Windows Server 2008 : Installing and Configuring FTP Services (part 2) - Configuring the FTP 7.5 Features and Properties

2/25/2011 11:41:27 AM

Configuring the FTP 7.5 Features and Properties

The FTP Site Creation Wizard configures the basic settings for an FTP server; however, there is still a need to configure more advanced settings or refine the original ones. Similar to managing websites, you no longer manage property pages by right-clicking the site. The new FTP feature icons have replaced the old style property FTP pages. The FTP feature icons are installed during the installation process and are located in the Central Details pane, as shown in Figure 4. The new FTP features for configuring basic and advanced FTP properties consist of the following:

Figure 4. The FTP feature icons.

FTP Authentication Feature Page

The FTP Authentication feature page is utilized to configure authentication methods for FTP clients. By default, an FTP site does not have authentication configured and all mechanisms are disabled out of the box. An administrator must grant the desired authentication to the FTP site. The authentication mechanisms for FTP consist of the following items:

  • Anonymous Authentication— This built-in authentication mechanism should be selected when you want to provide public access to an FTP site without having end users pass credentials.

  • Basic Authentication— It is another built-in authentication mechanism for FTP sites. Basic authentication requires the FTP clients to enter a valid Windows user account and password when gaining access to the FTP site. Basic Authentication sends password credentials in clear text, which is a security hazard. As such, implement SSL when using this mechanism to encrypt passwords in transit.

  • ASP.NET Authentication— The FTP site will provide authorization to FTP clients by having them enter a valid ASP.NET user account and password. This is a custom authentication mechanism that requires a provider and connection string to an ASP.NET user database.

  • IIS Manager Authentication— This is another custom authentication mechanism similar to ASP.NET. An FTP client must provide a legitimate IIS Manager username and password to gain access to FTP content. Similar to Basic Authentication, the credentials are not encrypted, so it is recommended for this authentication to be used in conjunction with SSL.


Don’t forget that to utilize these authentication mechanisms, the appropriate authentication role services must be installed prior to configuration.

FTP Authorization Rules Feature Page

This page should be used to manage Allow and Deny authorization rules that control access to FTP sites. The Actions pane options Add Allow Rule and Add Deny Rule should be selected to invoke the Allow or Deny Authorization Rule page. After the page is invoked, rules can be applied to All Users, All Anonymous Users, Specified Roles or User Groups, and Specified Users. In addition, the rules are based on Read or Write permissions.

FTP Current Sessions Feature Page

This page should be used to monitor current sessions for an FTP site. The following elements are displayed: User Name, Session Start Time, Current Command, Previous Command, Command Start Time, Bytes Sent, Bytes Received, Session ID, and Client IP.

FTP Directory Browsing Feature Page

The FTP Directory Browsing page illustrated in Figure 5 is broken out into two sections. The first section is called Directory Listing Style. The format presentation options include MS-DOS and UNIX. The second section, Directory Listing Options, controls how directory information is displayed. The display options include the following:

  • Virtual Directories— This option allows you to specify whether to include virtual directories.

  • Available Bytes— This setting controls the display behavior of the available bytes remaining when a disk quota is enabled.

  • Four-Digit Years— When enabled, this setting displays the last modified date for a file based on the four-year date, such as 1974, and not a two-year date format, such as 74.

Figure 5. The FTP Directory Browsing feature page.

FTP Firewall Support Feature Page

A new FTP feature associated with IIS 7.5 is the FTP Firewall Support. This feature allows the server to accept passive connections when the FTP client is behind a firewall. An administrator must enter the Data Channel Port Range and External IP Address of the Firewall settings and then click Apply in the Actions pane.

FTP IPv4 and Domain Restrictions Feature Page

The exact same settings are associated with the FTP IPv4 and Domain Restrictions as for a website in IIS 7.5. The FTP IPv4 and Domain Restrictions feature page should be used to create and manage rules that allow computer networks and IP addresses the opportunity to either gain access or be denied to specific web content. You can either allow or deny access. It is also possible to enter a single IP address, a range of IP addresses, or a domain name. Finally, rules can be added to a page, site, or inherited from the parent.

FTP Logging Feature Page

The FTP Logging feature page includes the exact same logging settings as for a website. This page controls the type of log file to use, the location to be stored, and the log file rollover settings.

FTP Messages Feature Page

The FTP Messages feature page illustrated in Figure 6 is a great way to create a banner, or welcome and exit message that will be displayed to FTP users. The message behavior is controlled by the following elements:

  • Suppress Default Banner— If enabled, this option displays a default welcome banner. Otherwise, a customizable banner is displayed.

