You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by sc...@apache.org on 2007/02/26 20:21:05 UTC
svn commit: r511957 - in /httpd/mod_ftp/trunk: STATUS
docs/manual/ftp/ftp_intro.xml docs/manual/ftp/ftp_tls.html.en
docs/manual/ftp/ftp_tls.xml docs/manual/ftp/index.html.en
docs/manual/ftp/index.xml docs/manual/mod/mod_ftp.html.en
Author: sctemme
Date: Mon Feb 26 11:21:05 2007
New Revision: 511957
URL: http://svn.apache.org/viewvc?view=rev&rev=511957
Log:
* Correct svn URL in STATUS
* Write FTP over TLS content
* Add info to overview page that says where to get the module
* Change HTML entitites to numerical to stop Firefox from barfing at the XML
Modified:
httpd/mod_ftp/trunk/STATUS
httpd/mod_ftp/trunk/docs/manual/ftp/ftp_intro.xml
httpd/mod_ftp/trunk/docs/manual/ftp/ftp_tls.html.en
httpd/mod_ftp/trunk/docs/manual/ftp/ftp_tls.xml
httpd/mod_ftp/trunk/docs/manual/ftp/index.html.en
httpd/mod_ftp/trunk/docs/manual/ftp/index.xml
httpd/mod_ftp/trunk/docs/manual/mod/mod_ftp.html.en
Modified: httpd/mod_ftp/trunk/STATUS
URL: http://svn.apache.org/viewvc/httpd/mod_ftp/trunk/STATUS?view=diff&rev=511957&r1=511956&r2=511957
==============================================================================
--- httpd/mod_ftp/trunk/STATUS (original)
+++ httpd/mod_ftp/trunk/STATUS Mon Feb 26 11:21:05 2007
@@ -3,7 +3,7 @@
The current version of this file can be found at:
- * https://svn.apache.org/repos/asf/httpd/mod_ftp/trunk/STATUS
+ * http://svn.apache.org/repos/asf/httpd/mod_ftp/trunk/STATUS
Consult the following STATUS files for information on related projects:
Modified: httpd/mod_ftp/trunk/docs/manual/ftp/ftp_intro.xml
URL: http://svn.apache.org/viewvc/httpd/mod_ftp/trunk/docs/manual/ftp/ftp_intro.xml?view=diff&rev=511957&r1=511956&r2=511957
==============================================================================
--- httpd/mod_ftp/trunk/docs/manual/ftp/ftp_intro.xml (original)
+++ httpd/mod_ftp/trunk/docs/manual/ftp/ftp_intro.xml Mon Feb 26 11:21:05 2007
@@ -53,11 +53,11 @@
</summary>
<seealso><a href="http://www.rfc-archive.org/getrfc.php?rfc=959">RFC
-959 — FILE TRANSFER PROTOCOL (FTP)</a></seealso>
+959 — FILE TRANSFER PROTOCOL (FTP)</a></seealso>
<seealso><a href="http://www.rfc-archive.org/getrfc.php?rfc=1579">RFC
-1579 — Firewall-Friendly FTP</a></seealso>
+1579 — Firewall-Friendly FTP</a></seealso>
<seealso><a href="http://www.rfc-archive.org/getrfc.php?rfc=4217">RFC
-4217 — Securing FTP with TLS</a></seealso>
+4217 — Securing FTP with TLS</a></seealso>
<seealso><module>mod_ssl</module></seealso>
<seealso><a href="../howto/auth.html">Authentication, Authorization
and Access Control</a></seealso>
@@ -78,8 +78,8 @@
connection to well-known port 21. If the user issues a command that
requires a response more elaborate than a one-line response code, a
<em>Data Connection</em> is established between the client and the
-server. The response data—the contents of a file or a
-directory listing—is sent over that data connection.</p>
+server. The response data—the contents of a file or a
+directory listing—is sent over that data connection.</p>
<p>Historically, the data connection was established from the server
back to the client. The client would bind to an arbitrary port, and
Modified: httpd/mod_ftp/trunk/docs/manual/ftp/ftp_tls.html.en
URL: http://svn.apache.org/viewvc/httpd/mod_ftp/trunk/docs/manual/ftp/ftp_tls.html.en?view=diff&rev=511957&r1=511956&r2=511957
