Host Access Control not working for FTP
I am the only user who accesses the server either by FTP or SSH.
My goal is to limit FTP access to the 2 IP's I ever use to access the server.
I successfully limited SSH access using
Main => Security Center => Host Access Control.
But, for some reason it won't work for FTP?
I removed my SSH rules and started from scratch.
This is what I have tried:
Daemon - ftp
Access List - ALL
Action - deny
After restarting ftpd, I can still FTP in on any IP.
Any ideas?
Re: Host Access Control not working for FTP
Assuming you're using Pure-FTPD as it is the default on cPanel Powered Servers, this thread should be helpful:
Blocking Ip's, htaccess works, Host Access Control Dont-- WTF?
Re: Host Access Control not working for FTP
Thanks for the link and yes I am using Pure-FTPD.
The above seems to be the solution, but I'm not sure I want to re-install the rpm.What you describe indicates a problem with the OpenSSH rpm from your Operating System vendor. You can attempt to re-install this rpm to resolve the issue, or open a support request at https://tickets.cpanel.net/submit/
I have tried various methods to deny access in /etc/proftp.conf, without success:
This method used to work in the past...
There must be an easier way...Code:<Limit LOGIN> Order deny,allow Deny from 10.1.1. Allow from all </Limit>
Re: Host Access Control not working for FTP
That thread is years old. Are you sure you'd have to?The above seems to be the solution, but I'm not sure I want to re-install the rpm.
WHM > Service Configuration > FTP Server Selection
Re: Host Access Control not working for FTP
Tried switching FTP server to it with ProFTPd, which as the post says, supports TCP Wrapper.
Host Access Control has still has no effect on FTP connections.
This really doesn't feel very secure...
Re: Host Access Control not working for FTP
Please submit a ticket so that we can log into the server directly and find why this is not working as expected.
For hands-on assistance, please reference our new support information page: Where should I go for support?
cPResources: Support Options - Submit a ticket here - Additional Support Options - Forums Search - Mailing Lists(Alt) - Documentation - Find cPanel hosting
-- Jared Ryan, Technical Analyst, cPanel Technical Support
Re: Host Access Control not working for FTP
Here's some feedback after I submitted the ticket and those excellent CPanel guys got things working:
The following needs to be added at the top of etc/proftpd.conf, after the ServerName section:
AND for each Virtual Host.Code:TCPAccessFiles /etc/hosts.allow /etc/hosts.deny TCPServiceName ftp # TCPAccessSyslogLevels debug warn
That's it. Now Host Access Control works as it should.
Re: Host Access Control not working for FTP
Example VirtualHost for additional IPsOriginally Posted by monkey64
Note: Proftpd should add the VirtualHost container for the additional IPs. The two additional directives for access control just need to be added inside of the VirtualHostCode:<VirtualHost 192.168.0.22> ServerName ftp.example.tld AuthUserFile /etc/proftpd/example MaxClients 3 "Sorry, this ftp server has reached its maximum user count (%m). Please try again later" DirFakeGroup On ftpgroup DirFakeUser On ftpuser DefaultRoot ~ TCPAccessFiles /etc/hosts.allow /etc/hosts.deny TCPServiceName ftp [truncated]
cPResources:
- Support Options - Extra Support Options - Documentation - Developer Resources - Migration Services - Latest cPanel Builds - cPanel.net Site Search - Documentation Search - Forums Search - Forums Advanced Search
-- cPanelKeithS - Keith Stewart, Migration Specialist, Technical Analyst, cPanel Technical Support
LinkBack URL
About LinkBacks
Reply With Quote