Web browsers support access to FTP servers by using URLs beginning with ftp:. If no proxy is configured for FTP in the browser parameters, the browser accesses FTP servers using the native FTP protocol. Such communication can be mediated by a transparent FTP proxy. Another situation is the non-transparent case, when a proxy for FTP is specified in the browser settings. Then the browser communicates with the proxy using the HTTP protocol, rather than FTP. Hence, the communication is processed by the HTTP proxy, which gets a URL starting with ftp:. The proxy must act as a FTP client, contact an FTP server, and send the result to the browser via HTTP. The HTTP proxy does not support FTP directly. Instead, it communicates with the FTP proxy using an internal protocol^[29]. The FTP proxy handles the FTP part of the communication.

Both http-proxy(8) and ftp-proxy(8) need to be reconfigured in order to cooperate in the processing of ftp: requests from Web browsers. In the ftp-proxy section, a new non-transparent listening socket should be added to the listen-on section. The two proxies run on the same system and they communicate via the loopback interface. Hence, the socket for HTTP-FTP cooperation listens on the localhost address and on an arbitrarily chosen port. It is necessary to allow connections from the HTTP proxy to the FTP proxy by adding a system-level acl and to tell the FTP proxy in the corresponding session-acl that it should expect requests from the HTTP proxy instead of the standard FTP. The HTTP proxy must be told to pass FTP requests to the FTP proxy by adding a ftp-proxy item to section http-proxy.

Figure 5.38. Cooperation of HTTP and FTP

An example of FTP and HTTP configuration is shown in Figure 5.38, “Cooperation of HTTP and FTP”. Port 8022 has been chosen and stored in variable HTFTP_PORT. A new acl HTFTP section has been created, which permits connections in the FTP proxy from the local host to the HTFTP port on the local host. In the ftp-proxy FTP section, the FTP proxy is switched (by item htftp-mode) to the HTFTP mode for connections accepted on the HTFTP socket. The HTTP proxy is instructed how to contact the FTP proxy by item ftp-proxy. The complete resulting configuration can be found in file /usr/local/kernun/conf/samples/cml/htftp.cml. After applying these configuration changes and restarting the HTTP and FTP proxies, it should be possible to set the HTTP proxy as the proxy for FTP in the Web browser and to start using ftp: URLs.