==============================================================================
--- httpd/mod_ftp/trunk/docs/manual/ftp/ftp_tls.html.en (original)
+++ httpd/mod_ftp/trunk/docs/manual/ftp/ftp_tls.html.en Mon Feb 26 11:21:05 2007
@@ -5,23 +5,208 @@
This file is generated from xml source: DO NOT EDIT
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
-->
-<title> - Apache HTTP Server</title>
+<title>Securing FTP With TLS - Apache HTTP Server</title>
<link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" />
<link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" />
<link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" />
<link href="../images/favicon.ico" rel="shortcut icon" /></head>
-<body id="manual-page" class="no-sidebar"><div id="page-header">
+<body id="manual-page"><div id="page-header">
<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p>
<p class="apache">Apache HTTP Server Version 2.3</p>
<img alt="" src="../images/feather.gif" /></div>
-<div class="up"><a href="../"><img title="<-" alt="<-" src="../images/left.gif" /></a></div>
+<div class="up"><a href="./"><img title="<-" alt="<-" src="../images/left.gif" /></a></div>
<div id="path">
-<a href="http://www.apache.org/">Apache</a> > <a href="http://httpd.apache.org/">HTTP Server</a> > <a href="http://httpd.apache.org/docs/">Documentation</a> > <a href="../">Version 2.3</a></div><div id="page-content"><div id="preamble"><h1 />
+<a href="http://www.apache.org/">Apache</a> > <a href="http://httpd.apache.org/">HTTP Server</a> > <a href="http://httpd.apache.org/docs/">Documentation</a> > <a href="../">Version 2.3</a> > <a href="./">FTP Protocol Support</a></div><div id="page-content"><div id="preamble"><h1>Securing FTP With TLS</h1>
<div class="toplang">
<p><span>Available Languages: </span><a href="../en/ftp/ftp_tls.html" title="English"> en </a></p>
</div>
-</div>
-</div>
+
+ <p>The support for FTP over TLS allows you to run FTP connections
+ securely through TLS encryption and certificate authentication
+ support. Apache mod_ftp supports RFC-compliant TLS support through
+ Apache's own mod_ssl.</p>
+ </div>
+<div id="quickview"><ul id="toc"><li><img alt="" src="../images/down.gif" /> <a href="#introduction">Introduction</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#protocoldescription">Protocol Description</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#ftpovertls">FTP over TLS Support</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#implicitssl">Implicit SSL Support</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#clientsupport">Client Support for FTP over TLS</a></li>
+</ul><h3>See also</h3><ul class="seealso"><li><a href="http://www.rfc-archive.org/getrfc.php?rfc=4217">RFC 4217
+ — Securing FTP with TLS</a></li><li><a href="http://www.rfc-archive.org/getrfc.php?rfc=2228">RFC 2228
+ — FTP Security Extensions</a></li><li><a href="http://www.rfc-archive.org/getrfc.php?rfc=2246">RFC 2246
+ — The TLS Protocol Version 1.0</a></li></ul></div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="introduction" id="introduction">Introduction</a></h2>
+
+
+
+ <p>As the FTP protocol was developed long before security through
+ encryption became an important consideration, it was originally
+ designed as a clear-text protocol. Both the command channel and
+ the data channel were, and in many cases remain, unencrypted.
