Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Troubleshoot Browser Issues for FTP over HTTP

Testing has shown that Mozilla Firefox is the only browser that does not require special attention from the user or administrator when doing FTP over HTTP.

Most web browsers have issues when requests are sent using FTP over HTTP. For some of these issues, you can implement workarounds.

Anonymous and non-anonymous logon

Some browsers can only handle FTP over HTTP when anonymous logon is allowed on an FTP server, as these browsers cannot send credentials as part of the URL in a request.

Other browsers prompt users for credentials when anonymous logon is not allowed on an FTP server.

When working with browsers that can handle non-anonymous logon, but do not prompt users, credentials can be submitted in one of the following ways:

  • Credentials can be entered on the authentication page that is sent to the browser by Web Gateway.
  • Credentials can be inserted in the URL that is sent from the browser to the FTP server. The URL format must be as follows:

ftp://<user name>:<password>@<name of the FTP server>

Special characters within credentials

Some browsers do not encode FTP user names and passwords containing special characters correctly, rendering them useless and causing logon to fail.

There is no workaround for this issue, other than avoiding special characters in credentials. These browsers can be used, but are not recommended for FTP over HTTP when credentials for non-anonymous logon are required.

Special characters within credentials

Some browsers do not encode FTP user names and passwords containing special characters correctly, rendering them useless and causing logon to fail.

There is no workaround for this issue, other than avoiding special characters in credentials. These browsers can be used, but are not recommended for FTP over HTTP when credentials for non-anonymous logon are required.

Proxy authentication

When doing FTP over HTTP using a proxy, for example, the proxy provided by Web Gateway, the proxy has to authenticate to the FTP server.

Some browsers cannot handle this authentication process. When Web Gateway sends a message that proxy authentication is required, these browsers do not send the user credentials back.

As a workaround, you can exempt these browsers from proxy authentication. For this exemption, a rule must be inserted in the rule set that you are using to control authentication. The rule recognizes the browser through the information provided by the user-agent information in the header of the request that is submitted.

This rule might look as follows if the browser is, for example, Google Chrome:

Name
Exempt FTP over HTTP with Chrome from proxy authentication
Criteria                                                                     Action             Event
Header.Get("User-Agent" matches "Chrome" AND URL.Protocol equals "ftp"     –> Stop Rule Set

Proxy settings

Some browsers ignore the proxy settings when the protocol information in a URL is ftp://. Instead of sending an FTP over HTTP request to the proxy, they send a native FTP request directly to the FTP server.

There is no workaround for this issue. These browsers cannot be used for FTP over HTTP traffic.

Issues with commonly used web browsers

The following table shows issues that arise more often when doing FTP over HTTP in relation to some of the most commonly used web browsers.

Web browser Issues Solution
Mozilla Firefox

No issues known.

Can be used without taking additional measures for FTP over HTTP.

Microsoft Internet Explorer

Does not prompt users for credentials when anonymous logon is not allowed for FTP over HTTP on an FTP server.

Encodes special characters within credentials incorrectly.

Can be used for FTP over HTTP when anonymous logon is allowed on an FTP server.

When user for non-anonymous logon, credentials must be submitted in one of the following ways:

  • Entering credentials on the authentication page that is displayed by Web Gateway.
  • Inserting credentials in the URL that is sent to the FTP server

The credentials must not contain special characters.

Google Chrome

Can only handle FTP over HTTP if an FTP server allows anonymous logon.

Cannot handle proxy authentication.

Can be used if an FTP server allows anonymous logon, but requires a rule for skipping proxy authentication.

Opera

Cannot handle proxy authentication.

Can be used for FTP over HTTP, but requires a rule for skipping proxy authentication.

Safari

Ignores proxy settings when the protocol information in a URL is ftp://.

Sends native FTP requests from a client directly to the FTP server instead, bypassing the configured proxy, for example, the proxy provided by Web Gateway.

No workaround: Cannot be used for FTP over HTTP.

 

  • Was this article helpful?