An FTP proxy is a piece of software that enables a server to act as a proxy server for the FTP protocol. It can perform functions like protocol enforcement, caching, authentication and active to passive translation. It can also be used as a way of solving the problem with FTP and firewalls.

Well-known FTP proxy packages include the OpenBSD ftp-proxy, the similarly named package included with IPFilter, the frox caching proxy, Microsoft ISA Server and Sidewinder G2. Most of these are primarily concerned with security, though frox does offer caching features. It also allows for virus scanning of uploaded and downloaded files.

FTP proxies can be either transparent, in which case the client is not aware of the proxy's presence, or non-transparent, where the client knows about the proxy. A transparent proxy works with the help of a packet filter like pf, IPFilter or Linux' Netfilter, which intercepts and redirects the outbound FTP connection to the proxy. Advantages to this approach are that the client does not need to be modified, and that all FTP connections are proxied. Disadvantages are that it cannot support authentication: since the client is unaware that it's connecting through a proxy, it does not know to send any credentials to it, such as username/password pairs or Kerberos tickets. In a non-transparent setup, the client first establishes a connection to the proxy, then asks the proxy to connect to another site on the client's behalf. With this kind of setup, it's possible to require the client to authenticate itself to prove that it's a trusted user, trusted workstation, or both. Methods can include usernames and passwords, TLS certificates, Kerberos, S/KEY or a combination of methods.