Field | Description |
Throttling | |
Maximum simultaneous user connections | Type the maximum number of client connections allowed for the server at any given time. |
Maximum outgoing speed (Kb/sec) | Type the maximum allowable speed in kilobytes per second for outbound transfers across all listeners. |
Maximum incoming speed (Kb/sec) | Type the maximum allowable speed in kilobytes per second for inbound transfers across all listeners. |
IP patterns immune to speed | Click  to add one or more IP patterns representing a range of IP addresses. For example, 168.21.* indicates that all addresses that begin with 168.21 are immune to speed settings. |
Active time window | Select the required days of a week you want the server to be available to the user. |
File name filters | |
Patterns | Click to add one or more patterns to restrict particular operation for certain files, and specify the following details: Command: Select a operation to restrict ( List, Upload, Download or Rename) from the list.Filter type: Select a filter type (Starts with, Ends with, or Contains) from the list.File name: Type a portion of the file name that the Filter type criterion should evaluate (for example, “exe”).Note: Any characters except wildcard characters or regular expressions are permitted. ActiveTransfer Server treats those characters as part of the file name. |
Block paths matching these patterns | Click to restrict access to specific folders and sub-folders in the file system, and specify the following:Pattern: Type the file system path you want to block. Regular characters and wildcards characters are permitted.Tip: You can use simple pattern matching by preceding the pattern with the tilde (~) character. For example, to deny user access to the folder /system/bin, you would type: ~/system/bin/* Note: This setting restricts access to sub-folders in the file system. Wildcard characters or regular expressions are permitted. |
Hammering | |
No. of unsuccessful login attempts by user to ban IP address | Click the corresponding  icon in the Connection, Password, and Command rows to configure the following settings:Maximum of: Type the maximum number of allowed attempts.attempts in: Type the time period in seconds.then ban for: Type the number of minutes to ban the IP address.You can ban a user’s IP address after a certain number of connection, password, or command execution attempts. |
Ban the IP addresses associated with the following users after the users' first incorrect password attempt | Click and type the user name for whom you want to ban the IP address. Repeat this step for other users whose IP address you want to ban.You can ban the IP address associated with a specific user after the user’s first incorrect password attempt. |
Ban specified IP addresses | Do one of the following: Select Permanently to ban the user’s IP address permanently.Select After x minutes, and type the number of minutes to elapse before accepting another password attempt from the user’s IP address. |
Cache invalid user names for (sec) | Type the number of seconds to hold the names of invalid users in the cache temporarily. The temporary caching of invalid user names is useful for blocking robots that make repeated attempts to discover valid user credentials. As a robot scans ActiveTransfer Server or ActiveTransfer Gateway during the user validation process, this option blocks subsequent login attempts made using an invalid user name for the specified number of seconds. If the user name is valid, the ActiveTransfer Server or ActiveTransfer Gateway ignores this setting. |
Slow down hack attempt scans | Select this option to incrementally slow down responses to a client that appears to be a robot scanning for writable directories on your server by way of an FTP connection. This setting doubles the server’s response time for each subsequent response to the client, thereby rendering such robots less effective. Selecting this option does not result in any extra load on the CPU. |
IP restrictions | |
IP patterns | Click to add one or more IP addresses for which ActiveTransfer Server can accept or deny connection requests and specify the following details:Select Allow or Deny from the list.Type the IP address range in the From and To text boxes. For example, 160.30.*. |
SSL | |
Activate | Select this option to activate SSL encryption. |
Manage ciphers | Click and select the required ciphers from the list.To list the ciphers in a particular order: Note: Select the Prefer cipher list order on server option to force the order of the ciphers as listed on the server. a. Click  .b. In the Order ciphers dialog box, select a cipher and do one of the following: Click  to move the cipher up.Click  to move the cipher down.c. Click Ok. Note: If you reorder the ciphers for an SSL listener, then restart that respective SSL listener or all the SSL listeners for the change to take effect across all the SSL listeners. |
File-based encryption | |
Activate | Select this option to activate file-based encryption. |
Public PGP key location | Type or browse to the local file path of the public PGP key (for example, C:\keylocation\simple.key on Windows and /usr/keylocation/enterprise.key on UNIX). You can use the wm.mft.security.pgp:generatePGPKeyFiles service to generate an OpenPGP key pair. For details, see webMethods ActiveTransfer Built-In Services Reference. |
File-based decryption | |
Activate | Select this option to activate file-based decryption. |
Private PGP key location | Type or browse to the local file path of the private PGP key (for example, C:\keylocation\simple.key on Windows and /usr/keylocation/enterprise.key on UNIX). |
Private PGP key password | Type the password for the private PGP key. You can use the wm.mft.security.pgp:generatePGPKeyFiles service to generate an OpenPGP key pair. For details, see webMethods ActiveTransfer Built-In Services Reference. |
Protocol options | |
Welcome message | Type a welcome message for display in the client console (ActiveTransfer web client, FileZilla client, and so on) when a user logs in. |
Download in binary | Select this option to download files only in binary mode. This prevents ActiveTransfer from altering the line endings of the ASCII text files even if the FTP client requests it. |
Upload in binary | Select this option to upload files only in binary mode. |
Run events asynchronously | Select this option to run events in parallel. |
Allow extended passive and port commands | Select this option to allow extended passive and port commands such as, Extended Passive Mode (EPSV) and Extended Data Port (EPRT). This ensures compatibility between the client and server. Note: Before you enable this option, ensure that your client supports these commands. |
Disable MTDM notifications | Select this option to prevent users from changing modified times on uploaded files. |
Delete partial uploads | Select this option to delete any incomplete uploads. |
ZIP compression level | You can set the ZIP compression level according to your needs for file size and data transfer speed. Select one of the following options: None: No compression. Results in the largest file size of the three options, with the longest transfer time.Fast: Fastest compression. Performs little compression, but compression time is the fastest of the three options.Best: Maximum compression. Provides the smallest file size possible after compression, with the shortest transfer time, but requires more time to perform the compression than the other two options. |
Directory listing | Select the Use ls -la for destination directory listing (Mac OS X, UNIX, Linux) option to configure ActiveTransfer to use the directory listing command ls -la to list the owner, group, and permission details of the destination directory when the operating system is Mac OS X, UNIX, or Linux. |