[NET-719] FTPS timing issues behind WAF (F5) firewall - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Open
Priority: Major
Resolution: Unresolved
Affects Version/s: 3.9.0
Fix Version/s: None
Component/s: FTP
Labels:
None

Flags:

Patch

Description

A working data exchange setup stopped working, after the server (vsftpd / RedHat) was moved behind a WAF (F5) web application firewall. The client uses PASV mode and the operation resulted in a socket timeout on the client side, as soon as the data channel came into play (LIST/RETR/STOR).

A FileZilla client does not exhibit this problem. By looking at the protocol exchanges and laying them down in timing diagrams the problem seems to be, that the WAF expects the client to fully establish the data-channel, after the data-command is send over the control-channel. The current FTPS client on the other hand expects the server reply directly after the command is sent.

A pull request will be provided.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

FTPSClient_RETR_Timing_diagram_current_impl-1.png
14/Mar/23 11:14
44 kB
Stefan Kuhr
FTPSClient_RETR_Timing_diagram_problem.png
14/Mar/23 11:14
44 kB
Stefan Kuhr
FTPSClient_RETR_Timing_diagram_solution.png
14/Mar/23 11:14
44 kB
Stefan Kuhr

Activity

People

Assignee:: Unassigned

Reporter:: Stefan Kuhr

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 14/Mar/23 11:28

Updated:: 23/Jun/23 04:15