The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Host Access Control not working for FTP

Discussion in 'General Discussion' started by monkey64, Aug 21, 2012.

  1. monkey64

    monkey64 Well-Known Member

    Joined:
    Nov 6, 2011
    Messages:
    86
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    I am the only user who accesses the server either by FTP or SSH.
    My goal is to limit FTP access to the 2 IP's I ever use to access the server.

    I successfully limited SSH access using
    Main => Security Center => Host Access Control.

    But, for some reason it won't work for FTP?

    I removed my SSH rules and started from scratch.
    This is what I have tried:

    Daemon - ftp
    Access List - ALL
    Action - deny

    After restarting ftpd, I can still FTP in on any IP.
    Any ideas?
     
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,451
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
  3. monkey64

    monkey64 Well-Known Member

    Joined:
    Nov 6, 2011
    Messages:
    86
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    Thanks for the link and yes I am using Pure-FTPD.

    The above seems to be the solution, but I'm not sure I want to re-install the rpm.

    I have tried various methods to deny access in /etc/proftp.conf, without success:
    This method used to work in the past...

    Code:
    <Limit LOGIN>
    Order deny,allow
    Deny from 10.1.1.
    Allow from all
    </Limit> 
    
    There must be an easier way...
     
  4. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,451
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    That thread is years old. Are you sure you'd have to?

    WHM > Service Configuration > FTP Server Selection
     
  5. monkey64

    monkey64 Well-Known Member

    Joined:
    Nov 6, 2011
    Messages:
    86
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    Tried switching FTP server to it with ProFTPd, which as the post says, supports TCP Wrapper.
    Host Access Control has still has no effect on FTP connections.

    This really doesn't feel very secure...
     
  6. cPanelJared

    cPanelJared Technical Analyst
    Staff Member

    Joined:
    Feb 25, 2010
    Messages:
    1,842
    Likes Received:
    18
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    Please submit a ticket so that we can log into the server directly and find why this is not working as expected.
     
  7. monkey64

    monkey64 Well-Known Member

    Joined:
    Nov 6, 2011
    Messages:
    86
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    Here's some feedback after I submitted the ticket and those excellent CPanel guys got things working:

    The following needs to be added at the top of etc/proftpd.conf, after the ServerName section:

    Code:
    TCPAccessFiles /etc/hosts.allow /etc/hosts.deny
    TCPServiceName ftp
    # TCPAccessSyslogLevels debug warn
    
    AND for each Virtual Host.

    That's it. Now Host Access Control works as it should.
     
  8. cPanelKeithS

    cPanelKeithS Active Member
    Staff Member

    Joined:
    Oct 14, 2008
    Messages:
    31
    Likes Received:
    1
    Trophy Points:
    8
    Example VirtualHost for additional IPs
    Code:
    <VirtualHost 192.168.0.22>
      ServerName ftp.example.tld
      AuthUserFile /etc/proftpd/example
      MaxClients 3 "Sorry, this ftp server has reached its maximum user count (%m).  Please try again later"
      DirFakeGroup On ftpgroup
      DirFakeUser On ftpuser
      DefaultRoot ~
    
     TCPAccessFiles /etc/hosts.allow /etc/hosts.deny
     TCPServiceName ftp
    [truncated]
    
    Note: Proftpd should add the VirtualHost container for the additional IPs. The two additional directives for access control just need to be added inside of the VirtualHost
     
    Infopro likes this.
Loading...

Share This Page