+ Today, this is not desirable since the users' logins and passwords
+ travel in the clear across the network, and could be readily
+ detected by a malicious intruder. Conversely, a user would not
+ easily be able to detect a spoofed server address because the
+ server could not identify itself by certificate.</p>
+
+ <p>To address these limitations, the FTP over TLS protocol was
+ developed and became an Internet Standard described in <a href="http://www.rfc-archive.org/getrfc.php?rfc=4217">RFC
+ 4217</a>. The FTP over TLS protocol uses TLS connection upgrade,
+ where the client and server negotiate their features and
+ capabilities before upgrading to an encrypted connection. </p>
+ </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="protocoldescription" id="protocoldescription">Protocol Description</a></h2>
+
+
+
+ <p>The mod_ftp module for the Apache HTTP Server aims to implement
+ FTP over TLS as defined by <a href="http://www.rfc-archive.org/getrfc.php?rfc=4217">RFC
+ 4217</a>. The RFC describes how the FTP client and server can
+ discover each other's security capabilities and how a client can
+ upgrade an FTP control channel to use TLS protection. This
+ connection upgrade behavior, similar to the SMTP over TLS standard
+ described in <a href="http://www.rfc-archive.org/getrfc.php?rfc=3207">RFC
+ 3207</a>, allows an FTP over TLS server to run on the same port as
+ a plaintext FTP server, and offer both plaintext and protected
+ services simultaneously.</p>
+
+
+ <p>The FTP protocol specification dictates that it is up to the
+ client to specify session attributes like the protection level.
+ The server cannot require that the client use TLS, but it can
+ refuse to accept any command from the client until it sends an
+ <code>AUTH TLS</code> FTP command to upgrade the control channel
+ to TLS protection. See the <code class="directive"><a href="../mod/mod_ftp.html#ftpoptions">FTPOptions</a></code>, specifically the
+ <code>RequireSSL</code> option, to make the server refuse any FTP
+ command until a TLS session is established.</p>
+
+
+
+
+ <p>The use of TLS allows both the server and client to identify
+ themselves using standard SSL Certificates. Generally, a
+ certificate will be in use on the server, but the server can be
+ configured to request client-side certificates for
+ authentication. RFC 4217 requires that the client send a
+ <code>USER</code> command even if a certificate is presented, but
+ the server may forego requiring a password from the client. </p>
+
+ <p>Since the FTP over TLS RFC was published only in 2005, several
+ alternative approaches have arisen to secure file transfer
+ connections. Besides the TLS connection upgrade on a normal FTP
+ connection as defined by the RFC, another popular approach is to
+ define a separate FTP control channel listener that can only be
+ accessed over SSL. An SSL handshake has to be completed before
+ even the first FTP protocol exchange can take place. This
+ approach, known as <em>Implicit SSL</em>, is supported by mod_ftp.
+ Finally, some FTP clients and server support file transfer over
+ SSH. This approach is not supported by mod_ftp.</p>
+ </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="ftpovertls" id="ftpovertls">FTP over TLS Support</a></h2>
+
+
+
+ <p>To implement TLS, mod_ftp uses Apache's
+ <code class="module"><a href="../mod/mod_ssl.html">mod_ssl</a></code>. This means that the configuration
+ options for FTP over TLS are not too different from those for
+ HTTPS. In fact, for RFC 4217-based FTP over TLS support, no
+ additional configuration options are necessary above the ones you
+ would use to set up an HTTP over SSL virtual host. Note however
+ that we explicitly turn off <code class="directive"><a href="../mod/core.html#acceptfilter">AcceptFilter</a></code>. This is necessary because
+ in FTP the server initiates the protocol conversation and not the
+ client.</p>
+
+ <div class="example"><p><code>
+ LoadModule ftp_module /usr/local/apache2/modules/mod_ftp.so<br />
+ <br />
+ Listen 21 ftp<br />
+ AcceptFilter ftp none<br />
+ <br />
+ LogFormat "%u [%a] %r %>s" ftp_command<br />
