I have configured IIS 7.5 ftp service to use SSL. I have two environments (one for testing purposes, without ssl). When we activate SSL users can logon and list and get files maybe one time if there lucky, then the host (service?) becomes unreachable for some reason. I have no idea what happens or why the FTP "locks" it self. When the ftp is in the "locked" state i am still able to telnet the ftp service, but login do not work.
The test environment without SSL works perfectly and never locks itself. I have also tried turning off SSL on the production environment and that makes that environment work perfectly too.
So the problem must be with SSL (certificate is from versisign). Have someone experienced the same problem och now what can be the cause of this?
/ Tommy
See this document
Specifically these sections:
Using Windows Firewall with secure FTP over SSL (FTPS) traffic
More Information about Working with Firewalls
(At the bottom)
Related
I'm building a Node app and need to put it online so my team can access it. We are concerned about the content of the app leaking and need some security.
Is a VPN the best way? Could I set one up easily on Digital Ocean or elsewhere? I have only set up a VPN for tunnelling before, and don't have a local computer or server that is always on.
I first thought about putting it on a randomly generated subdomain on my regular domain, or controlling it with .htaccess and password, but I'm not sure if this is doable with Node.
EDIT: what about just setting up with pptp and then editing the hosts file to point my-temporary-domain.com to localhost?
This problem is relevant because you don't have a local area network that your team all has access to. The way I've solved this in the past is to set up your application listening on the 127.0.0.1 on a server that is accessible to the internet. Allow your team to have SSH access, and set it up so they forward localhost and port 80 on their local machine to whatever port your application is listening on. You can do this with openssh and putty.
I have developed an intranet site using nodeJS and it is running successfully on one of the Windows servers in our office and am now ready to deploy.
At the moment the only route to access is ip:port (192.168.1.88:8888 for example)
I would like for the local users on the network to just type 'intranet' into their browsers and be forwarded to this location. I have tried modifying the system32\drivers\etc\hosts file (with 127.0.0.1 intranet), but it 404'd, telling me that index was not found, so maybe it's trying to serve the application statically with a different web server (IIS is installed on the machine, although it's not running?)
Is there any way to achieve this "shortcut" at network level? It must also work for external visitors to the site so I've ruled out any local solutions.
I am aware that this information already exists online, however I find it is above my knowledge level as a humble javascript developer and seems to strafe into network administration territory. I wonder if anybody could provide a lay mans write up.
Rather new to administering IIS.
we have a windows 2003 server running IIS 6 (no ssl). One of the applications a user built is for droid phones and they require an SSL connection exclusively. the customer bought an ssl cert and wants every user calling the website to be forced to use a SSL connection.
Question: Would I have to create a copy site of Default web site, and apply this SSL and set it so that only port 443 can access this?
or, is there an easier way to go about this?
I was told that applying the SSL cert to the existing defualt website won't work because if you do that, and forced all connections to port 443, the internal users will fail.
Thanks for the help!
If I needed to run multiple sites on IIS I usually just created additional subweb underneath Default Web Site - it was working quite well, and you should be able to set up ssl just for it I believe.
on IIS7 (not sure if that will be possible with IIS6) as well I often create multiple top level sites, and map them to different FQDNs. You can also map those to different ports using the same FQDN, but that obviously is less than ideal.
I have setup FTP within IIS7 on a Windows 2008 Virtual Machine. I enabled Port 21 within the endpoints and Active FTP works just fine. But I am unsure to how to connect through Passive. I followed Microsoft documentation (enabled a range of ports within IIS and allowed the same ports on the local firewall) I also allowed the ports within the endpoints in Azure Management. This didnt work.
I read somewhere on an unofficial MS forum that MS do not allow Passive FTP within Azure. Is this true? If not can someone direct me to the right documentation?
Thanks
SOLUTION
I followed instructions in this article.
The problem I was having was I didn't stop and start the FTP service after doing this. It wont work otherwise.
Passive FTP should work fine in Windows Azure Virtual Machines. However, you may not be able to choose large port range since you can only have up to 25 endpoints in Azure and this could be limitation to have Passive FTP. This Forum discussion talk more about it.
You can find this blog which explains how they configure Passive FTP with IIS on Windows Virtual Machine.
An additional piece of info about the post referenced above (http://www.itq.nl/blogs/post/Walkthrough-Hosting-FTP-on-IIS-75-in-Windows-Azure-VM.aspx) - at the end it says you need to use the following command to add the port range in IIS:
appcmd set config /section:system.ftpServer/firewallSupport \
/lowDataChannelPort:7000 /highDataChannelPort:7014
This failed for me, because the port range is locked so it can only be set on the root IIS node. The error is:
Support (Your site name) /lowDataChannelPort:5000 /highDataChannelPort:6000
ERROR ( message:Can not set attribute "lowDataChannelPort" to value "5000".. Rea
son: This configuration section cannot be used at this path. This happens when t
he section is locked at a parent level. Locking is either by default (overrideMo
deDefault="Deny"), or set explicitly by a location tag with overrideMode="Deny"
or the legacy allowOverride="false".
. )
If you traverse up the IIS nodes to the root server node, choose Features View, then FTP Firewall Support, you can set the Data Channel Port Range there using the text box, without the need for scripting, and avoiding this error. Once this is done, you then need to restart the ftp service (as noted above), and passive FTP works well.
I've added this additional answer here because being unable to run the appcmd command to set the port range had me going around in circles for a number of hours, and this may help others avoid the same problem.
I thought others might run into this. If you get the security message indicating that the parent is locked, just go back into your FTP and turn OFF Require SSL Connections. Then rerun the command. Setup your endpoints, open the firewall, etc. THEN go in and turn back on Require SSL Connections!
I have an issue that my idiot web host support team cannot solve, so here it is:
When I'm working on a site, and I'm uploading many files here and there (small files, most of them a few dozen lines at most, php and js files mostly, with some png and jpg files), after multiple uploads in a very short timeframe, the FTP chokes on me. It cuts me off with a "refused connection" error from the server end as if I am brute-force attacking the server, or trying to overload it. And then after 30 minutes or so it seems to work again.
I have a dedicated server with inmotion hosting (which I do NOT recommend, but that's another story - I have too many accounts to switch over), so I have access to all logs etc. if you want me to look.
Here's what I have as settings so far:
I have my own IP on the whitelist in the firewall.
FTP settings have maximum 2000 connections at a time (Which I am
nowhere near close to hitting - most of the accounts I manage
myself, without client access allowed)
Broken Compatibility ON
Idle time 15 mins
On regular port 21
regular FTP (not SFTP)
access to a sub-domain of a major domain
Anyhow this is very frustrating because I have to pause my web development work in the middle of an update. Restarting FTP on WHM doesn't seem to resolve it right away either - I just have to wait. However when I try to access the website directly through the browser, or use ping/traceroute commands to see if I can reach it, there's no problem - just the FTP is cut off.
The ftp server is configured for such a behavior. If you cannot change its configuration (or switch to another ftp server program on the server), you can't avoid that.
For example vsftpd has many such configuration switches.
Going to something else like scp or ssh should help
(I'm not sure that calling idiot your web support team can help you)