  • Support User Variables in Messages— By enabling this setting, user variables such as BytesReceived, BytesSent, SessionID, SiteName, and UserName are included in the message banner.

  • Show Detailed Messages for Local Requests— This setting controls the behavior for displaying FTP error messages. If enabled, FTP error messages are displayed to the local host.

Figure 6. The FTP Messages feature page.

The next section on the FTP Messages feature page is called Message Text. The administrator enters message text in the various text boxes. The message boxes include Banner, Welcome, Exit, and Maximum Connections.

FTP Request Filtering

The FTP Request Filtering feature page should be used to define the list of Allow or Deny rules based on the specific elements:

  • File Name Extensions— This tab allows for the creation of filename extensions for which the FTP service will either allow or deny access to the site. For example, an administrator can prevent Internet clients from uploading any files with the extension of *.txt or *.com.

  • Hidden Segments— The Hidden Segments tab should be used if you want to hide specific areas of your FTP site. If hidden, the specific section will not be displayed in the directory listings.

  • Defined URL Sequences— This setting should be used to define the list of URL sequences for which the FTP service will deny access.

  • Commands— The final tab Commands defines the list of commands for which the FTP service will either allow or deny access to further tighten security.

FTP SSL Settings Feature Page

This page should be utilized for enabling and configuring SSL settings for an FTP site. The options include a drop-down menu for selecting the SSL certificate you will use and SSL policy. The SSL Policy options include Allow SSL Connections, Require SSL Connections, and Advanced Custom Settings. You will also have the chance to choose whether to use 128-bit encryption for SSL connections.

FTP User Isolation Feature Page

Similar to IIS 6.0, IIS 7.5 can still isolate FTP users so FTP content is protected. This is an especially useful feature for Internet service providers (ISPs) and application service providers (ASPs) servicing a large number of users. FTP users can have their own separate directory to upload and download files to the web or FTP server. Users who connect see only their directory as the top-level directory and can’t browse other FTP directories. Permissions can be set on the FTP home directory to allow create, modify, or delete operations.

It is worth noting that FTP user isolation is based on an FTP site rather than at the server level and is either enabled or disabled. However, sites that need to enable FTP user isolation aren’t forced to strictly use this feature. You can enable anonymous access in conjunction with FTP user isolation by creating a virtual directory within the FTP site and allowing read-only access. The only limitation to mixing the FTP user isolation and anonymous access is that information can be downloaded only from the public or read-only virtual directory.

The configuration settings on the FTP User Isolation page, as shown in Figure 7, consist of the following options for where to start the user when they connect. The options include the FTP Root Directory or User Name Directory. In addition, it is possible to isolate users by restricting them to following directories. The Isolate Users options consist of the following:

  • User Name Directory (Disable Global Virtual Directories)

  • User Name Physical Directory (Enable Global Virtual Directories)

  • FTP Home Directory Configured in Active Directory

Figure 7. The FTP User Isolation feature page.

  •  Windows 7 : Creating Backups and Preparing for Problems (part 2) - Scheduling and Managing Automated Backups
  •  Windows 7 : Creating Backups and Preparing for Problems (part 1) - Configuring System Protection
  •  Windows 7 : Detecting and Resolving Computer Problems (part 3) - Resolving Problems with System Services
  •  Windows 7 : Detecting and Resolving Computer Problems (part 2) - Tracking Errors in the Event Logs
  •  Windows 7 : Detecting and Resolving Computer Problems (part 1) - Solving the Tough Problems Automatically
  •  Windows 7 : Scheduling Maintenance Tasks
  •  Windows Server 2008: DHCP/WINS/Domain Controllers - Exploring Global Catalog Domain Controller Placement
  •  Windows Server 2008: DHCP/WINS/Domain Controllers - Planning, Migrating, and Maintaining WINS
  •  Windows Server 2008 : DHCP/WINS/Domain Controllers - Installing and Configuring WINS
  •  Windows Server 2008 : DHCP/WINS/Domain Controllers - Reviewing the Windows Internet Naming Service (WINS)
    Video tutorials
    - How To Install Windows 8

    - How To Install Windows Server 2012

    - How To Install Windows Server 2012 On VirtualBox

    - How To Disable Windows 8 Metro UI

    - How To Install Windows Store Apps From Windows 8 Classic Desktop

    - How To Disable Windows Update in Windows 8

    - How To Disable Windows 8 Metro UI

    - How To Add Widgets To Windows 8 Lock Screen

    - How to create your first Swimlane Diagram or Cross-Functional Flowchart Diagram by using Microsoft Visio 2010
    programming4us programming4us