+ LogFormat "%{%b %e %H:%M:%S %Y}t %T %a %B %U %M %F %d %W %u %S %Z %Y" ftp_transfer<br />
+ <br />
+ <VirtualHost _default_:21><br />
+ <br />
+ FTP On<br />
+ SSLEngine on<br />
+ SSLCertificateFile conf/server.crt<br />
+ SSLCertificateKeyFile conf/server.key<br />
+ <br />
+ ErrorLog logs/ftps_error_log<br />
+ CustomLog logs/ftps_command_log ftp_command<br />
+ CustomLog logs/ftps_transfer_log ftp_transfer env=do_transfer_log<br />
+ <br />
+ </VirtualHost><br />
+ </code></p></div>
+
+ <div class="note">The above shows the simplest possible configuration of a
+ TLS-enabled FTP virtual host. You should not use this in
+ production unless sufficient authentication and access control is
+ added. </div>
+
+ </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="implicitssl" id="implicitssl">Implicit SSL Support</a></h2>
+
+
+
+ <p>The configuration below is similar to the one above, except for
+ the <code class="directive"><a href="../mod/ftp.html#ftpimplicitssl">FTPImplicitSSL</a></code> and the
+ listening port which is <code>990</code>. The <code class="directive"><a href="../mod/core.html#acceptfilter">AcceptFilter</a></code> is set to
+ <code>data</code>, since the conversation starts with an SSL
+ handshake from the client.</p>
+
+ <div class="example"><p><code>
+ LoadModule ftp_module /usr/local/apache2/modules/mod_ftp.so<br />
+ <br />
+ Listen 990 ftps<br />
+ AcceptFilter ftps data<br />
+ <br />
+ LogFormat "%u [%a] %r %>s" ftp_command<br />
+ LogFormat "%{%b %e %H:%M:%S %Y}t %T %a %B %U %M %F %d %W %u %S %Z %Y" ftp_transfer<br />
+ <br />
+ <VirtualHost _default_:990><br />
+ <br />
+ FTP On<br />
+ SSLEngine On<br />
+ FTPImplicitSSL On<br />
+ <br />
+ SSLCertificateFile ssl/server.crt<br />
+ SSLCertificateKeyFile ssl/server.key<br />
+ <br />
+ ErrorLog logs/ftps_error.log<br />
+ <br />
+ CustomLog logs/ftps_command.log ftp_command<br />
+ CustomLog logs/ftps_transfer.log ftp_transfer env=do_transfer_log<br />
+ <br />
+ DocumentRoot "/usr/local/apache2/htdocs"<br />
+ <br />
+ </VirtualHost><br />
+ </code></p></div>
+
+ <div class="note">The above shows the simplest possible configuration of a
+ TLS-enabled FTP virtual host. You should not use this in
+ production unless sufficient authentication and access control is
+ added. </div>
+
+ </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="clientsupport" id="clientsupport">Client Support for FTP over TLS</a></h2>
+
+
+
+ <p>An ever-growing number of FTP clients implements FTP over
+ TLS, and listing them all is outside the scope of this document.
+ A list can be found on <a href="http://en.wikipedia.org/List_of_FTP_clients">Wikipedia</a>.
+ When selecting a client, do keep in mind that the <em>FTP over
+ SSH</em> protocol (sometimes also called <em>SFTP</em>) is not
+ supported by <code class="module"><a href="../mod/mod_ftp.html">mod_ftp</a></code>.</p>
+
+ </div></div>
<div class="bottomlang">
<p><span>Available Languages: </span><a href="../en/ftp/ftp_tls.html" title="English"> en </a></p>
</div><div id="footer">
Modified: httpd/mod_ftp/trunk/docs/manual/ftp/ftp_tls.xml
URL: http://svn.apache.org/viewvc/httpd/mod_ftp/trunk/docs/manual/ftp/ftp_tls.xml?view=diff&rev=511957&r1=511956&r2=511957
==============================================================================
--- httpd/mod_ftp/trunk/docs/manual/ftp/ftp_tls.xml (original)
+++ httpd/mod_ftp/trunk/docs/manual/ftp/ftp_tls.xml Mon Feb 26 11:21:05 2007
@@ -27,5 +27,213 @@
-->
<manualpage metafile="ftp_tls.xml.meta">
-<parentdocument href="../"/>
+<parentdocument href="./">FTP Protocol Support</parentdocument>
+
+ <title>Securing FTP With TLS</title>
+
+ <summary>
+ <p>The support for FTP over TLS allows you to run FTP connections
+ securely through TLS encryption and certificate authentication
+ support. Apache mod_ftp supports RFC-compliant TLS support through
+ Apache's own mod_ssl.</p>
+ </summary>
+
+ <section id="introduction">
+
+ <title>Introduction</title>
+
+ <p>As the FTP protocol was developed long before security through
+ encryption became an important consideration, it was originally
+ designed as a clear-text protocol. Both the command channel and
+ the data channel were, and in many cases remain, unencrypted.
