如何处理“主机尝试数据连接 x.x.x.x 与服务器 y.y.y.y 不同";Camel FTP 错误? [英] How to handle "Host attempting data connection x.x.x.x is not the same as server y.y.y.y" error with Camel FTP?
问题描述
我正在尝试使用 Camel FTP Producer 将文件发送到第三方 ftp 服务器(由亚马逊托管,它会出现),并且遇到了一个问题,我收到 Writing File failed with: File operation失败...主机尝试数据连接 xxxx 与服务器 yyyy 不同,这是我以前从未见过的.
生产者配置为被动模式,根据TRACE级别的日志,这是启用的.(虽然错误消息听起来更像是主动模式问题)
y.y.y.y IP 地址是 nslookup 为目标域列出的 IP 地址之一,因此该位是有意义的.但是,xxxx IP 与不同的 Amazon 托管服务器有关,因此我认为已经执行了某种切换或负载平衡,而 FTP 客户端不喜欢那样.
是否有某种方法可以配置 Camel FTP 以允许这样做(我假设这是一个安全功能),还是被动模式应该允许这样做?
我对 ftp 服务器提供商没有影响,所以很遗憾,除了我的客户端选项之外,我无法更改任何内容.
感谢您的关注!
在对 Apache Commons FTP 的源代码进行了一些挖掘和 grep 之后,有问题的消息是由客户端中的验证引起的,该验证检查被动模式连接与初始服务器连接相同.
鉴于这似乎是一个负载平衡系统,被动模式数据连接与目标 IP 不同,因此验证失败.
可以使用 Camel FTP 通过创建 FTPClient 的特定实例并将删除验证设置为关闭来修复此问题.
FTPClient ftp = new FTPClient();ftp.setRemoteVerificationEnabled(false);registry.put("FTPClient", ftp);然后在 FTP 的 URI 中引用此对象
ftp://user@host:21/path?password=xxxx&passiveMode=true&tempPrefix=part.&ftpClient=#FTPClient显然,通过禁用此远程验证测试,您会使自己更容易受到重定向或拦截的 FTP 数据以及您的数据被发送到您不希望的地方的影响,但我想如果您担心的话,您不会t be used 还是首先使用未加密的 FTP.
I'm trying to send a file to a third party ftp server (hosted by Amazon it would appear) with a Camel FTP Producer, and am having an issue where I am getting Writing File failed with: File operation failed... Host attempting data connection x.x.x.x is not the same as server y.y.y.y which I've not seen before.
The producer is configured to be in passive mode, and according to the logs at TRACE level, this is enabled. (Although the error message sounds like it would relate more to an active mode issue)
The y.y.y.y IP address is one of those listed by nslookup for the target domain, so that bit makes sense. However, the x.x.x.x IP relates to a different Amazon hosting server, and so I presume some sort of hand-off or load-balancing has been performed, and the FTP client doesn't like that.
Is there some way of configuring Camel FTP to allow this (I'm presuming this is a security feature), or should passive mode allow this anyway?
I have no influence with the ftp server provider, so unfortunately I can't change anything but my client options.
Thanks for looking!
After some digging, and grepping the source code for Apache Commons FTP, the message in question is caused by a validation in the client which checks that the passive mode connection is the same as the initial server connection.
Given that this appears to be a load-balanced system, the passive mode data connection is a different IP from the target IP, and this fails the validation.
It can be fixed using Camel FTP by creating a specific instance of the FTPClient and setting remove verification off.
FTPClient ftp = new FTPClient();
ftp.setRemoteVerificationEnabled(false);
registry.put("FTPClient", ftp);
and then referencing this object in the URI for FTP
ftp://user@host:21/path?password=xxxx&passiveMode=true&tempPrefix=part.&ftpClient=#FTPClient
Clearly, by disabling this remote verification test you are making yourself more vulnerable to the FTP data being redirected or intercepted and your data being sent somewhere you didn't intend, but I guess if you're worried about that you wouldn't be using still be using unencrypted FTP in the first place.
这篇关于如何处理“主机尝试数据连接 x.x.x.x 与服务器 y.y.y.y 不同";Camel FTP 错误?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
