ActiveTransfer Server 10.15 | webMethods ActiveTransfer Documentation | Administering ActiveTransfer Server | Managing ActiveTransfer Settings | Configuring Listener Preferences
 
Configuring Listener Preferences
You can configure global settings for all listeners. These settings are applicable for all listeners associated with both, ActiveTransfer Server and Gateway instances.
1. In ActiveTransfer, go to Settings > Listener preferences.
2. On the Listener preferences page, from the Instance list, select ActiveTransfer Server or an ActiveTransfer Gateway instance.
3. You can specify the following settings:
Field
Description
Throttling
Maximum simultaneous user connections
Type the maximum number of client connections allowed for the server at any given time.
Maximum outgoing speed (Kb/sec)
Type the maximum allowable speed in kilobytes per second for outbound transfers across all listeners.
Maximum incoming speed (Kb/sec)
Type the maximum allowable speed in kilobytes per second for inbound transfers across all listeners.
IP patterns immune to speed
Click to add one or more IP patterns representing a range of IP addresses. For example, 168.21.* indicates that all addresses that begin with 168.21 are immune to speed settings.
Active time window
Select the days of a week you want the server to be available to the user.
File name filters
Patterns
Click to add one or more patterns to restrict particular operation for certain files, and specify the following details:
*Command. Select a operation to restrict (List, Upload, Download or Rename) from the list.
*Filter type. Select a filter type (Starts with, Ends with, or Contains) from the list.
*File name. Type a portion of the file name that the Filter type criterion should evaluate (for example, “exe”).
Note:
Wildcard characters and regular expressions are not supported. That is, you cannot use characters such as * or % to represent any sequence of characters.ActiveTransfer Server treats those characters as part of the file name.
Block paths matching these patterns
Click to restrict access to specific folders and subfolders in the file system, and specify the following:
*Pattern: Type the file system path you want to block. Regular expressions or wildcards characters are permitted.
Tip:
Precede a pattern with a tilde character (~) to apply the pattern for all occurrences. For example, to deny user access to the folder /system/bin type: ~/system/bin/*
Hammering
Ban IP address after unsuccessful attempts
Ban a user’s IP address after a certain number of connection, password, or command execution attempts. Select the values for Connection, Password, and Command rows to configure the following settings:
*Maximum attempts: Type the maximum number of allowed attempts.
*Max attempts within (sec): Type the duration in seconds.
*Ban duration (min): Type the duration in minutes to ban the IP address.
Ban the IP addresses of users after the first incorrect password
Ban the IP address associated with a specific user after the user’s first incorrect password attempt. Click and type the user name for whom you want to ban the IP address. Repeat this step for other users whose IP address you want to ban.
Ban specified IP addresses
Do one of the following after adding the IP addresses associated with users after the first incorrect password attempt:
*Select Permanently to ban the user’s IP address permanently.
*Select Ban duration (min) and type the duration in minutes to ban the user’s IP address.
Cache invalid usernames for (sec)
Type the number of seconds to hold the name of invalid users in the cache temporarily.
The temporary caching of invalid usernames is useful for blocking robots that make repeated attempts to discover valid user credentials. When a robot scans ActiveTransfer Server or ActiveTransfer Gateway during the user validation process, this option blocks subsequent login attempts made using an invalid username for the specified number of seconds. If the username is valid, the ActiveTransfer Server or ActiveTransfer Gateway ignores this setting.
Slow down hack attempt scans
Select this option to incrementally slow down responses to a client that appears to be a robot scanning for writable directories on your server by establishing an FTP connection.
This setting doubles the response time of the server for each subsequent response to the client, thereby rendering such robots less effective. Selecting this option does not result in any extra load on the CPU.
IP restrictions
Click to add one or more IP addresses for which ActiveTransfer Server can accept or deny connection requests and specify the following details:
*Select Allow or Deny from the list.
*Type the IP address range in the From and To boxes. For example, 160.30.*.
SSL
Activate
Select this option to activate SSL encryption.
Keystore alias
Browse the required certificate alias for keystore.
Require valid client certificate
Select this option to block all connections from the client when the client does not have a valid client certificate key password.
Note:
When this option is selected, ActiveTransfer Server expects the clients requesting a server connection to present a valid certificate. The certificate should match one of the certificates stored in the truststore. To store valid certificates, you must create a truststore file in the same location as the keystore file, with the name keystoreName_trust. For example, if the keystore file name is server_ks.jks, the truststore name should be server_ks.jks_trust. You should add all the valid client certificates to this truststore.
Require valid client certificate and password
Select this option to block all connections from the client when the client does not have a valid client certificate key and password.
Note:
When this option is selected, ActiveTransfer Server expects the clients requesting a server connection to present a valid certificate. The certificate should match one of the certificates stored in the truststore. To store valid certificates, you must create a truststore file in the same location as the keystore file, with the name keystoreName_trust. For example, if the keystore file name is server_ks.jks, the truststore name should be server_ks.jks_trust. You should add all the valid client certificates to this truststore.
Enable advanced upload/download option in Web client
Select this option to use the SSL keystore settings for file upload and download operations using acceleration.
Prefer server cipher list order
Select this option to provide preference to the order of server cipher list.
Manage ciphers
Click and select the required ciphers from the list.
To list the ciphers in a particular order:
Note:
Select the Prefer cipher list order on server option to force the order of the ciphers as listed on the server.
a. Click .
b. In the Order ciphers dialog box, select a cipher and do one of the following:
*Click to move the cipher up.
*Click to move the cipher down.
c. Click Ok.
Note:
If you reorder the ciphers for an SSL listener, then restart that respective SSL listener or all the SSL listeners for the change to take effect across all the SSL listeners.
File-based encryption
Activate
Select this option to activate the file-based encryption.
Public PGP key alias
Type or browse the certificate alias for the public PGP key.
File-based decryption
Activate
Select this option to activate the file-based decryption.
Private PGP key alias
Type or browse the certificate alias for the private PGP key.
Protocol options
Welcome message
Type a welcome message for display in the client console (example, ActiveTransfer web client, FileZilla client, and so on) when a user logs in.
Download in binary
Select this option to download files only in binary mode. This prevents ActiveTransfer from altering the line endings of the ASCII text files even if the FTP client requests it.
Upload in binary
Select this option to upload files only in binary mode.
Allow extended passive and port commands
Select this option to allow extended passive and port commands such as, Extended Passive Mode (EPSV) and Extended Data Port (EPRT). This ensures compatibility between the client and server.
Note:
Before you enable this option, ensure that your client supports these commands.
Disable MTDM notifications
Select this option to prevent the user from modifying the timestamp of when a file was uploaded.
Delete partial uploads
Select this option to delete any incomplete file uploads.
ZIP compression level
You can set the ZIP compression level according to your needs for file size and data transfer speed. Select one of the following options:
*None: No compression. Results in the largest file size of the three options, with the longest transfer time.
*Fast: Fastest compression. Performs little compression, but compression time is the fastest of the three options.
*Best: Maximum compression. Provides the smallest file size possible after compression, with the shortest transfer time, but requires more time to perform the compression compared to the other two options.
Directory listing
Select the Use ls -la for destination directory listing (Mac OS X, UNIX, Linux) option to configure ActiveTransfer to use the directory listing command ls -la to list the owner, group, and permission details of the destination directory when the operating system is Mac OS X, UNIX, or Linux.
Note:
If you reorder the ciphers for an SSL port, then restart that respective SSL port or all the SSL ports for the change to take effect across all the SSL ports.
4. Click Save to update the server instance with the global settings