FTP Server Administration Panel

The FTP Server configuration panel contains two tabs: the Connection tab where you can
add or remove the IP addresses and ports it will listen on, and the supported protocol; the Connection security tab you can set up the TLS minimum allowed version and certificate to be used by the FTPS connection.

Setting Up Listeners

At first the FTP Server is already configured to listen on port 21 on all IPs v4 and IPs v6 (0.0.0.0:21 and [::]:21).

To set a new address and port the FTP Server will listen on, go to the Connection tab and click the Add button on the right. A new row will be added to the table on the left, and you must fill in the required information. Enter the IP address in the first column and the port in the second column. Select the appropriate FTP protocols in the third.

Selecting one or more rows in the table and clicking the Remove button will delete those rows.

Setting Up Connection Security

The Connection security allows you to set the required minimum TLS version; and to install a new X.509 certificate, choosing one of the following options:

  • Install a certificate provided by a third party;
  • Generate a new self-signed certificate, like the one that FileZilla Server creates for you at installation time;
  • Generate a certificate using Let’s Encrypt®.

Note: To use a newly chosen certificate you must either click the Apply or OK button at the bottom of the settings dialog.

At the bottom of the tab you’ll find the information related to the newly chosen certificate.

Manually provide a certificate created by a third party

To install a third parties’ TLS certificate, upload the relevant private key and certificate chain files to a location where FileZilla Server has access. Then, enter the paths and, if required by your certificate, the password. The files must be in PEM format. Sometimes, both the private key and the certificates chain are in the same file: in that case, just enter the path to that file in both the key and certificate field.

Generate a new self-signed certificate

To generate a new self-signed certificate, click on the Generate new button. A new dialog will ask you to enter the Distinguished Name and the applicable hostnames for the new certificate. Both the fields can be left empty. If left empty the Distinguished Name will be populated with CN=filezilla-server self signed certificate.

Generate a certificate using Let’s Encrypt®

To generate a certificate using Let’s Encrypt®, you must first set up the generic Let’s Encrypt® configuration. If you’ve not done that yet, a button will display the text Set up Let’s Encrypt® options first and clicking it you will be redirected to the relevant page. For further info about how to set up Let’s Encrypt® please consult Configuring Let’s Encrypt®.

Once the Let’ Encrypt® options are set up, click on the Generate new button. A new dialog will ask you to enter applicable hostnames for the new certificate. This field is mandatory and cannot be left empty.

Autoban

Autoban allows you to ban IP addresses after a preset number of failed login attempts.

You can set the number of seconds that need to elapse after a failed login before allowing a new login.

You can also set how long the ban will last, if you leave that to 0 no ban will be applied.

Timeout

Timeout allows you to set various timeouts whose expiration will result in the FTP sessions
to quit automatically.

Two types of timeouts are defined:

  • Login timeout
  • Activity timeout

The Login timeout value defines how long a session can be alive without a logged-in user.
The Login timeout could be helpful to mitigate Denial of Service attacks trying to overwhelm the server with a flood of unauthenticated requests. The Activity timeout value defines how long a session can be alive without any kind of activity. The Activity timeout is used to limit the amount of inactive sessions consuming server’s resources.

Performance

Performance allows you to fine tune settings that have an impact on performance.

The Number of threads value set the maximum number of threads that can be used to manage FTP sessions.

Tags: ,