 |
.ftpaccess Modifications |
|||||||||||||||
| ||||||||||||||||
 | Web Site Hosting | Web Design | Broadband/Access | E-Mail Solutions | Accept Credit Cards | Hosting Support |  | |
|
||||||||
The following examples will work on our systems; however, we do not offer support for .ftpaccess modifications. The examples covered in this article are not intended to cover every function that is possible with .ftpaccess, but instead to be a guide for some commonly requested functionality. Please see the recommended configuration section below.
For additional information on .ftpaccess files, please refer to http://proftpd.linux.co.uk.
By default, anonymous FTP (File Transfer Protocol) users can only upload and/or download files and directories. Anonymous users cannot delete, rename, or overwrite files or directories. However, using an .ftpaccess file, it is possible to override the default permissions. Only permissions that are specified are overridden, all others will remain unchanged. For example, if you choose to write an .ftpaccess file to override the ability to delete files, the default configuration for uploading and downloading will remain the same.
To work properly, the .ftpaccess file needs to be placed in the /aftp directory, so that it only affects anonymous FTP users.
The Limit directive is one of the most useful features of .ftpaccess and is used to place access restrictions on one or more FTP commands in the /aftp directory. For example, using the Limit directive, this .ftpaccess file denies all anonymous users the ability to upload (STOR*) files:
<Limit STOR>
DenyAll
</Limit>
The Limit directive can also be used to limit access to the /aftp directory by IP address. For example, the following example only allows anonymous FTP access to users that come from IP addresses that begin with either w.x.y or w.x.y.z:
<Limit ALL>
DenyAll
Allow w.x.y.z
</Limit>
You can also combine the aforementioned restrictions in to one .ftpaccess file to create a very flexible solution. For example, you can allow all anonymous users to access the site and download files, and only users from certain IP addresses to upload files. Since the default is to allow all anonymous users the ability to upload and download files, you only need to restrict the ability to upload files. This can be done in one .ftpaccess file:
<Limit STOR>
DenyAll
Allow w.x.y.z
</Limit>
The default configuration for anonymous FTP does not allow users to delete (DELE*) or overwrite files. Those features can also be overridden with an .ftpaccess file:
AllowOverwrite On
<Limit DELE>
AllowAll
</Limit>
Multiple FTP commands can also be combined in an .ftpaccess file. In this example, only anonymous users from certain IP addresses can upload and delete files. All users can still download files because this .ftpaccess file does not affect download permissions:
<Limit STOR DELE>
DenyAll
Allow w.x.y.z
</Limit>
* STOR - The command that an FTP client sends to the server when a user wants to upload a file to the server (i.e., STOR filename.txt).
* DELE - The command that an FTP client sends to the server when a user wants to delete a file from the server (i.e., DELE filename.txt).
For additional information about common FTP commands, please refer to http://proftpd.linux.co.uk.
Recommended configuration
Once this .ftpaccess file is placed in the /aftp folder, this configuration restricts all anonymous users to read-only access except for those coming from your IP address.
<Limit APPE DELE MKD RMD RNTO STOR XMKD XRMD>
DenyAll
Allow your.ip.address
</Limit>
Please note: the information on this page applies to ITS web hosting plans. It may or may not apply to other environments. If you are looking for a feature described here, or better support from your hosting provider, please consider hosting your site with ITS!
Copyright © 1996-2024, Integrated Technical Solutions, Inc., all rights reserved. See Terms/Legal for trademarks, copyright, and terms of use.
Naperville, IL 60563
fax 630.420.2771