Go Back   FlashFXP Forums > > > >

ioFTPD General New releases, comments, questions regarding the latest version of ioFTPD.

Reply
 
Thread Tools Rate Thread Display Modes
Old 09-20-2011, 12:08 PM   #1
Rusher
Member
FlashFXP Registered User
ioFTPD Foundation User
 
Join Date: Oct 2004
Posts: 57
Default Hosts.Rules

I like the way the Server refuses connections when i have POLICY DENY in Hosts.Rules

but now server denys everything that is not in the Hosts.Rules file, is there any way for server to compare IP from the user files in ../users/ ?

adding and deleting users will be sucky if i have to edit Hosts.Rules everytime
Rusher is offline   Reply With Quote
Old 09-21-2011, 02:48 AM   #2
Yil
Too much time...
FlashFXP Beta Tester
ioFTPD Administrator
 
Join Date: May 2005
Posts: 1,194
Default

You don't want to use the Hosts.Rules file... In fact the file will have a new look in v8 and updating can be done through the FTP, but you STILL don't want to use the new Hosts.Rules file!

What you probably want is to enable the 'Reject_Unknown_Ips' option which means the server will ONLY talk to hosts that match at least 1 user hostmask. You also probably want to enable the 'Secure_Ip_#' options to prevent admins from adding *@* as a hostmask which would effectively disable the feature!

I suggest skimming the whole ioFTPD.ini file, there's a ton of cool stuff in there
Yil is offline   Reply With Quote
Old 09-21-2011, 09:59 AM   #3
Rusher
Member
FlashFXP Registered User
ioFTPD Foundation User
 
Join Date: Oct 2004
Posts: 57
Default

Hi

sorry for not explaining my problem more ingoing.. but here goes

i have in my ioftpd the following line :

Reject_Unknown_Ips = True

and well server lets me "try" to login example as follows :

[16:49:25] [R] Connecting to SERVER -> DNS=xxxxxxx IP=xxxxxxx PORT=xxxx
[16:49:25] [R] Connected to SERVER
[16:49:25] Ident Request: xxxxxxxx - UserID: xxxxxxx
[16:49:25] [R] 220 FTP Server ready.
[16:49:25] [R] AUTH TLS
[16:49:25] [R] 234 AUTH TLS successful.
[16:49:25] [R] Connected. Negotiating TLSv1 session
[16:49:25] [R] TLSv1 negotiation successful...
[16:49:25] [R] TLSv1 encrypted session using cipher ECDHE-RSA-AES256-SHA (256 bits)
[16:49:25] [R] PBSZ 0
[16:49:25] [R] 200 PBSZ 0 successful.
[16:49:25] [R] USER rusher
[16:49:25] [R] 331 Password required for rusher.
[16:49:25] [R] PASS (hidden)
[16:49:25] [R] 530 Login failed: Your IP/hostname is not authorized.


and when setting POLICY DENY in HOSTS.RULES i get following example :

[16:52:45] [R] Connecting to SERVER -> DNS=xxxxxxx IP=xxxxxxx PORT=xxxx
[16:52:45] [R] Connected to SERVER
[16:52:45] [R] Connection failed (Connection closed by server)

this is the way i would like ioftpd to treat all connections that is not in the user files, WITHOUT having to edit hosts.rules

i hope this feature could be considered for future ioftpd versions if not possible with the current one
Rusher is offline   Reply With Quote
Old 09-21-2011, 05:11 PM   #4
Yil
Too much time...
FlashFXP Beta Tester
ioFTPD Administrator
 
Join Date: May 2005
Posts: 1,194
Default

I think you're misunderstanding what is going on...

Reject_Unknown_Ips = True

That enables the EXACT feature you are looking for. The fact that you can connect to the server and receive a response means your IP address matches at least one user hostmask.

However, the '530 Login failed: Your IP/hostname is not authorized.' messages means your current ident/host/ip doesn't match any hostmask for THAT USER. Use 'site uinfo rusher' to view your hostmasks and you'll see that nothing matches. It should be pointed out that you ONLY get that particular error message if you correctly entered a valid user/pass. If you had the password wrong you'd get a generic login failed error.

You can also look into logs/error.log to see more info. It should show your current ident IP/host used to test hostmasks against to verify things.
Yil is offline   Reply With Quote
Old 09-22-2011, 01:40 PM   #5
Rusher
Member
FlashFXP Registered User
ioFTPD Foundation User
 
Join Date: Oct 2004
Posts: 57
Default

thats wierd then because i am the only one with that hostmask..


i have 81.231.xxx.xxx

the closest any other added hostmask is 81.234.xxx.*

and it still lets me try to login.. well i will have to try this from the start backup current ../users/ and replace with default only and try
Rusher is offline   Reply With Quote
Reply

Tags
/users, adding, files, hosts.rules, server

Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 04:55 PM.

Parts of this site powered by vBulletin Mods & Addons from DragonByte Technologies Ltd. (Details)