HTTP Proxy Access for ftp://

The HTTP proxy relays access for the ftp:// method to the FTP proxy. This approach enables users of the browser to list directories and download files. Most often, this facility is used in conjunction with URLs embedded in web content that is designed to facilitate file downloading.

The standard form of an ftp:// method URL is as follows:

ftp://user:passwd@host:/dir...type

The user, passwd, and type are optional (and not often used by ftp:// method references.) The list of dir components specifies path name of the reference. Note that SunScreen does not implement the port option for ftp:// URLs.

The default behavior of the user and passwd references is to use anonymous FTP. A typical URL would then look like:

ftp://codebloat.com/pub/dwnlds/exploder5.exe

Control over the defaulting of user and passwd is obtained using three variables -- FtpPwdDomain, FtpPwdUser, and FtpUser -- each of which is described below.

FtpPwdDomain contains the following items:

• sys=screen (optional)

• prg=http

• name=FtpPwdDomain

• value=domain - domain is used in creating an anonymous password.

• description="descriptive text" (optional)

• enabled | disabled - The default is disabled.

  This variable (if not found or disabled) in the HTTP proxy defaults at run-time to the domain name of the Screen (for example, the output of the Solaris defaultdomain command).

FtpPwdUser contains:

• sys=screen (optional)

• prg=http

• name=FtpPwdUser

• value=user - user is used in creating an anonymous password. The default is webproxy..

• description="descriptive text" (optional)

• enabled | disabled - The default is enabled.

  The HTTP proxy uses this variable, in conjunction with the (perhaps defaulted) value of FtpPwdDomain to construct an anonymous password of the form:

  @FtpPwdUser@FtpPwdDomain

  If the passwd supplied in the URL is a string that contains no @ characters (encoded as  %40), then that passwd string takes the place of the value of FtpPwdUser in the anonymous password construction. Thus the URL:

  ftp://:bob@codebloat.com/pub/dwnlds/exploder5.exe

  enables designating the user bob for the user portion of the anonymous password (for example, @bob@FtpPwdDomain).

  The value of FtpPwdUser can be changed to redirect potential email responses from FTP servers to an appropriate storage receptacle.

FtpUser contains:

• sys=screen (optional)

• prg=http

• name=FtpUser

• value=proxyuser - proxyuser is used in anonymous access. The default is anonymous.

• description="descriptive text" (optional)

• enabled | disabled - The default is enabled.

  This variable does not normally need to be altered unless the identity of the predefined user anonymous in the Screen's proxyuser database has been changed.

  In addition to the anonymous usage, it is possible to download using authenticated users through the FTP proxy using the ftp:// method. An example URL is:

  ftp://proxyuser:proxypass%40serverpass@server/README.TXT

  This performs an operation identical to a direct interaction with the FTP proxy, supplying the user as proxyuser@server and the password as proxypass@serverpass.

T:o enable the HTTP proxy to use the ftp:// method, one or more rules are needed to allow the HTTP proxy itself to be a client of the FTP proxy. The HTTP proxy always connects to the FTP proxy using the LOOPBACK (127.0.0.1) address. So, for example, to enable the ftp:// method anonymous access to "outside" web servers

edit> add address outside ...
edit> add address local127 RANGE 127.0.0.1 127.255.255.255 ...
edit> add rule ftp local127 outside ALLOW PROXY_FTP USER anonymous FTP_GET FTP_CHDIR

This enables anonymous FTP through the proxy for any user on the Screen itself as well.