All,
I m try to use a ftp connection through an HTTP proxy but i got always the following error when i try to retrieve data from the final destination.
I try to investigate the error
First of all i apply some change to the setProxy procedure some %parms checking are not correct
P FTP_setProxy B export
D PI 10i 0
D peProxy 256A varying const
D pePort 10i 0 const options(*nopass:*omit)
D peUser 2048A varying const options(*nopass:*omit)
D pePass 2048A varying const options(*nopass:omit)
C0N01Factor1+++++++Opcode&ExtFactor2+++++++Result++++++++Len++D+HiLoEq
c eval wkProxHost = peProxy
c eval wkProxPort = 0
c eval wkProxUser = ''
c eval wkProxPass = ''
c if %parms >= 4 and %addr(pePort) <> *null shoud be if %parms >= 2
c eval wkProxPort = pePort
c endif
c if %parms >= 5 and %addr(peUser) <> *null should be if %parms >= 3
c eval wkProxUser = peUser
c endif
c if %parms >= 6 and %addr(pePass) <> *null should be if %parms >= 4
c eval wkProxPass = pePass
c endif
c return 0
P E
After that this line under TCP_Conn seems are not correct . I see that pehost and peport are filled in with the PROXY ip not the final destination one
Pehost and Peport are coming from variable wwhost and wwport in subroutine try_epsv procedure ftptcp_getPeerAddr,
9016 5 * connect to remote site
9017 6 c if ftptcp_connect( wwSocket
9018 7 c : %trim(peHost)
9019 8 c : pePort
9020 9 c : wkProxHost
9021 0 c : wkProxPort
Can someone tell me how change this procedure ?
Thanks
Basilio Merlino
FTPAPI using HTTP Proxy
-
Scott Klement
- Site Admin
- Posts: 935
- Joined: Sun Jul 04, 2021 5:12 am
Re: FTPAPI using HTTP Proxy
Can you try downloading version 2.9 from the ftpapi website and see if it solves your problem?
https://www.scottklement.com/ftpapi/
I just updated it, so you may have to clear your browser cache to get the new version.
https://www.scottklement.com/ftpapi/
I just updated it, so you may have to clear your browser cache to get the new version.
Re: FTPAPI using HTTP Proxy
Hi Scott,
Unfortunately it does not work.
The problem is stil here
This instruction wwhost= ftptcp_getPeerAddr(peCtrlSock) under try_epsv begsr
retrive the PROXY host not the final destination so the value passed to return tcp_conn(wwHost: wwPort: wkTimeout) it's wrong, probably additional parameter should be passed
Unfortunately it does not work.
The problem is stil here
This instruction wwhost= ftptcp_getPeerAddr(peCtrlSock) under try_epsv begsr
retrive the PROXY host not the final destination so the value passed to return tcp_conn(wwHost: wwPort: wkTimeout) it's wrong, probably additional parameter should be passed
Re: FTPAPI using HTTP Proxy
Hi Scott,
At the moment i apply a workaround.
I force to use the PASV and not the EPSV . In the try_pasv subroutine the host name is correct
Thanks
c eval wkEnhSupp = *off
c if wkEnhSupp = *on
c exsr try_epsv
c endif
c if wkEnhSupp = *off
c exsr try_pasv
c endif
At the moment i apply a workaround.
I force to use the PASV and not the EPSV . In the try_pasv subroutine the host name is correct
Thanks
c eval wkEnhSupp = *off
c if wkEnhSupp = *on
c exsr try_epsv
c endif
c if wkEnhSupp = *off
c exsr try_pasv
c endif
Re: FTPAPI using HTTP Proxy
Hi Scott,
I have applied another change . I add to ftp_quit this line
c clear wkProxDS
Because if i start a new connection and the proxy don't needed it's does not work
Thanks
I have applied another change . I add to ftp_quit this line
c clear wkProxDS
Because if i start a new connection and the proxy don't needed it's does not work
Thanks
-
Scott Klement
- Site Admin
- Posts: 935
- Joined: Sun Jul 04, 2021 5:12 am
Re: FTPAPI using HTTP Proxy
If I understand you correctly, you want FTPAPI to make data connections directly to the final destination rather than going through the proxy.basim wrote: Thu Oct 09, 2025 10:13 am This instruction wwhost= ftptcp_getPeerAddr(peCtrlSock) under try_epsv begsr
retrive the PROXY host not the final destination so the value passed to return tcp_conn(wwHost: wwPort: wkTimeout) it's wrong, probably additional parameter should be passed
I don't think that's a good idea, in general. Data connections should be made through the proxy, that's one of the purposes behind having a proxy to begin with. Many shops don't allow direct access to the final destination, they block it within their firewall and only allow access througth the proxy.
I guess we could make it an additional parameter, but I'm very skeptical.
Perhaps a better option is to provide an easy way to disable EPSV?
