FTP Request Filtering
Applies To: Windows Server 2012 R2, Windows Server 2012
Use the FTP Request Filtering feature page to define the request filtering settings for your FTP site. FTP request filtering is a security feature that allows internet service providers (ISPs) and application service providers to restrict protocol and content behavior. For example, using the File Name Extensions tab you can specify a list of file name extensions that are allowed or denied.
Related scenarios
In this document
UI Element List
The following tables describe the UI elements that are available on the feature page and in the Actions pane.
Feature Page Elements
Element Name |
Description |
---|---|
File Name Extensions |
Specifies a list of file name extensions for which the FTP service allows or denies access. |
Hidden Segments |
Specifies a list of hidden segments for which the FTP service denies access and does not display in directory listings. |
Denied URL Sequences |
Specifies a list of URL sequences for which the FTP service denies access. |
Commands |
Specifies a list of FTP commands for which the FTP service allows or denies access. |
Actions Pane Elements
Element Name |
Description |
||
---|---|---|---|
Edit Feature Settings |
Opens the Edit FTP Request Filtering Settings dialog box for you to configure general properties and FTP request limits. |
||
Allow File Name Extension |
Opens the Allow File Name Extension dialog box for you to add a file name extension to the list of allowed file name extensions. |
||
Deny File Name Extension |
Opens the Deny File Name Extension dialog box for you to add a file name extension to the list of denied file name extensions. |
||
Add Hidden Segment |
Opens the Add Hidden Segment dialog box for you to add a hidden segment to the list of hidden segments. |
||
Add URL Sequence |
Opens the Add Deny URL Sequence dialog box for you to add a URL sequence to the list of denied URL sequences. |
||
Allow Command |
Opens the Allow Command dialog box for you to add an FTP command to the list of allowed FTP commands. |
||
Deny Command |
Opens the Deny Command dialog box for you to add an FTP command to the list of denied FTP commands.
|
||
Remove |
Removes a file name extension, hidden segment, URL sequence, or command from the list. |
File Name Extensions
Use FTP File Name Extensions to define the list of file name extensions for which the FTP service will either allow or deny access. Configuring specific file name extensions allows web server administrators to customize which file name extensions that the FTP service allows or denies, which you can use to tighten security on your server. For example, if you deny access to *.exe and *.com files, you can prevent internet clients from uploading executable files to your web server.
Note
The Edit FTP Request Filtering Settings dialog box allows you to specify whether unlisted file name extensions are allowed. You can fine-tune the file access restrictions for your server by specifying that unlisted file name extensions are not allowed, and using the FTP File Name Extensions feature to manually specify the list of file name extensions that are allowed on your server.
Feature Page Elements
Element Name |
Description |
---|---|
File Name Extension |
Displays the file name extension for which the FTP service either allows or denies access. |
Allowed |
Displays the status of the file name extension, which will be either True if the file name extension is allowed, or False if the file name extension is denied. |
Actions Pane Elements
Element Name |
Description |
---|---|
Allow File Name Extension |
Opens the Allow File Name Extension dialog box for you to add a file name extension to the list of allowed file name extensions. |
Deny File Name Extension |
Opens the Deny File Name Extension dialog box for you to add a file name extension to the list of denied file name extensions. |
Remove |
Removes a file name extension, hidden segment, URL sequence, or command from the list. |
Edit Feature Settings |
Opens the Edit FTP Request Filtering Settings dialog box for you to configure general properties and FTP request limits. |
Allow or Deny File Name Extension Dialog Box
Use the Allow File Name Extension or Deny File Name Extension dialog box to add a file name extension to the list of file name extensions for which the FTP service will either allow or deny access.
Element Name |
Description |
---|---|
File name extension |
Specifies the file name extension for which the FTP service either allows or denies access. |
Hidden Segments
Use FTP Hidden Segments to define the list of URL segments for which the FTP service will deny access and will not display in directory listings. For example, to prevent access to the Bin directory of your web application, you could add the Bin directory as a hidden segment for your FTP site. When an FTP client logs in to your FTP site, the Bin folder is not displayed in directory listings. If the FTP client attempts to change to the Bin folder, the FTP service returns an access denied error message to the FTP client.
Feature Page Elements
Element Name |
Description |
---|---|
Segment |
Displays the URL segment for which the FTP service denies access and does not display in directory listings. |
Actions Pane Elements
Element Name |
Description |
---|---|
Add Hidden Segment |
Opens the Add Hidden Segment dialog box for you to add a hidden segment to the list of hidden segments. |
Remove |
Removes a hidden segment from the list. |
Edit Feature Settings |
Opens the Edit FTP Request Filtering Settings dialog box for you to configure general properties and FTP request limits. |
Add Hidden Segment Dialog Box
Use the Add Hidden Segment dialog box to add a URL segment to the list of URL segments for which the FTP service will deny access.
