Bug 234884

Summary:	www-servers/apache-2.2.9 mod_proxy_ftp fails if EPSV target is inaccessible
Product:	Gentoo Linux	Reporter:	Christopher Head <bugs>
Component:	[OLD] Server	Assignee:	Apache Team - Bugzilla Reports <apache-bugs>
Status:	RESOLVED UPSTREAM
Severity:	normal	CC:	pchrist
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:
Package list:		Runtime testing required:	---

Description Christopher Head 2008-08-16 07:01:39 UTC

When receiving a request for a proxied FTP URL, mod_proxy_ftp attempts to retrieve the file by means of EPSV. The remote server accepts the EPSV command and returns an IP address and port to connect to. The proxy attempts to connect the target. The intervening firewall does not understand EPSV and refuses to allow the connection. The proxy request fails.

Reproducible: Always

Steps to Reproduce:
1. Configure mod_proxy to proxy FTP requests.
2. Put the proxy behind a strict firewall that restricts outbound connections.
3. Attempt to retrieve a file from an FTP server that supports EPSV.

Actual Results:  
The retrieval fails as noted above.

Expected Results:  
mod_proxy_ftp should observe that the data connection failed and try again using PASV, which the intervening firewall understands. Alternatively, a configuration option should be included in mod_proxy_ftp to disable EPSV.

Comment 1 Benedikt Böhm (RETIRED) gentoo-dev

2008-10-25 13:13:50 UTC

please report this bug upstream, or attach a patch to fix this problem

Comment 2 Christopher Head 2008-10-26 20:24:35 UTC

Upstream already has a report on a similar issue (https://issues.apache.org/bugzilla/show_bug.cgi?id=35280) which has been around for over a year and still hasn't had its patch integrated. Will close this bug once that one is fixed, assuming it includes my issue.