-
Scott Klement
- Site Admin
- Posts: 935
- Joined: Sun Jul 04, 2021 5:12 am
Re: FTPAPI using HTTP Proxy
If I understand you correctly, you want FTPAPI to make data connections directly to the final destination rather than going through the proxy.basim wrote: Thu Oct 09, 2025 10:13 am This instruction wwhost= ftptcp_getPeerAddr(peCtrlSock) under try_epsv begsr
retrive the PROXY host not the final destination so the value passed to return tcp_conn(wwHost: wwPort: wkTimeout) it's wrong, probably additional parameter should be passed
I don't think that's a good idea, in general. Data connections should be made through the proxy, that's one of the purposes behind having a proxy to begin with. Many shops don't allow direct access to the final destination, they block it within their firewall and only allow access througth the proxy.
I guess we could make it an additional parameter, but I'm very skeptical.
Perhaps a better option is to provide an easy way to disable EPSV?
I'm curious what the server is sending you in response to the EPSV command. Can you provide that?
-
Scott Klement
- Site Admin
- Posts: 935
- Joined: Sun Jul 04, 2021 5:12 am
Re: FTPAPI using HTTP Proxy
If I understand you correctly, you want FTPAPI to make data connections directly to the final destination rather than going through the proxy.basim wrote: Thu Oct 09, 2025 10:13 am This instruction wwhost= ftptcp_getPeerAddr(peCtrlSock) under try_epsv begsr
retrive the PROXY host not the final destination so the value passed to return tcp_conn(wwHost: wwPort: wkTimeout) it's wrong, probably additional parameter should be passed
I don't think that's a good idea, in general. Data connections should be made through the proxy, that's one of the purposes behind having a proxy to begin with. Many shops don't allow direct access to the final destination, they block it within their firewall and only allow access througth the proxy.
I guess we could make it an additional parameter, but I'm very skeptical.
Perhaps a better option is to provide an easy way to disable EPSV?
I'm curious what the server is sending you in response to the EPSV command. Can you provide that?
Re: FTPAPI using HTTP Proxy
Hi Scott,
Absolutely no my purpose is to use a proxy.
Based on my understanding one of the difference beetween EPSV and PASV is the response from the server
PASV in this case the server replies with an IP address and a port number (in the format (h1,h2,h3,h4,p1,p2)).
EPSV in this case the server replies with only a port number, not an IP address.
For this reason in order to retrieve the ip address ftptcp_getPeerAddr(peCtrlSock) is invoked but under proxy it's returned the proxy ip not the final destination one. So as the final ip address is one of the parameter passed i have supposed that we can use it
Finally in order to reply to your question
I'm curious what the server is sending you in response to the EPSV command. Can you provide that?
EPSV return the IP destination of the final server (not the proxy)
Thanks
Basilio
Absolutely no my purpose is to use a proxy.
Based on my understanding one of the difference beetween EPSV and PASV is the response from the server
PASV in this case the server replies with an IP address and a port number (in the format (h1,h2,h3,h4,p1,p2)).
EPSV in this case the server replies with only a port number, not an IP address.
For this reason in order to retrieve the ip address ftptcp_getPeerAddr(peCtrlSock) is invoked but under proxy it's returned the proxy ip not the final destination one. So as the final ip address is one of the parameter passed i have supposed that we can use it
Finally in order to reply to your question
I'm curious what the server is sending you in response to the EPSV command. Can you provide that?
EPSV return the IP destination of the final server (not the proxy)
Thanks
Basilio
-
Scott Klement
- Site Admin
- Posts: 935
- Joined: Sun Jul 04, 2021 5:12 am
Re: FTPAPI using HTTP Proxy
Correct, normally EPSV only returns the port number. The original specification allowed the IP address to be returned as an option -- but later versions of the specification said that it should only contain the port, and returning the IP address was an old idea that shouldn't be done in modern implementations.
getPeerAddr() will return the IP address of the proxy (since that's what FTPAPI is connected to.) And this is correct, it is what you want. You want your FTP file transfers to be run through the proxy, not the final IP address. You have confirmed this when you said "Absolutely no my purpose is to use a proxy."
If we used the final IP address instead of the proxy, it would bypass the proxy and connect directly to the final IP address.
getPeerAddr() will return the IP address of the proxy (since that's what FTPAPI is connected to.) And this is correct, it is what you want. You want your FTP file transfers to be run through the proxy, not the final IP address. You have confirmed this when you said "Absolutely no my purpose is to use a proxy."
If we used the final IP address instead of the proxy, it would bypass the proxy and connect directly to the final IP address.
- The final destination may not be available without going through the proxy, so if we did connect to the final host, it may not work.
- Its possible (as is the case with the old PASV command) that the proxy is changing the IP address to the proxy's IP address. In this case, changing it to use the final destination address would clearly be wrong.
- Even in a case where the final IP works, you'd still be bypassing the proxy, which seems wrong to me.