Help, configuration and tips.

FTP

• Ports - This option controls what port the main FTP protocol listens on. This value should be entered into FTP clients when attempting to connect. This option allows multiple ports and also for ports to listen on a single IP address. Please enter multiple ports in the format: "port1;port2;iporhost3:port3".
• Idle Timeout (Seconds) - If a connection remains idle, this value will control the period of time before the connection is forcefully shutdown.
• Max Connections - This option allows a restriction to be placed on the maximum number of connections that can be made to the server at any one time.
• Max Connections Per IP - This option allows a restriction to be placed on the maximum number of connections for each IP address. This is useful if you want to ensure that a single computer does not abuse the FTP server by opening too many FTP connections.
• Enable SSL - This allows you to quickly and easily enable or disable the use of SSL and TLS within the FTP server.
• Encrypt Data Connection By Default - FTP uses a separate connection for transferring files. Even when using SSL / TLS, this is normally un-encrypted. This this will set the data connection to be encrypted by default.
• Use SSL Version 3 and TLS Only - If enabled, SSL connections are restricted to SSL Version 3 and TLS.
• Enable Explicit SSL - This allows SSL / TLS connections using the normal FTP port. SSL or TLS encryption is only used if an FTP client issues an 'AUTH SSL' or 'AUTH TLS' command during login. This is the simplest and most supported method of SSL.
• Enable Implicit SSL - Implicit SSL allows the FTP server to additionally allocate another port for SSL connections. Communication on this port requires less overhead as SSL negotiation is done immediately, removing the need for plain text commands to initialize SSL communication.
• SSL Ports - This option controls what port the FTP protocol implicit SSL port listens on. This value should be entered into FTP clients when attempting to connect via implicit SSL. This option allows multiple ports and also for ports to listen on a single IP address. Please enter multiple ports in the format: "port1;port2;iporhost3:port3".
• SSL Certificate - This option controls which SSL certificate will be used for SSL sessions. For more information on how to edit the SSL certificates, please view the SSL Settings.

• Allow Users to Enable Password Changing - If this is enabled and a user has this option enabled, any logged in session for that user can send the 'SITE CPWD (newpassword)' command to change the user's password. If this option is disabled, all users and groups will not allow the password to be changed.
• Block Time-Out Prevention Activities - Most FTP clients attempt to prevent an FTP connection from closing when the connection enters an idle state. Enabling this option will prevent these activities and ensure only users who are truly using the server maintain an open connection.
• Place Deleted Files into the Recycle Bin - This option will cause any deleted files to be placed into the recycle bin. This allows you to ensure deleted files are protected and can be retrieved after deletion (provided the recycle bin has the available space).
• Allow Site to Site File Transfers (FXP) - If this is enabled, the server will allow logged in users to perform site to site transfers. Site to site transfers is a name given to the action where an FTP client can connect two FTP servers together and transfer files directly between them. However, this has potential security implications so it is recommended not to enable this feature. Ability FTP Server does have additional security built in to reduce the danger that site to site transfers introduce, but there is still no guarantee that this is will make site to site transfers completely safe.
• PASV Port Range - This option allows you to limit the range of ports used for data connections by the server. This is mainly useful for avoiding port conflicts and reducing port ranges to be configured for firewalls and routers.
• PASV IP - By default, PASV mode data connections will use the computer's IP. However, if the computer is behind a router, then that IP will usually be an internal network IP and not a valid Internet IP. By setting this option, the FTP server will ensure that the router's IP is issued to the FTP client and therefore allow PASV mode transfers. If your server is behind a router then you should enter the router's IP in this field.

• Max Upload Speed Per User (KB/s) - This option allows you to restrict the bandwidth allowance for the uploading of files per user. This value is shared amongst all the sessions of a particular user, so if the limit was set to 10 KB/s, the result would be that two simultaneous uploads for that user would be limited to 5 KB/s each.
• Max Download Speed Per User (KB/s) - This option allows you to restrict the bandwidth allowance for the downloading of files per user. This value is shared amongst all the sessions of a particular user, so if the limit was set to 10 KB/s, the result would be that two simultaneous downloads for that user would be limited to 5 KB/s each.
• Ban File Types - This option allows a restriction to be placed on which file types are allowed to be uploaded onto the server. This is useful for preventing dangerous file types, such as exe's, which could potentially contain viruses.
• Limit Executable File Types - This option allows a restriction to be placed on which file types are allowed to be executed on the server by users which have the file execute access right. If this option is disabled, then all file types will be permitted. If a file type is executed which is 'non-executable' (i.e. a text file, document, image...etc.), then the file is opened using the default application designated to open that file.
• Allow Parameters in 'Execute' Commands - If this is enabled and a user has file execution access rights (the ability send a 'SITE EXEC' command), parameters will be permitted and passed onto the executable file. It is recommended that this option is not enabled as execution parameters cannot be checked for security, which could inadvertently cause a security hole in your FTP server. Also, users with file execution access rights should have a strong password which is known only by trusted users.
• Enable Anti-Hammering - Enabling this option will cause a user to be blocked if they fail to login after five attempts. Blocking is based on the user's IP and they will remain blocked for ten minutes. This technique helps prevent rogue password cracking software from guessing your user passwords. Additionally, Ability FTP Server always pauses for five seconds when a password is incorrect, which also helps protect passwords.

IP Control

• Enable IP Control - If enabled, the entries within the list box will be enforced.
• IP Control - This is the list of allowed/denied IP's, in order of execution from top to bottom. If a entry matches the client IP, then the provided 'Allow' or 'Deny' option will be enforced.

IP Control Entry

• Allow - If selected, and the provided IP or range matches the connection's IP, then the connection will be allowed access.
• Deny - If selected, and the provided IP or range matches the connection's IP, then the connection will be denied access and disconnected.
• IP Address - Will evaluate true if the connection's IP exactly matches this IP address.
• IP Address and Subnet Mask - Will evaluate true if the connection's IP matches this IP address. Both IP's will be filtered by the provided subnet mask before comparison.
• IP Address Range - Will evaluate true if the connection's IP falls between the provided IP addresses.
• IP of Host or Domain - Will evaluate true if the connection's IP matches one of the IP's of the provided host/domain.
• Reverse IP Lookup Matches - Will evaluate true if the connection's reverse IP lookup matches the provided host/domain. This match permits the use of *'s (eg. *.code-crafters.com).
• Any Locally Assigned IP - Will evaluate true if the connection is local (i.e. the client and server processes are running on the same computer).