mina-ftpserver-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gary Bell <gary.b...@aero.bombardier.com>
Subject RE: how to disable plain ftp when server is configured with explicit ftp
Date Fri, 08 Feb 2019 09:22:14 GMT
This is how I do it - I have the server listening on both an internal and external interface
and check that download attempts on the external one are secure before allowing it. The internal
interface is plain FTP:

public FtpletResult onDownloadStart(FtpSession session, FtpRequest request) throws FtpException,
IOException {
		if (isExternalInterface(session) && ! isSecureConnection(session)) {
			//security issue, either the control or data port is unsecure
			LOG.error("About to start a download, but either the control or data connection is unsecure.
Download aborted.");
			writeMessage(session, FtpReply.REPLY_550_REQUESTED_ACTION_NOT_TAKEN, "Session is not secure.
Issue PROT P command first.");
return FtpletResult.SKIP;

private boolean isSecureConnection(FtpSession session) {
		return (session.isSecure() && session.getDataConnection().isSecure());

Best Regards,
Gary Bell

View raw message