FTP Server Configuration
Posted by Matthew Jeffels, Last modified by Matthew Jeffels on 05 October 2016 04:14 PM

FTP Server Configuration

In this section we go over the options available to you in order to configure your server FTP's behaviour.

This will Depend on the server software that you have selected to use and if you change software you may have to change the settings you make here as well.

To select the software you server uses for its FTP you can find it in the FTP Server Selection section of Service Configuration.

You can choose between ProFTPD or Pure-FTPd. By Defeult cPanel and your server will use Pure-FTPd as a result this is the settings we will cover first.

Pure-FTPd Settings

TLS Encryption Support

FTP Server Configuration Options

From the TLS Encryption Support menu, you select a setting for TLS encryption of FTP connections:

Optional — This allows the FTP users to choose whether to use TLS encryption. This setting offers the best compatibility.

Required (Command) — This forces users to use TLS encryption on all commands that users issue to the FTP server. This setting hides passwords and usernames.

Required (Command/Data) — This Requires TLS encryption on commands that users issue to the FTP server and on data that comes through the FTP server. This setting helps to protect all traffic from eavesdroppers.

TLS Cipher Suite

FTP Server Configuration Options

Enter the list, in standard format, of the TLS ciphers that you wish your FTP server to use in the TLS Cipher Suite text box.

HIGH:MEDIUM:+TLSv1:!SSLv2:+SSLv3 is the default setting. Typically, you should only adjust this setting in order to better meet PCI Compliance. For more information about TLS ciphers, you can read OpenSSL's Cipher documentation.

Allow Anonymous Logins

FTP Server Configuration Options

From the Allow Anonymous Logins menu, select whether users can log in to your FTP server anonymously. Warning: We do not recommend that you enable anonymous FTP, because it seriously compromises the security of your server.

Allow Anonymous Uploads

FTP Server Configuration Options

The Allow Anonymous Uploads menu allows you to select whether anonymous users can upload files to your FTP servers.

We do not recommend that you enable anonymous FTP, because it seriously compromises the security of your server.

Maximum Load for Anonymous Downloads

FTP Server Configuration Options

This lets you enter the maximum load for anonymous downloads in the Maximum Load for Anonymous Downloads text box.

If the system's load average exceeds this setting, your FTP server will prevent downloads by anonymous users. 

Maximum Idle Time (minutes)

FTP Server Configuration Options

This setting allows you to set the Maximum Idle Time (minutes) text box, enter the number of minutes an FTP connection may remain idle before the server will automatically disconnect it.

Maximum Connections

FTP Server Configuration Options

This setting allows you to enter the maximum number of FTP connections in the Maximum Connections text box. The FTP settings applies this limit server-wide and not on a per-user basis.

Maximum Connections Per IP Address

FTP Server Configuration Options

This setting allows you to set the Maximum Connections Per IP Address by entering it in the text box, enter the maximum number of FTP connections to allow from a single IP address.

Allow Logins with Root Password

FTP Server Configuration Options

This setting allows you to Allow Logins with Root Password menu, this allows you to decide whether your root account should be allowed access to all FTP accounts.

Broken Clients Compatibility

FTP Server Configuration Options

This setting allows you to ignore parts of the FTP protocol standards in order to provide Broken Clients Compatibility, select whether your FTP server will ignore some protocol standards in order to improve compatibility with buggy FTP clients and firewalls.

ProFTPD Settings

This section covers the settings available to you if you are using the ProFTPD server software for your FTP server.

TLS Encryption Support

From the TLS Encryption Support menu, you select a setting for TLS encryption of FTP connections:

Optional — This allows the FTP users to choose whether to use TLS encryption. This setting offers the best compatibility.

Required (Command) — This forces users to use TLS encryption on all commands that users issue to the FTP server. This setting hides passwords and usernames.

Required (Command/Data) — This Requires TLS encryption on commands that users issue to the FTP server and on data that comes through the FTP server. This setting helps to protect all traffic from eavesdroppers.

TLS Options

This setting allows you to relax the rules of some of the TLS/SSL settings. However it may cause compatibility issues.

TLS Cipher Suite

Enter the list, in standard format, of the TLS ciphers that you wish your FTP server to use in the TLS Cipher Suite text box.

HIGH:MEDIUM:+TLSv1:!SSLv2:+SSLv3 is the default setting. Typically, you should only adjust this setting in order to better meet PCI Compliance. For more information about TLS ciphers, you can read OpenSSL's Cipher documentation.

TLS Protocol

This option allows you to customize the TLS protocols that should be used when accessing the FTP server. As stated this should largly only need to be changed to better meet the PCI compliance.

Maximum Idle Time (Seconds)

This setting allows you to configure how long an FTP connection can remain idle and connected to the server before it will be automatically disconnected. 

Maximum Number of FTP Processes

This setting allows you to set a limit on how many child process that ProFTP may create. If set to none there is no restriction. If you are experiencing performance issues with your server and a high bandwidth of FTP traffic you may consider setting a limit here.

Show Symlinks

This setting will cause symlinked files to appear correctly as symlinks. These are files that contain a reference to another file or directory in the form of an absolute or relative path.

Symlink Compatibility

This option will allow symlinks to correctly function for certain clients that normally don't support them.

TCP Wrappers

This setting allows you to force ProFTPD to use TCP wrappers when transferring files, this may however cause your users to be unable to use FTP if they configure their hostnames incorrectly.

Thanks

Matt Jeffels
PAC Web Hosting

(0 vote(s))
Helpful
Not helpful

Comments (0)