+ Today, this is not desirable since the users' logins and passwords
+ travel in the clear across the network, and could be readily
+ detected by a malicious intruder. Conversely, a user would not
+ easily be able to detect a spoofed server address because the
+ server could not identify itself by certificate.</p>
+
+ <p>To address these limitations, the FTP over TLS protocol was
+ developed and became an Internet Standard described in <a
+ href="http://www.rfc-archive.org/getrfc.php?rfc=4217">RFC
+ 4217</a>. The FTP over TLS protocol uses TLS connection upgrade,
+ where the client and server negotiate their features and
+ capabilities before upgrading to an encrypted connection. </p>
+ </section>
+
+ <seealso><a href="http://www.rfc-archive.org/getrfc.php?rfc=4217">RFC 4217
+ — Securing FTP with TLS</a></seealso>
+ <seealso><a href="http://www.rfc-archive.org/getrfc.php?rfc=2228">RFC 2228
+ — FTP Security Extensions</a></seealso>
+<seealso><a href="http://www.rfc-archive.org/getrfc.php?rfc=2246">RFC 2246
+ — The TLS Protocol Version 1.0</a></seealso>
+
+
+ <section id="protocoldescription">
+
+ <title>Protocol Description</title>
+
+ <p>The mod_ftp module for the Apache HTTP Server aims to implement
+ FTP over TLS as defined by <a
+ href="http://www.rfc-archive.org/getrfc.php?rfc=4217">RFC
+ 4217</a>. The RFC describes how the FTP client and server can
+ discover each other's security capabilities and how a client can
+ upgrade an FTP control channel to use TLS protection. This
+ connection upgrade behavior, similar to the SMTP over TLS standard
+ described in <a
+ href="http://www.rfc-archive.org/getrfc.php?rfc=3207">RFC
+ 3207</a>, allows an FTP over TLS server to run on the same port as
+ a plaintext FTP server, and offer both plaintext and protected
+ services simultaneously.</p>
+
+ <!-- Requiring that TLS be used -->
+ <p>The FTP protocol specification dictates that it is up to the
+ client to specify session attributes like the protection level.
+ The server cannot require that the client use TLS, but it can
+ refuse to accept any command from the client until it sends an
+ <code>AUTH TLS</code> FTP command to upgrade the control channel
+ to TLS protection. See the <directive
+ module="mod_ftp">FTPOptions</directive>, specifically the
+ <code>RequireSSL</code> option, to make the server refuse any FTP
+ command until a TLS session is established.</p>
+
+ <!-- ###FIXME### Investigate existing (and desired) data channel
+ protection level and write this paragraph.
+ Note: the FTP Server side is always the 'Server' in TLS context,
+ regardless of the direction of the data channel connection.
+ <p>Data Channel Protection</p>
+ -->
+
+ <!-- Certificates and Authentication -->
+ <p>The use of TLS allows both the server and client to identify
+ themselves using standard SSL Certificates. Generally, a
+ certificate will be in use on the server, but the server can be
+ configured to request client-side certificates for
+ authentication. RFC 4217 requires that the client send a
+ <code>USER</code> command even if a certificate is presented, but
+ the server may forego requiring a password from the client. </p>
+
+ <p>Since the FTP over TLS RFC was published only in 2005, several
+ alternative approaches have arisen to secure file transfer
+ connections. Besides the TLS connection upgrade on a normal FTP
+ connection as defined by the RFC, another popular approach is to
+ define a separate FTP control channel listener that can only be
+ accessed over SSL. An SSL handshake has to be completed before
+ even the first FTP protocol exchange can take place. This
+ approach, known as <em>Implicit SSL</em>, is supported by mod_ftp.
