Field | Description |
Throttling | |
Maximum simultaneous user connections | Type the maximum number of client connections allowed for the server at any given time. |
Maximum outgoing speed (Kb/sec) | Type the maximum allowable speed in kilobytes per second for outbound transfers across all listeners. |
Maximum incoming speed (Kb/sec) | Type the maximum allowable speed in kilobytes per second for inbound transfers across all listeners. |
IP patterns immune to speed | Click to add one or more IP patterns representing a range of IP addresses. |
Active time window | Select the required days of a week you want the server to be available to the user. |
File name filters | |
Patterns | Click to add one or more patterns to restrict particular operation for certain files, and specify the following details: Command: Select a operation to restrict ( List, Upload, Download or Rename) from the list. Filter type: Select a filter type (Starts with, Ends with, or Contains) from the list. File name: Type a portion of the file name that the Filter type criterion should evaluate (for example, “exe”). Note: Any characters except wildcard characters or regular expressions are permitted. ActiveTransfer Server treats those characters as part of the file name. |
Block paths matching these patterns | Click to restrict access to specific folders and subfolders in the file system, and specify the following: Pattern: Type the file system path you want to block. Regular expressions or wildcards characters are permitted. Tip: You can use simple pattern matching by preceding the pattern with the tilde (~) character. For example, to deny user access to the folder /system/bin, you would type: ~/system/bin/* |
Hammering | |
Ban IP address after unsuccessful attempts | Select the values for Connection, Password, and Command rows to configure the following settings: Maximum attempts: Type the maximum number of allowed attempts. Max attempts within (sec): Type the time period in seconds. Ban duration (min): Type the number of minutes to ban the IP address. You can ban a user’s IP address after a certain number of connection, password, or command execution attempts. |
Ban the IP addresses of users after the first incorrect password | Click and type the user name for whom you want to ban the IP address. Repeat this step for other users whose IP address you want to ban. You can ban the IP address associated with a specific user after the user’s first incorrect password attempt. |
Ban specified IP addresses | Do one of the following: Select Permanently to ban the user’s IP address permanently. Select For x minutes, and type the number of minutes that the user’s IP address should be banned. |
Cache invalid user names for (sec) | Type the number of seconds to hold the name of invalid users in the cache temporarily. The temporary caching of invalid user names is useful for blocking robots that make repeated attempts to discover valid user credentials. As a robot scans ActiveTransfer Server or ActiveTransfer Gateway during the user validation process, this option blocks subsequent login attempts made using an invalid user name for the specified number of seconds. If the user name is valid, the ActiveTransfer Server or ActiveTransfer Gateway ignores this setting. |
Slow down hack attempt scans | Select this option to incrementally slow down responses to a client that appears to be a robot scanning for writable directories on your server by way of an FTP connection. This setting doubles the server’s response time for each subsequent response to the client, thereby rendering such robots less effective. Selecting this option does not result in any extra load on the CPU. |
IP restrictions | Click to add one or more IP addresses for which ActiveTransfer Server can accept or deny connection requests and specify the following details: Select Allow or Deny from the list. Type the IP address range in the From and To boxes. For example, 192.28.90.66. |
SSL | |
Activate | Select this option to activate SSL encryption. |
Keystore alias | Browse the required certificate alias for keystore. |
Require valid client certificate | Select this option to block all connections from the client when the client does not have a valid client certificate key password. Note: When this option is selected, ActiveTransfer Server expects the clients requesting a server connection to present a valid certificate. The certificate should match one of the certificates stored in the truststore. To store valid certificates, you must create a truststore file in the same location as the keystore file, with the name keystoreName_trust. For example, if the keystore file name is server_ks.jks, the truststore name should be server_ks.jks_trust. You should add all the valid client certificates to this truststore. |
Enable advanced upload/download option in Web client | Select this option to use the SSL keystore settings for file upload and download operations using acceleration. |
Manage ciphers | Click and select the required ciphers from the list. To list the ciphers in a particular order: Note: Select the Prefer cipher list order on server option to force the order of the ciphers as listed on the server. a. Click . b. In the Order ciphers dialog box, select a cipher and do one of the following: Click to move the cipher up. Click to move the cipher down. c. Click Ok. Note: If you reorder the ciphers for an SSL listener, then restart that respective SSL listener or all the SSL listeners for the change to take effect across all the SSL listeners. |
File-based encryption | |
Activate | Select this option to activate file-based encryption. |
Public PGP key alias | Type or browse the certificate alias for the public PGP key. |
File-based decryption | |
Activate | Select this option to activate file-based decryption. |
Private PGP key alias | Type or browse the certificate alias for the private PGP key. |
Protocol options | |
Welcome message | Type a welcome message for display in the client console (FileZilla client and others) when a user logs in. |
Download in binary | Select this option to download files only in binary mode. This prevents ActiveTransfer from altering the line endings of the ASCII text files even if the FTP client requests it. |
Upload in binary | Select this option to upload files only in binary mode. |
Allow extended passive and port commands | Select this option to allow extended passive and port commands such as, Extended Passive Mode (EPSV) and Extended Data Port (EPRT). This ensures compatibility between the client and server. Note: Before you enable this option, ensure that your client supports these commands. |
Disable MTDM notifications | Select this option to prevent users from changing modified times on uploaded files. |
Delete partial uploads | Select this option to delete any incomplete uploads. |
ZIP compression level | You can set the ZIP compression level according to your needs for file size and data transfer speed. Select one of the following options: None: No compression. Results in the largest file size of the three options, with the longest transfer time. Fast: Fastest compression. Performs little compression, but compression time is the fastest of the three options. Best: Maximum compression. Provides the smallest file size possible after compression, with the shortest transfer time, but requires more time to perform the compression than the other two options. |
Directory listing | Select the Use ls -la for destination directory listing (Mac OS X, UNIX, Linux) option to configure ActiveTransfer to use the directory listing command ls -la to list the owner, group, and permission details of the destination directory when the operating system is Mac OS X, UNIX, or Linux. |