ActiveTransfer Server 10.7 | webMethods ActiveTransfer Documentation | Administering ActiveTransfer Server | Welcome to webMethods ActiveTransfer (new user interface) | Managing ActiveTransfer Settings | Configuring Listener Preferences
 
Configuring Listener Preferences
You can configure global settings for all listeners. These settings are applicable for all listeners associated with both, ActiveTransfer Server and Gateway instances.
1. On the navigation pane, select Settings > Listener preferences.
2. On the Listener preferences page, from the Instance list, select ActiveTransfer Server or an ActiveTransfer Gateway instance.
3. You can specify the following settings:
Field
Description
Throttling
Maximum simultaneous user connections
Type the maximum number of client connections allowed for the server at any given time.
Maximum outgoing speed (Kb/sec)
Type the maximum allowable speed in kilobytes per second for outbound transfers across all listeners.
Maximum incoming speed (Kb/sec)
Type the maximum allowable speed in kilobytes per second for inbound transfers across all listeners.
IP patterns immune to speed
Click to add one or more IP patterns representing a range of IP addresses.
Active time window
Select the required days of a week you want the server to be available to the user.
File name filters
Patterns
Click to add one or more patterns to restrict particular operation for certain files, and specify the following details:
*Command: Select a operation to restrict ( List, Upload, Download or Rename) from the list.
*Filter type: Select a filter type (Starts with, Ends with, or Contains) from the list.
*File name: Type a portion of the file name that the Filter type criterion should evaluate (for example, “exe”).
Note:
Any characters except wildcard characters or regular expressions are permitted. ActiveTransfer Server treats those characters as part of the file name.
Block paths matching these patterns
Click to restrict access to specific folders and subfolders in the file system, and specify the following:
*Pattern: Type the file system path you want to block. Regular expressions or wildcards characters are permitted.
Tip:
You can use simple pattern matching by preceding the pattern with the tilde (~) character. For example, to deny user access to the folder /system/bin, you would type: ~/system/bin/*
Hammering
Number of unsuccessful login attempts by user to ban IP address
Click the corresponding icon in the Connection, Password, and Command rows to configure the following settings:
*Maximum of: Type the maximum number of allowed attempts.
*attempts in: Type the time period in seconds.
*then ban for: Type the number of minutes to ban the IP address.
You can ban a user’s IP address after a certain number of connection, password, or command execution attempts.
Ban the IP addresses associated with the following users after the users' first incorrect password attempt
Click and type the user name for whom you want to ban the IP address. Repeat this step for other users whose IP address you want to ban.
You can ban the IP address associated with a specific user after the user’s first incorrect password attempt.
Ban specified IP addresses
Do one of the following:
*Select Permanently to ban the user’s IP address permanently.
*Select For x minutes, and type the number of minutes that the user’s IP address should be banned.
Cache invalid user names for (sec)
Type the number of seconds to hold the name of invalid users in the cache temporarily.
The temporary caching of invalid user names is useful for blocking robots that make repeated attempts to discover valid user credentials. As a robot scans ActiveTransfer Server or ActiveTransfer Gateway during the user validation process, this option blocks subsequent login attempts made using an invalid user name for the specified number of seconds. If the user name is valid, the ActiveTransfer Server or ActiveTransfer Gateway ignores this setting.
Slow down hack attempt scans
Select this option to incrementally slow down responses to a client that appears to be a robot scanning for writable directories on your server by way of an FTP connection.
This setting doubles the server’s response time for each subsequent response to the client, thereby rendering such robots less effective. Selecting this option does not result in any extra load on the CPU.
IP restrictions
Click to add one or more IP addresses for which ActiveTransfer Server can accept or deny connection requests and specify the following details:
*Select Allow or Deny from the list.
*Type the IP address range in the From and To boxes. For example, 192.28.90.66.
SSL
Activate
Select this option to activate SSL encryption.
Keystore location
Type the path to the keystore file (for example, C:\keystore on Windows and /usr/keystore on UNIX).