+ Finally, some FTP clients and server support file transfer over
+ SSH. This approach is not supported by mod_ftp.</p>
+ </section>
+
+ <section id="ftpovertls">
+
+ <title>FTP over TLS Support</title>
+
+ <p>To implement TLS, mod_ftp uses Apache's
+ <module>mod_ssl</module>. This means that the configuration
+ options for FTP over TLS are not too different from those for
+ HTTPS. In fact, for RFC 4217-based FTP over TLS support, no
+ additional configuration options are necessary above the ones you
+ would use to set up an HTTP over SSL virtual host. Note however
+ that we explicitly turn off <directive
+ module="core">AcceptFilter</directive>. This is necessary because
+ in FTP the server initiates the protocol conversation and not the
+ client.</p>
+
+ <example>
+ LoadModule ftp_module /usr/local/apache2/modules/mod_ftp.so<br/>
+ <br/>
+ Listen 21 ftp<br/>
+ AcceptFilter ftp none<br/>
+ <br/>
+ LogFormat "%u [%a] %r %>s" ftp_command<br/>
+ LogFormat "%{%b %e %H:%M:%S %Y}t %T %a %B %U %M %F %d %W %u %S %Z %Y" ftp_transfer<br/>
+ <br/>
+ <VirtualHost _default_:21><br/>
+   <br/>
+   FTP On<br/>
+   SSLEngine on<br/>
+   SSLCertificateFile conf/server.crt<br/>
+   SSLCertificateKeyFile conf/server.key<br/>
+   <br/>
+   ErrorLog logs/ftps_error_log<br/>
+   CustomLog logs/ftps_command_log ftp_command<br/>
+   CustomLog logs/ftps_transfer_log ftp_transfer env=do_transfer_log<br/>
+   <br/>
+ </VirtualHost><br/>
+ </example>
+
+ <note>The above shows the simplest possible configuration of a
+ TLS-enabled FTP virtual host. You should not use this in
+ production unless sufficient authentication and access control is
+ added. </note>
+
+ </section>
+
+ <section id="implicitssl">
+
+ <title>Implicit SSL Support</title>
+
+ <p>The configuration below is similar to the one above, except for
+ the <directive module="ftp">FTPImplicitSSL</directive> and the
+ listening port which is <code>990</code>. The <directive
+ module="core">AcceptFilter</directive> is set to
+ <code>data</code>, since the conversation starts with an SSL
+ handshake from the client.</p>
+
+ <example>
+ LoadModule ftp_module /usr/local/apache2/modules/mod_ftp.so<br/>
+ <br/>
+ Listen 990 ftps<br/>
+ AcceptFilter ftps data<br/>
+ <br/>
+ LogFormat "%u [%a] %r %>s" ftp_command<br/>
+ LogFormat "%{%b %e %H:%M:%S %Y}t %T %a %B %U %M %F %d %W %u %S %Z %Y" ftp_transfer<br/>
+ <br/>
+ <VirtualHost _default_:990><br/>
+ <br/>
+   FTP On<br/>
+   SSLEngine On<br/>
+   FTPImplicitSSL On<br/>
+ <br/>
+   SSLCertificateFile ssl/server.crt<br/>
+   SSLCertificateKeyFile ssl/server.key<br/>
+ <br/>
+   ErrorLog logs/ftps_error.log<br/>
+ <br/>
+   CustomLog logs/ftps_command.log ftp_command<br/>
+   CustomLog logs/ftps_transfer.log ftp_transfer env=do_transfer_log<br/>
+ <br/>
+   DocumentRoot "/usr/local/apache2/htdocs"<br/>
+ <br/>
+ </VirtualHost><br/>
+ </example>
+
+ <note>The above shows the simplest possible configuration of a
+ TLS-enabled FTP virtual host. You should not use this in
+ production unless sufficient authentication and access control is
+ added. </note>
+
+ </section>
+<!--
+ <section id="clientauth">
+
+ <title>Client-side Certificate Authentication</title>
+
+ </section>
+-->
+
+ <section id="clientsupport">
+
+ <title>Client Support for FTP over TLS</title>
+
+ <p>An ever-growing number of FTP clients implements FTP over
+ TLS, and listing them all is outside the scope of this document.
+ A list can be found on <a
+ href="http://en.wikipedia.org/List_of_FTP_clients">Wikipedia</a>.
