Search code examples
rsslcurlproxyrcurl

RCurl getURL with FTP over proxy

In R I'm trying to get data from a ftp server using RCurl. The server has explicit encryption activated. Below one of the many attempts to make this work but I always get 530 Login or password incorrect! Still the username / password works when using another client like WinSCP. Any help is welcome!

library(RCurl)

# CURL_SSLVERSION_TLSv1_1 <- 5L
# CURL_SSLVERSION_TLSv1_2 <- 6L

opts <- curlOptions(
  proxy         = "http://my.proxy/",
  proxyport     = 8080,
  dirlistonly = TRUE,
  sslversion = 6L,
  ftp.use.epsv = FALSE,
  ssl.verifypeer=TRUE
  
)

 dat <- getURL("ftp://myUser:myPaas@ftps.myServer.com/", .opts = opts )

Here some screenshots of the winscp setup (only German OS available)

Connection screen:

enter image description here

Protocol screen:

enter image description here

WinSCP connection string:

enter image description here

Here is the output having verbose = TRUE added

*   Trying 10.x.x.x...
* Connected to 10.x.x.x (10.x.x.x) port 8080 (#0)
> GET ftp://User:Pass@ftp.myserver.com/ HTTP/1.1
 Host: ftp.myserver.com:21
 Accept: */*
 Proxy-Connection: Keep-Alive

< HTTP/1.1 403 Forbidden
< Server: squid/3.5.20
< Mime-Version: 1.0
< Date: Thu, 15 Nov 2018 11:12:24 GMT
< Content-Type: text/html;charset=utf-8
< Content-Length: 3898
< X-Squid-Error: ERR_FTP_FORBIDDEN 530
< Vary: Accept-Language
< Content-Language: en
< WWW-Authenticate: Basic realm="FTP ftp.myserver.com"
< X-Cache: MISS from Proxy-xxxxxx
< X-Cache-Lookup: MISS from Proxy-xxxxx:8080
< Via: 1.1 Proxy-xxxxxx (squid/3.5.20)
< Connection: keep-alive
< 
 * Connection #0 to host 10.x.x.x left intact

Here is the WinSCP log:

. 2018-11-15 17:09:15.999 Verbinde mit ftp.MyServer.com ...
. 2018-11-15 17:09:15.999 HTTP proxy command: CONNECT ftp.MyServer.com:21 HTTP/1.1

. 2018-11-15 17:09:15.999 Host: ftp.MyServer.com:21

. 2018-11-15 17:09:16.014 Verbindung mit dem Proxy hergestellt, führe Handshakes aus ...
. 2018-11-15 17:09:16.039 HTTP proxy response: HTTP/1.1 200 Connection established
. 2018-11-15 17:09:16.039 HTTP proxy headers: 

. 2018-11-15 17:09:16.039 

. 2018-11-15 17:09:16.039 Verbunden mit ftp.MyServer.com, TLS Verbindung wird ausgehandelt...
< 2018-11-15 17:09:16.059 220 Welcome to FTP MyServer
> 2018-11-15 17:09:16.059 AUTH TLS
< 2018-11-15 17:09:16.093 234 Using authentication type TLS
. 2018-11-15 17:09:16.179 Verifying certificate for "MY Server" with fingerprint xx:yy:zz.............. and 18 failures
. 2018-11-15 17:09:16.179 Certificate common name "ftp.MyServer.com" matches hostname
. 2018-11-15 17:09:16.179 Certificate for "MY Server" matches cached fingerprint and failures
. 2018-11-15 17:09:16.179 Using TLSv1.2, cipher TLSv1/SSLv3: ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA, ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(256) Mac=AEAD
. 2018-11-15 17:09:16.216 TLS Verbindung hergestellt. Warte auf die Willkommensnachricht...
> 2018-11-15 17:09:16.216 USER MyUser
< 2018-11-15 17:09:16.216 331 Password required for MyUser
> 2018-11-15 17:09:16.216 PASS **********
< 2018-11-15 17:09:16.236 230 Logged on

Here is the R console log with more info:

 *   Trying 10.101.0.32...
 * Connected to 10.101.0.32 (10.x.x.x) port 8080 (#0)
 > GET ftp://MyUser:@ftp.MyServer.com/ HTTP/1.1
 Host: ftp.MyServer.com:21
 Accept: */*
 Proxy-Connection: Keep-Alive
 
 < HTTP/1.1 401 Unauthorized
 < Server: squid/3.5.20
 < Mime-Version: 1.0
 < Date: Fri, 16 Nov 2018 08:25:46 GMT
 < Content-Type: text/html;charset=utf-8
 < Content-Length: 3898
 < X-Squid-Error: ERR_FTP_FORBIDDEN 530
 < Vary: Accept-Language
 < Content-Language: en
 < WWW-Authenticate: Basic realm="FTP MyServer ftp.MyServer.com"
 < X-Cache: MISS from Proxy-xxxx
 < X-Cache-Lookup: MISS from Proxy-xxxx:8080
 < Via: 1.1 Proxy-xxxx (squid/3.5.20)
 < Connection: keep-alive
 < 
 * Ignoring the response-body
 * Connection #0 to host 10.x.x.x left intact
 * Issue another request to this URL: 'ftp://ftp.MyServer.com'
 * Found bundle for host ftp.MyServer.com: 0xafea17a
 * Re-using existing connection! (#0) with host 10.x.x.x
 * Connected to 10.x.x.x (10.x.x.x) port 8080 (#0)
 * Server auth using Basic with user 'Nordex'
 > GET ftp://MyUser:@ftp.MyServer.com/ HTTP/1.1
 Authorization: Basic Tm9yZGV50g==
 Host: ftp.MyServer.com:21
 Accept: */*
 Proxy-Connection: Keep-Alive
 
 < HTTP/1.1 401 Unauthorized
 < Server: squid/3.5.20
 < Mime-Version: 1.0
 < Date: Fri, 16 Nov 2018 08:25:46 GMT
 < Content-Type: text/html;charset=utf-8
 < Content-Length: 3947
 < X-Squid-Error: ERR_FTP_FORBIDDEN 530
 < Vary: Accept-Language
 < Content-Language: en
 * Authentication problem. Ignoring this.
 < WWW-Authenticate: Basic realm="FTP MyServer ftp.MyServer.com"
 < X-Cache: MISS from Proxy-xxxx
 < X-Cache-Lookup: MISS from Proxy-xxxx:8080
 < Via: 1.1 Proxy-xxxx (squid/3.5.20)
 < Connection: keep-alive
 < 
 * Connection #0 to host 10.x.x.x left intact
Solution

  • WinSCP sends CONNECT command to proxy:

    . 2018-11-15 17:09:15.999 HTTP proxy command: CONNECT ftp.MyServer.com:21 HTTP/1.1

    While RCurl sends GET command:

    > GET ftp://User:Pass@ftp.myserver.com/ HTTP/1.1

    In cURL, you use CURLOPT_HTTPPROXYTUNNEL option to make it use CONNECT:

    make libcurl tunnel all operations through the HTTP proxy (set with CURLOPT_PROXY). There is a big difference between using a proxy and to tunnel through it.

    Tunneling means that an HTTP CONNECT request is sent to the proxy, asking it to connect to a remote host on a specific port number and then the traffic is just passed through the proxy.

    In RCurl, that corresponds to httpproxytunnel. So this should do:

    opts <- curlOptions(
  proxy           = "http://my.proxy/",
  proxyport       = 8080,
  httpproxytunnel = 1,
  ...
)