FTP Reverse Proxy

scgsg · July 20, 2015, 01:48:06 PM

Can anyone help with mod_proxy_ftp? I've configured:

   ProxyRequests Off

   <Proxy *>
      Options +Indexes
      Order deny,allow
      Allow from all
   </Proxy>

   ProxyPass /ftp ftp://IpToServer:21/
   ProxyPassReverse /ftp ftp://IpToServer:21/

When i go the site it askes for authentication as expected and after entering the username and password I get 404 error instead of directory list of ftp root. I dont see any errors in the logs (I've looked at debug and error log level). Have i missed something? or is there a way to track down the error?

mario · July 20, 2015, 04:43:10 PM

I used your config, butI had to change the Oder and Allow part to the current 2.4 config style

Code Select


ProxyRequests Off

   <Proxy *>
		Options +Indexes
		Require all granted
   </Proxy>

   ProxyPass /ftp ftp://127.0.0.1:21/
   ProxyPassReverse /ftp ftp://127.0.0.1:21/

That works with filezilla ftp server.

Since you get a 404 I assume that the ftp server config has a wrong path in the config.

it would help to see the access log from apache to see what is wrong and why you get the 404.

scgsg · July 21, 2015, 02:36:34 PM

Messing around with it and looking into the access log, i get:

192.168.0.1 - Username [21/Jul/2015:13:23:06 +0100] "GET /ftp HTTP/1.1" 200 758 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36"

192.168.0.1 - - [21/Jul/2015:13:23:25 +0100] "GET /ftp HTTP/1.1" 401 690 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36"

Second one is 401 error but to get past username/password dialogue, a valid username and password has to be entered so something further along is denying access. Webserver to ftp server? Any ideas on how to resolve this?

mario · July 21, 2015, 05:25:27 PM

The 401 is the question for credentials, but what is after that? Which FTP server do you use?

scgsg · July 22, 2015, 09:12:51 AM

Nothing related to this is shown in log, and its Windows role/feature.

mario · July 22, 2015, 11:42:45 AM

can you please do a

Code Select

httpd.exe -M

mario · July 22, 2015, 12:00:14 PM

Is there anything in the windows event log about that?

scgsg · July 22, 2015, 03:27:30 PM

httpd command doesnt work for me but if you wanted the loaded modules its:
core_module (static)
so_module (static)
watchdog_module (static)
http_module (static)
log_config_module (static)
logio_module (static)
version_module (static)
unixd_module (static)
access_compat_module (shared)
alias_module (shared)
auth_basic_module (shared)
auth_kerb_module (shared)
authn_core_module (shared)
authn_file_module (shared)
authz_core_module (shared)
authz_groupfile_module (shared)
authz_host_module (shared)
authz_user_module (shared)
autoindex_module (shared)
cgi_module (shared)
deflate_module (shared)
dir_module (shared)
env_module (shared)
filter_module (shared)
mime_module (shared)
mpm_prefork_module (shared)
negotiation_module (shared)
php5_module (shared)
proxy_module (shared)
proxy_ftp_module (shared)
reqtimeout_module (shared)
rewrite_module (shared)
setenvif_module (shared)
socache_shmcb_module (shared)
ssl_module (shared)
status_module (shared)

Event log doent seem to show anything but the ftp service log shows:

2015-07-22 12:55:13 IPofApacheServer - IPofFTPServer 21 ControlChannelOpened - - 0 0 768265ca-56be-49fc-8dd9-4b138bd11297 -
2015-07-22 12:55:13 IPofApacheServer - IPofFTPServer 21 USER anonymous 331 0 0 768265ca-56be-49fc-8dd9-4b138bd11297 -
2015-07-22 12:55:13 IPofApacheServer - IPofFTPServer 21 PASS apache-proxy@ 530 1326 42 768265ca-56be-49fc-8dd9-4b138bd11297 -
2015-07-22 12:55:13 IPofApacheServer - IPofFTPServer 21 ControlChannelClosed - - 0 0 768265ca-56be-49fc-8dd9-4b138bd11297 -
2015-07-22 12:55:27 IPofApacheServer - IPofFTPServer 21 ControlChannelOpened - - 0 0 5d9642d5-aa3e-4e2d-82a5-3971914703e3 -
2015-07-22 12:55:27 IPofApacheServer - IPofFTPServer 21 USER username 331 0 0 5d9642d5-aa3e-4e2d-82a5-3971914703e3 -
2015-07-22 12:55:27 IPofApacheServer domain\username IPofFTPServer 21 PASS *** 230 0 0 5d9642d5-aa3e-4e2d-82a5-3971914703e3 /
2015-07-22 12:55:27 IPofApacheServer domain\username IPofFTPServer 21 EPSV - 229 0 0 5d9642d5-aa3e-4e2d-82a5-3971914703e3 -
2015-07-22 12:55:27 IPofApacheServer domain\username IPofFTPServer 58190 DataChannelOpened - - 0 0 5d9642d5-aa3e-4e2d-82a5-3971914703e3 -
2015-07-22 12:55:27 IPofApacheServer domain\username IPofFTPServer 21 PWD - 257 0 0 5d9642d5-aa3e-4e2d-82a5-3971914703e3 -
2015-07-22 12:55:27 IPofApacheServer domain\username IPofFTPServer 21 TYPE A 200 0 0 5d9642d5-aa3e-4e2d-82a5-3971914703e3 -
2015-07-22 12:55:27 IPofApacheServer domain\username IPofFTPServer 58190 DataChannelClosed - - 0 0 5d9642d5-aa3e-4e2d-82a5-3971914703e3 -
2015-07-22 12:55:27 IPofApacheServer domain\username IPofFTPServer 21 LIST -lag 226 0 0 5d9642d5-aa3e-4e2d-82a5-3971914703e3 /
2015-07-22 12:55:27 IPofApacheServer domain\username IPofFTPServer 21 QUIT - 221 0 0 5d9642d5-aa3e-4e2d-82a5-3971914703e3 -
2015-07-22 12:55:27 IPofApacheServer domain\username IPofFTPServer 21 ControlChannelClosed - - 0 0 5d9642d5-aa3e-4e2d-82a5-3971914703e3 -

mario · July 23, 2015, 11:34:30 AM

USER anonymous ? Are you sure the client is sending the correct data? Did you try different browsers? For me with Firefox it works.

scgsg · July 24, 2015, 12:53:17 PM

Quote from: mario on July 23, 2015, 11:34:30 AM
USER anonymous ? Are you sure the client is sending the correct data? Did you try different browsers? For me with Firefox it works.

Tested this with anon and user creds, neither worked. The result seems the same with only difference is that with anon turned off on the ftp server, you get a request to login.

Not sure what you mean about sending the correct data, if you're asking am I use the correct user creds, the answer is yes. I know its right because the login request will only accept valid user creds.

I've tested in IE and Chrome, result is the same for both.