexions to a NATed FTP server on OBSD 2.9 ?

11. FTP cache server for linux FTP proxy?

12. Apache's proxy keeps ftp connections

13. ftp client proxy ms proxy firewall http proxy unix