cancel
Showing results for 
Search instead for 
Did you mean: 
Reliable Contributor malware-alerts
Reliable Contributor
Report Inappropriate Content
Message 1 of 3

Chrome 46.0.2490.86 doesn't respond to HTTP407 (NTLM) when doing FTP over HTTP ?

Jump to solution
  • Using MWG 7.5.2.2 in explicit proxy mode.
  • MWG is configured to send 'anonymous' FTP logon when using FTP over HTTP.

Users trying to download files from an FTP site using Chrome (FTP over HTTP) receive the "You must be authenticated" block page.

When lookng at a packet trace when reproducing the issue, we can see that Google Chrome is NOT answering the HTTP 407 response from the proxy AND it is NOT sending a "User-Agent' header with it's request :

FTP_Chrome_NTLM_User-Agent.png

(In the picture above, Yellow is the client and Black is the MWG)

  • The request headers are in the red highlight : no trace of 'User-Agent'.
  • 2 ACK packets (not shown) are sent by the client after the HTTP407, nothing else.

When doing the same operation with IE11, everythng works normally:

FTP_IE_NTLM_User-Agent.png

(In the picture above, Yellow is the client and Black is the MWG)

  • The request headers in the red highlight show the 'User-Agent' header being sent by the browser.
  • NTLM negotiation completes normally between the browser and the MWG. User is authenticated and allowed to proceed to the FTP site and download the requested file.



  1. I don't recall having FTP over HTTP issues with prior versions of Chrome when using FTP over HTTP with anonymous credentials ((unfortunately can't validate).
  2. Google Chrome properly deals with the HTTP 407 response when browsing HTTP.
  3. Google Chrome sends the User-Agent header in it's request when browsing HTTP/HTTPS

Anybody else noticed that?


1 Solution

Accepted Solutions
McAfee Employee jscholte
McAfee Employee
Report Inappropriate Content
Message 2 of 3

Re: Chrome 46.0.2490.86 doesn't respond to HTTP407 (NTLM) when doing FTP over HTTP ?

Jump to solution

This is noted in the best practice about FTP over HTTP:

Chrome can't seem to handle proxy auth or even FTP auth when dealing with FTP over HTTP.

Best Regards,

Jon

2 Replies
McAfee Employee jscholte
McAfee Employee
Report Inappropriate Content
Message 2 of 3

Re: Chrome 46.0.2490.86 doesn't respond to HTTP407 (NTLM) when doing FTP over HTTP ?

Jump to solution

This is noted in the best practice about FTP over HTTP:

Chrome can't seem to handle proxy auth or even FTP auth when dealing with FTP over HTTP.

Best Regards,

Jon

Reliable Contributor malware-alerts
Reliable Contributor
Report Inappropriate Content
Message 3 of 3

Re: Chrome 46.0.2490.86 doesn't respond to HTTP407 (NTLM) when doing FTP over HTTP ?

Jump to solution

Right. I just realized that the FTP sites that did work with Chrome (when I was saying "I don't recall having FTP over HTTP issues") were bypassing proxy authentication... duh.

Thanks for the reply Jon.

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community