These settings control the general behavior of the FTP server and allow you to personalize the server to your needs. These options affect the running of your FTP server, restrictions on usage and the SSL services.
FTP #
- Ports - This option controls what port the main FTP protocol listens on. This value should be entered into FTP clients when attempting to connect. This option allows multiple ports and also for ports to listen on a single IP address. Please enter multiple ports in the format: "port1;port2;iporhost3:port3".
- Idle Timeout (Seconds) - If a connection remains idle, this value will control the period of time before the connection is forcefully shutdown.
- Max Connections - This option allows a restriction to be placed on the maximum number of connections that can be made to the server at any one time.
- Max Connections Per IP - This option allows a restriction to be placed on the maximum number of connections for each IP address. This is useful if you want to ensure that a single computer does not abuse the FTP server by opening too many FTP connections.
- Enable SSL - This allows you to quickly and easily enable or disable the use of SSL and TLS within the FTP server.
- Encrypt Data Connection By Default - FTP uses a separate connection for transferring files. Even when using SSL / TLS, this is normally un-encrypted. This this will set the data connection to be encrypted by default.
- Enable Explicit SSL - This allows SSL / TLS connections using the normal FTP port. SSL or TLS encryption is only used if an FTP client issues an 'AUTH SSL' or 'AUTH TLS' command during login. This is the simplest and most supported method of SSL.
- Enable Implicit SSL - Implicit SSL allows the FTP server to additionally allocate another port for SSL connections. Communication on this port requires less overhead as SSL negotiation is done immediately, removing the need for plain text commands to initialize SSL communication.
- SSL Ports - This option controls what port the FTP protocol implicit SSL port listens on. This value should be entered into FTP clients when attempting to connect via implicit SSL. This option allows multiple ports and also for ports to listen on a single IP address. Please enter multiple ports in the format: "port1;port2;iporhost3:port3".
- SSL Certificate - This option controls which SSL certificate will be used for SSL sessions. For more information on how to edit the SSL certificates, please see SSL Certificates.
- SSL Mode - This option controls which SSL / TLS mode will be used for SSL sessions.
Protocol #
- Allow Users to Enable Password Changing - If this is enabled and a user has this option enabled, any logged in session for that user can send the 'SITE CPWD (newpassword)' command to change the user's password. If this option is disabled, all users and groups will not allow the password to be changed.
- Block Time-Out Prevention Activities - Most FTP clients attempt to prevent an FTP connection from closing when the connection enters an idle state. Enabling this option will prevent these activities and ensure only users who are truly using the server maintain an open connection.
- Place Deleted Files into the Recycle Bin - This option will cause any deleted files to be placed into the recycle bin. This allows you to ensure deleted files are protected and can be retrieved after deletion (provided the recycle bin has the available space).
- Allow Site to Site File Transfers (FXP) - If this is enabled, the server will allow logged in users to perform site to site transfers. Site to site transfers is a name given to the action where an FTP client can connect two FTP servers together and transfer files directly between them. However, this has potential security implications so it is recommended not to enable this feature. Ability FTP Server does have additional security built in to reduce the danger that site to site transfers introduce, but there is still no guarantee that this is will make site to site transfers completely safe.
- Use Server Timezone Instead of GMT for File Timestamps - If this is enabled, the server will display and update file timestamps based on the server's local timezone rather than the recommended default of a GMT timezone. Many FTP clients will use a GMT based server timestamp and then adjust the timezone locally. However, this setting may be needed for some FTP clients.
- PASV Port Range - This option allows you to limit the range of ports used for data connections by the server. This is mainly useful for avoiding port conflicts and reducing port ranges to be configured for firewalls and routers.
- PASV IP - By default, PASV mode data connections will use the computer's IP. However, if the computer is behind a router, then that IP will usually be an internal network IP and not a valid Internet IP. By setting this option, the FTP server will ensure that the router's IP is issued to the FTP client and therefore allow PASV mode transfers. If your server is behind a router then you should enter the router's IP in this field.
Limits #
- Max Upload Speed Per User (KB/s) - This option allows you to restrict the bandwidth allowance for the uploading of files per user. This value is shared amongst all the sessions of a particular user, so if the limit was set to 10 KB/s, the result would be that two simultaneous uploads for that user would be limited to 5 KB/s each.
- Max Download Speed Per User (KB/s) - This option allows you to restrict the bandwidth allowance for the downloading of files per user. This value is shared amongst all the sessions of a particular user, so if the limit was set to 10 KB/s, the result would be that two simultaneous downloads for that user would be limited to 5 KB/s each.
- Ban File Types - This option allows a restriction to be placed on which file types are allowed to be uploaded onto the server. This is useful for preventing dangerous file types, such as exe's, which could potentially contain viruses.
- Limit Executable File Types - This option allows a restriction to be placed on which file types are allowed to be executed on the server by users which have the file execute access right. If this option is disabled, then all file types will be permitted. If a file type is executed which is 'non-executable' (i.e. a text file, document, image etc.), then the file is opened using the default application designated to open that file.
- Allow Parameters in 'Execute' Commands - If this is enabled and a user has file execution access rights (the ability send a 'SITE EXEC' command), parameters will be permitted and passed onto the executable file. It is recommended that this option is not enabled as execution parameters cannot be checked for security, which could inadvertently cause a security hole in your FTP server. Also, users with file execution access rights should have a strong password which is known only by trusted users.
- Enable Anti-Hammering - Enabling this option will cause a user to be blocked if they fail to login after five attempts. Blocking is based on the user's IP and they will remain blocked for ten minutes. This technique helps prevent rogue password cracking software from guessing your user passwords. Additionally, Ability FTP Server always pauses for five seconds when a password is incorrect, which also helps protect passwords.
IP Control #
- Enable IP Control - If enabled, the entries within the list box will be enforced.
- IP Control - This is the list of allowed/denied IPs, in order of execution from top to bottom. If an entry matches the client IP, then the provided 'Allow' or 'Deny' option will be enforced.