Issue
I need to connect to ftp server through proxy and download a file from Golang code. I've implemented simple client:
package main
import (
"bufio"
"fmt"
"github.com/jlaffaye/ftp"
"io"
"log"
"net"
"net/http"
"os"
"strings"
"time"
)
var targetAddr = "ftp.dlptest.com"
var proxyAddr = "146.19.106.109:3128"
var user = "dlpuser"
var pass = "rNrKYTX9g7z3RgJRmxWuGHbeu"
var path = "/xxx.txt"
func connectViaProxy(network, address string) (net.Conn, error) {
parts := strings.Split(address, ":")
addr := fmt.Sprintf("%s:%s", targetAddr, parts[1])
proxyConn, err := net.Dial(network, proxyAddr)
if err != nil {
return nil, err
}
req, err := http.NewRequest(http.MethodConnect, "http://"+addr, nil)
if err != nil {
proxyConn.Close()
return nil, err
}
req.Header.Set("Accept", "*/*")
req.Header.Set("User-Agent", "curl/8.1.2")
req.Header.Set("Host", targetAddr+":21")
err = req.Write(proxyConn)
if err != nil {
return nil, err
}
resp, err := http.ReadResponse(bufio.NewReader(proxyConn), req)
if err != nil {
proxyConn.Close()
return nil, err
}
if resp.StatusCode != 200 {
x, _ := io.ReadAll(resp.Body)
fmt.Println(string(x))
proxyConn.Close()
return nil, fmt.Errorf("non-200 status code received from proxy: %v", resp.Status)
}
return proxyConn, nil
}
func main() {
c, err := ftp.Dial(targetAddr+":21",
ftp.DialWithTimeout(5*time.Second),
ftp.DialWithDebugOutput(os.Stdin),
ftp.DialWithDialFunc(connectViaProxy),
)
if err != nil {
log.Fatal(err)
}
err = c.Login(user, pass)
if err != nil {
log.Fatal(err)
}
if r, err := c.Retr(path); err != nil {
fmt.Println(err, ":<")
} else {
if reader, err := io.ReadAll(r); err != nil {
fmt.Println(err, ":(")
} else {
fmt.Println(string(reader))
}
}
if err = c.Quit(); err != nil {
log.Fatal(err)
}
}
Unfortunately, I'm receiving 403 Forbidden while trying to connect. Normally I would assume that this is server restriction but it works completely fine through curl:
curl -vvv -x 146.19.106.109:3128 -u dlpuser:rNrKYTX9g7z3RgJRmxWuGHbeu ftp://ftp.dlptest.com/xxx.txt
Does anyone have some idea why is that happening? As far as I saw, curl is also using http CONNECT under the hood, so I'm wondering what I am missing.
P.S. don't worry about credentials in code - these are publicly available for testing in the web
Solution
FTP over a HTTP proxy is not done with a CONNECT request. Instead the proxy is instructed to fetch a ftp://...
URL with a normal GET request. This is also what curl is doing. Within Go this can be done like this (omitting error handling for simplicity):
// create the TCP connection to the proxy
conn, err := net.Dial("tcp", "146.19.106.109:3128")
// create the request with the ftp:// URL
req, err := http.NewRequest(http.MethodGet, "ftp://ftp.dlptest.com/xxx.txt", nil)
req.SetBasicAuth("dlpuser","rNrKYTX9g7z3RgJRmxWuGHbeu")
// don't use req.Write but req.WriteProxy, since the request line must
// contain the full URL and not only the path
err = req.WriteProxy(conn)
// read response
resp, err := http.ReadResponse(bufio.NewReader(conn), req)
body, _ := io.ReadAll(resp.Body)
Answered By - Steffen Ullrich Answer Checked By - David Marino (WPSolving Volunteer)