Keystore password
Type the password for the keystore.
Private key password
Type the password for the private PGP key.
You can use the wm.mft.security.pgp:generatePGPKeyFiles service to generate an OpenPGP key pair. For details, see webMethods ActiveTransfer Built-In Services Reference.
Require valid client certificate
Select this option to block all connections from the client when the client does not have a valid client certificate key password.
Note:
When this option is selected, ActiveTransfer Server expects the clients requesting a server connection to present a valid certificate. The certificate should match one of the certificates stored in the truststore. To store valid certificates, you must create a truststore file in the same location as the keystore file, with the name keystoreName_trust. For example, if the keystore file name is server_ks.jks, the truststore name should be server_ks.jks_trust. You should add all the valid client certificates to this truststore.
Enable advanced upload/download option in Web client
Select this option to use the SSL keystore settings for file upload and download operations using acceleration.
Manage ciphers
Click and select the required ciphers from the list.
To list the ciphers in a particular order:
Note:
Select the Prefer cipher list order on server option to force the order of the ciphers as listed on the server.
a. Click .
b. In the Order ciphers dialog box, select a cipher and do one of the following:
*Click to move the cipher up.
*Click to move the cipher down.
c. Click Ok.
Note:
If you reorder the ciphers for an SSL listener, then restart that respective SSL listener or all the SSL listeners for the change to take effect across all the SSL listeners.
File-based encryption
Activate
Select this option to activate file-based encryption.
Public PGP key location
Type or browse to the local file path of the public PGP key (for example, C:\keylocation\simple.key on Windows and /usr/keylocation/enterprise.key on UNIX).
You can use the wm.mft.security.pgp:generatePGPKeyFiles service to generate an OpenPGP key pair. For details, see webMethods ActiveTransfer Built-In Services Reference.
File-based decryption
Activate
Select this option to activate file-based decryption.
Private PGP key location
Type or browse to the local file path of the private PGP key (for example, C:\keylocation\simple.key on Windows and /usr/keylocation/enterprise.key on UNIX).
Private PGP key password
Type the password for the private PGP key.
You can use the wm.mft.security.pgp:generatePGPKeyFiles service to generate an OpenPGP key pair. For details, see webMethods ActiveTransfer Built-In Services Reference.
Protocol options
Welcome message
Type a welcome message for display in the client console (FileZilla client and others) when a user logs in.
Download in binary
Select this option to download files only in binary mode. This prevents ActiveTransfer from altering the line endings of the ASCII text files even if the FTP client requests it.
Upload in binary
Select this option to upload files only in binary mode.
Run actions asynchronously
Select this option to run actions in parallel.
Allow extended passive and port commands
Select this option to allow extended passive and port commands such as, Extended Passive Mode (EPSV) and Extended Data Port (EPRT). This ensures compatibility between the client and server.
Note:
Before you enable this option, ensure that your client supports these commands.
Disable MTDM notifications
Select this option to prevent users from changing modified times on uploaded files.
Delete partial uploads
Select this option to delete any incomplete uploads.
ZIP compression level
You can set the ZIP compression level according to your needs for file size and data transfer speed. Select one of the following options:
*None: No compression. Results in the largest file size of the three options, with the longest transfer time.
*Fast: Fastest compression. Performs little compression, but compression time is the fastest of the three options.
*Best: Maximum compression. Provides the smallest file size possible after compression, with the shortest transfer time, but requires more time to perform the compression than the other two options.
Directory listing
Select the Use ls -la for destination directory listing (Mac OS X, UNIX, Linux) option to configure ActiveTransfer to use the directory listing command ls -la to list the owner, group, and permission details of the destination directory when the operating system is Mac OS X, UNIX, or Linux.
Note:
If you reorder the ciphers for an SSL port, then restart that respective SSL port or all the SSL ports for the change to take effect across all the SSL ports.
4. Click Save.
The server instance is updated with the global settings.