+ When selecting a client, do keep in mind that the <em>FTP over
+ SSH</em> protocol (sometimes also called <em>SFTP</em>) is not
+ supported by <module>mod_ftp</module>.</p>
+
+ </section>
+
</manualpage>
Modified: httpd/mod_ftp/trunk/docs/manual/ftp/index.html.en
URL: http://svn.apache.org/viewvc/httpd/mod_ftp/trunk/docs/manual/ftp/index.html.en?view=diff&rev=511957&r1=511956&r2=511957
==============================================================================
--- httpd/mod_ftp/trunk/docs/manual/ftp/index.html.en (original)
+++ httpd/mod_ftp/trunk/docs/manual/ftp/index.html.en Mon Feb 26 11:21:05 2007
@@ -21,12 +21,35 @@
<p><span>Available Languages: </span><a href="../en/ftp/" title="English"> en </a></p>
</div>
-<p>This is the FTP Protocol Module</p>
+ <p>The FTP Protocol Module provides support for the File Transfer
+ Protocol to the Apache HTTP Server. It allows you to combine
+ Apache's powerful authentication, SSL encryption, dynamic
+ content and filtering capabilities with the venerable FTP
+ protocol.</p>
</div>
-<div id="quickview"><ul id="toc"><li><img alt="" src="../images/down.gif" /> <a href="#documentation">Documentation</a></li>
+<div id="quickview"><ul id="toc"><li><img alt="" src="../images/down.gif" /> <a href="#howtogetftp">How to Obtain the FTP Protocol Module</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#documentation">Documentation</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#mod-ftp"><code>mod_ftp</code></a></li>
</ul></div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="howtogetftp" id="howtogetftp">How to Obtain the FTP Protocol Module</a></h2>
+
+
+
+ <p>The <code class="module"><a href="../mod/mod_ftp.html">mod_ftp</a></code> module is a subproject of the <a href="http://httpd.apache.org/">Apache HTTP Server</a> project and
+ is at this time not distributed with the server. Its source code
+ can be checked out from the Apache Subversion repository at: </p>
+
+ <p><a href="http://svn.apache.org/repos/asf/httpd/mod_ftp/trunk">http://svn.apache.org/repos/asf/httpd/mod_ftp/trunk</a></p>
+
+ <p>See the Apache HTTP Server <a href="http://httpd.apache.org/dev/">Developer Resources</a> page
+ for more information about the Subversion repository.</p>
+
+ <p>Instructions for building <code class="module"><a href="../mod/mod_ftp.html">mod_ftp</a></code> are included
+ in the <em>STATUS</em> file in the repository.</p>
+
+</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="section">
<h2><a name="documentation" id="documentation">Documentation</a></h2>
<ul>
Modified: httpd/mod_ftp/trunk/docs/manual/ftp/index.xml
URL: http://svn.apache.org/viewvc/httpd/mod_ftp/trunk/docs/manual/ftp/index.xml?view=diff&rev=511957&r1=511956&r2=511957
==============================================================================
--- httpd/mod_ftp/trunk/docs/manual/ftp/index.xml (original)
+++ httpd/mod_ftp/trunk/docs/manual/ftp/index.xml Mon Feb 26 11:21:05 2007
@@ -32,8 +32,33 @@
<title>Apache FTP Protocol Support</title>
<summary>
-<p>This is the FTP Protocol Module</p>
+ <p>The FTP Protocol Module provides support for the File Transfer
+ Protocol to the Apache HTTP Server. It allows you to combine
+ Apache's powerful authentication, SSL encryption, dynamic
+ content and filtering capabilities with the venerable FTP
+ protocol.</p>
</summary>
+
+<section id="howtogetftp">
+
+ <title>How to Obtain the FTP Protocol Module</title>
+
+ <p>The <module>mod_ftp</module> module is a subproject of the <a
+ href="http://httpd.apache.org/">Apache HTTP Server</a> project and
+ is at this time not distributed with the server. Its source code
+ can be checked out from the Apache Subversion repository at: </p>
+
+ <p><a
+ href="http://svn.apache.org/repos/asf/httpd/mod_ftp/trunk">http://svn.apache.org/repos/asf/httpd/mod_ftp/trunk</a></p>
+
+ <p>See the Apache HTTP Server <a
+ href="http://httpd.apache.org/dev/">Developer Resources</a> page
+ for more information about the Subversion repository.</p>
+
+ <p>Instructions for building <module>mod_ftp</module> are included
+ in the <em>STATUS</em> file in the repository.</p>
+
+</section>
<section id="documentation"><title>Documentation</title>
<ul>
Modified: httpd/mod_ftp/trunk/docs/manual/mod/mod_ftp.html.en
URL: http://svn.apache.org/viewvc/httpd/mod_ftp/trunk/docs/manual/mod/mod_ftp.html.en?view=diff&rev=511957&r1=511956&r2=511957
==============================================================================
