Explicit Proxy: FTP over HTTP

The Explicit Proxy can examine FTP connections sent over HTTP (also known as Web FTP). For example, when you use FTP over HTTP, you specify a web URL in the format ftp://ftp.example.com/path or ftp://user:[email protected]/path/.

The Explicit Proxy connects to the destination server with native FTP commands to get a directory listing or file, and then sends the data to the client in an HTTP response.

The initial HTTP request is subject to the rules configured in the Explicit Proxy. The Firebox then uses the FTP protocol through the specified FTP-proxy action, and any standard FTP-proxy action rules apply. The final HTTP response to the client is not sent through the Explicit Proxy action.

If you use the Explicit Proxy for connections to your network, you can force your users to authenticate before they can connect to your network. When you enforce authentication in the Explicit Proxy, unauthenticated connections are redirected to the Firewall authentication page. For more information about how to configure Firewall authentication, see Firewall Authentication.

Configure Explicit Proxy

  1. Select Firewall > Firewall Policies.
    The Firewall Policies page appears.
  2. Click Add Policy.
    The Add Firewall Policy page appears.
  3. Select Proxies.
  4. From the Proxies drop-down list, select Explicit-proxy.

Screen shot of the Add Firewall Policy page

  1. Click Add Policy.
  1. Select Edit > Add Policy.
    The Add Policies dialog box appears.
  2. Expand the Proxies list.
  3. Select Explicit-proxy.

Screen shot of the Add Policies dialog box, with the Explicit-policy selected

  1. Click Add Policy.

Configure a Proxy Action for the Explicit Proxy

When you add the Explicit-proxy policy, the predefined proxy action Explicit-Web.Standard is automatically selected. Because you cannot edit a predefined proxy action, you must clone the proxy action and then configure the settings for the cloned proxy action.

  1. On the Explicit Proxy Add Policy page, select the Proxy Action tab.
    The Proxy Action page appears, with all the category settings tabs.
    If (predefined) appears adjacent to the Proxy Action drop-down list, you must clone the proxy action before you can configure the proxy action settings.
  2. From the Proxy Action drop-down list, select Clone the current proxy action.
    The page refreshes and the cloned proxy action appears, with all the options available. By default, the name of the cloned proxy action is Explicit-Web.Standard.1.
  3. To change the name of the cloned proxy action, in the Name text box, type a new descriptive name for the proxy action.
  4. From the Explicit Web Proxy tab drop-down list, select HTTP/FTP.
    The HTTP/FTP settings, Web FTP, and Captive Authentication settings appear.

Screen shot of the Explicit Proxy setting page, Proxy Action tab, HTTP/FTP settings

  1. In the Web FTP section, select the Allow FTP over HTTP check box.
  2. From the Proxy Action drop-down list, select an FTP proxy action to use for FTP over HTTP traffic.
  3. In the Default Login Credentials section, type a default User Name and Password to use for anonymous FTP connections.
  4. To force users to authenticate before they can connect to sites with the Explicit Proxy, select Enforce Authentication.
  5. Click Save.

When unauthenticated users connect to your network through the Explicit Proxy, they automatically are redirected to the Firewall authentication page.

  1. Select Setup > Actions > Proxies, select the Explicit-Web.Standard proxy action, and click Clone.
    Or, in the New Policy Properties dialog box for the Explicit-proxy policy, adjacent to the Proxy-action drop-down list, click the Clone Proxy icon.
    The Clone Explicit Web Proxy Action Configuration dialog box appears. By default, the name of the cloned proxy action is Explicit-Web.Standard.1.
  2. To change the name of the cloned proxy action, in the Name text box, type a new descriptive name for the proxy action.
  3. From the Categories tree, expand Explicit Web Proxy and select HTTP/FTP.
    The HTTP/FTP settings, Web FTP, and Captive Authentication settings appear.

Screen shot of the Clone Explicit Proxy Action Configuration dialog box, HTTP/FTP category settings

  1. In the Web FTP section, select the Allow FTP over HTTP check box.
  2. From the Proxy Action drop-down list, select an FTP proxy action to use for FTP over HTTP traffic.
  3. In the Default Login Credentials section, type a default User Name and Password to use for anonymous FTP connections.
  4. To force users to authenticate before they can connect to sites with the Explicit Proxy, select Enforce Authentication.

When unauthenticated users connect to your network through the Explicit Proxy, they automatically are redirected to the Firewall authentication page.

Related Topics

About the Explicit Proxy

Explicit Proxy: HTTP Web Proxy