Element Name |
Description |
||
---|---|---|---|
Hidden segment |
Specifies the URL segment for which the FTP service denies access.
|
Denied URL Sequences
Use FTP Denied URL Sequences to define the list of URL sequences for which the FTP service will deny access. For example, to prevent access to the Bin directory of your web application, you could add the Bin directory as a denied URL sequences for your FTP site. When an FTP client logs in to your FTP site, the Bin folder is displayed in directory listings; however, if the FTP client attempts to change to the Bin folder, the FTP service returns an access denied error message to the FTP client.
Feature Page Elements
Element Name |
Description |
---|---|
URL Sequence |
Displays the FTP URL sequence for which the FTP service denies access. |
Actions Pane Elements
Element Name |
Description |
---|---|
Add URL Sequence |
Opens the Add Deny Sequence dialog box for you to add a URL sequence to the list of denied URL sequences. |
Remove |
Removes a file name extension, hidden segment, URL sequence, or command from the list. |
Edit Feature Settings |
Opens the Edit FTP Request Filtering Settings dialog box for you to configure general properties and FTP request limits. |
Add Deny Sequence Dialog Box
Use the FTP Add Deny Sequence dialog box to add a URL sequence to the list of URL sequences for which the FTP service will deny access.
Element Name |
Description |
---|---|
URL sequence |
Specifies the URL sequence for which the FTP service denies access. |
Edit FTP Request Filtering Settings Dialog Box
Use the Edit FTP Request Filtering Settings dialog box to specify general FTP request filtering settings, request limits, and command filtering options.
Element Name |
Description |
||
---|---|---|---|
Allow unlisted file name extensions |
Select this option to allow unlisted file name extensions. |
||
Allow high-bit characters |
Select this option to allow high-bit characters in FTP operations. |
||
Maximum content length (Bytes) |
Specifies the maximum length, in bytes, for FTP content.
|
||
Maximum URL length (Bytes) |
Specifies the maximum length, in bytes, for an FTP URL. |
||
Maximum command length (Bytes) |
Specifies the maximum length, in bytes, for an FTP command. |
||
Allow unlisted commands |
Select this option to allow FTP commands that are not in the FTP Commands list. |
FTP Commands
Use FTP Commands to define the list of commands for which the FTP service will either allow or deny access. Configuring specific commands allows Web server administrators to customize the list of FTP commands that the FTP service allows, which you can use to tighten security on your server. For example, if you deny access to the FTP SYST command, you can prevent internet clients from determining your server's operating system.
Note
The Edit FTP Request Filtering Settings dialog box allows you to specify whether unlisted commands are allowed, which you can use to manually specify which commands are allowed.
Warning
Using the FTP Commands feature incorrectly can prevent access to your FTP server. For example, if you deny access to the USER or PASS commands, users are not able to log in to your FTP server. In addition, even though you could specify that unlisted commands are not allowed in the Edit FTP Request Filtering Settings dialog box and use the Commands list to specify only the FTP commands that are allowed, this configuration is not recommended due to the complexity involved in specifying the correct list of FTP commands that are required for normal FTP operation.
Feature Page Elements
Element Name |
Description |
---|---|
Command |
Displays the FTP command for which the FTP service either allows or denies access. |
Allowed |
Displays the status of the FTP command, which will be either True if the FTP command is allowed, or False if the FTP command is denied. |
Actions Pane Elements
Element Name |
Description |
||
---|---|---|---|
Allow Command |
Opens the Allow Command dialog box for you to add an FTP command to the list of allowed FTP commands. |
||
Deny Command |
Opens the Deny Command dialog box for you to add an FTP command to the list of denied FTP commands.
|
||
Remove |
Removes an FTP command from the list. |
||
Edit Feature Settings |
Opens the Edit FTP Request Filtering Settings dialog box for you to configure general properties and FTP request limits. |
Allow or Deny Command Dialog Box
Use the Allow Command or Deny Command dialog box to add an FTP command to the list of commands for which the FTP service will either allow or deny access.
Warning
Using this feature incorrectly can prevent access to your server. For example, if you deny access to the USER and PASS commands, users are not able to log in to your FTP server.
Element Name |
Description |
---|---|
Command |
Specifies the FTP command for which the FTP service either allows or denies access. |