upload file to ftp server over http proxy using php/curl stopped by zscaler

740 views Asked by At

I'm trying to upload a file to a ftp-server via http-proxy with a php-script and curl. I'm using the method described here: Upload the file to the FTP server over HTTPS using curl in php. Our company uses ZSCALER for safety reasons, and I got the message back "Not allowed to use FTP over HTTP for non-GET/non-HEAD request". If I use FileZilla on the very same machine, I can upload files with the same proxy settings w/o problems.

I tried my script in browser and with Postman, both don't work. Postman gives back the same html-site I get in the browser.

the code in PHP:


    $fp = fopen($filepath, 'r');
    $ftp_url = "ftp://user:password@url/"."test.txt";
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, $ftp_url);
    curl_setopt($ch, CURLOPT_UPLOAD, 1);
    curl_setopt($ch, CURLOPT_INFILE, $fp);
    curl_setopt($ch, CURLOPT_INFILESIZE, filesize($filepath));
    curl_setopt($ch, CURLOPT_PROXY, "proxy-url");
    curl_setopt($ch, CURLOPT_PROXYPORT, 8080);
    curl_setopt($ch, CURLOPT_PROXYTYPE, 'HTTP');
    //curl_setopt($ch, CURLOPT_HTTPPROXYTUNNEL, 1); //with this option I get a timeout
    //curl_setopt($ch, CURLOPT_PROXYUSERPWD, $proxy_login); //I don't need proxy credentials
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    //curl_setopt($ch, CURLOPT_FTPLISTONLY, 1); //that was for test, that works, but the output was formatted by zscaler
    $result = curl_exec($ch);
    curl_close($ch);

In FileZilla the settings for the ftp-connection are under generic proxy "Type of generic procy" "HTTP/1.1 using the 'CONNECT' method"

If anyone knows another method in php to put files on ftp over http-proxy I will try it also. I found no examples in Internet using the "plain" ftp methods in php, so that doesn't work?

Log of FIleZilla:

Status: Connecting to ftp-url through HTTP proxy
Status: Connecting to proxy-url:8080...
Status: Connection with proxy established, performing handshake...
Response:   Proxy reply: HTTP/1.1 200 Connection Established
Status: Connection established, waiting for welcome message...
Response:   220 Zscaler/6.2: USER expected (Unix syntax)
Status: Plain FTP is insecure. Please switch to FTP over TLS.
Command:    USER ftp-user
Response:   331 Password required
Command:    PASS ********
Response:   230-User ftp-user has group access to:  www-data  
Response:   230 OK. Current directory is /
Command:    SYST
Response:   215 UNIX Type: L8
Command:    FEAT
Response:   211-Extensions supported:
Response:    EPRT
Response:    IDLE
Response:    MDTM
Response:    SIZE
Response:    REST STREAM
Response:    MLST type*;size*;sizd*;modify*;UNIX.mode*;UNIX.uid*;UNIX.gid*;unique*;
Response:    MLSD
Response:    AUTH TLS
Response:    PBSZ
Response:    PROT
Response:    UTF8
Response:    TVFS
Response:    ESTA
Response:    PASV
Response:    EPSV
Response:    SPSV
Response:    ESTP
Response:   211 End.
Command:    OPTS UTF8 ON
Response:   200 OK, UTF-8 enabled
Status: Logged in
Status: Retrieving directory listing...
Command:    PWD
Response:   257 "/" is your current location
Command:    TYPE I
Response:   200 TYPE is now 8-bit binary
Command:    EPSV
Response:   229 Entering extended passive mode (|||38830|)
Command:    MLSD
Status: Connection with proxy established, performing handshake...
Response:   Proxy reply: HTTP/1.1 200 Connection Established
Response:   150 Accepted data connection
Response:   226 ftp://ftp-url/ Transfer complete, (company:xxx, 12/14/2022:14:51:32)
Status: Directory listing of "/" successful

2

There are 2 answers

1
Xilukarim On BEST ANSWER

I solved this issue.

the curl option CURLOPT_HTTPPROXYTUNNEL has to be set. I got the timeout, because the files are quite big and the connection slow, so I raised the timeout with the option "CURLOPT_TIMEOUT" and now it works fine.

1
BestIdea5 On

Try (source) e.g. for curl -p --proxy1.0 like:

curl -p --proxy1.0 http://proxy.example.com:80 ftp://ftp.example.com/file.txt