--- httpd/mod_ftp/trunk/docs/manual/mod/mod_ftp.html.en (original)
+++ httpd/mod_ftp/trunk/docs/manual/mod/mod_ftp.html.en Mon Feb 26 11:21:05 2007
@@ -101,12 +101,11 @@
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>External</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ftp</td></tr>
</table>
- <p>This directive defines the port or ports that the Covalent
- Enterprise FTP Server will use when making an active connection
- to the client. It accepts one or two arguments. If only one
- argument is given, the server will always use that port. If
- two arguments are given, the server will treat them as a range
- of ports to be used.</p>
+ <p>This directive defines the port or ports that mod_ftp will
+ use when making an active connection to the client. It accepts
+ one or two arguments. If only one argument is given, the server
+ will always use that port. If two arguments are given, the
+ server will treat them as a range of ports to be used.</p>
<div class="note"><p>By default, Apache will not allow the FTP server to use
privileged ports for active connections. If you specify a
@@ -166,7 +165,7 @@
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>External</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ftp</td></tr>
</table>
- <div class="note">Not documented by Covalent</div>
+ <div class="note">Not documented</div>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
@@ -179,7 +178,7 @@
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>External</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ftp</td></tr>
</table>
- <div class="note">Not documented by Covalent</div>
+ <div class="note">Not documented</div>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
@@ -199,13 +198,11 @@
is defined. The <code>envvar</code> variable must contain a
full, rooted file path, e.g. <code>/some/path</code> on Unix
or <code>d:/some/path</code> on Windows.</p>
-
- <p>This may be used with the <code class="directive">CovalentLDAPPassProperty
- </code> directive, or other directives that provide an
- environment variable assignment, to change FTP's Document Root
- on a per-user basis.</p>
- <div class="example"><p><code>CovalentLDAPPassProperty homeDir </code></p><p><code>FTPDocRootEnv homeDir</code></p><p>Extract a user's LDAP <code>homeDir</code> property, and
- then use it for the user's FTP Document Root.</p></div>
+ <p>This may be used with any authentication module which sets
+ the value of an environment variable based on the logged in
+ user or another condition (similar to <code class="module"><a href="../mod/mod_env.html">mod_env</a></code>
+ or <code class="module"><a href="../mod/mod_setenvif.html">mod_setenvif</a></code> to change FTP's Document Root
+ on a per-user basis.</p>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
@@ -307,13 +304,12 @@
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>External</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ftp</td></tr>
</table>
-
- <p>To allow for <code class="directive"><a href="#ftplimitloginuser">FTPLimitLoginUser</a></code> and
- <code class="directive"><a href="#ftplimitloginserver">FTPLimitLoginServer</a></code> capability, the FTP
- server uses a small DBM file to store login data. This
+ <p>To provide <code class="directive"><a href="#ftplimitloginuser">FTPLimitLoginUser</a></code>
+ and <code class="directive"><a href="#ftplimitloginserver">FTPLimitLoginServer</a></code>
+ features, mod_ftp uses a small DBM file to store login data. This
directive determines the filename-path of that database file.
- If either <code>FTPLimit</code> directive is used, this
- must point to a valid file-location.</p>
+ If either <code>FTPLimit</code> directive is used, this directive
+ must specify a filename for this DBM, writeable by the server.</p>
<div class="example"><p><code><code>FTPLimitDBFile logs/ftplogins</code></code></p></div>
</div>
@@ -328,7 +324,7 @@
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>External</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ftp</td></tr>
</table>
- <div class="note">Not documented by Covalent</div>
+ <div class="note">Not documented</div>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
@@ -473,9 +469,9 @@
the server to show files that the user does not have
authorization to retrieve and directories that the user
does not have authorization to enter (<code>cd</code> will
- fail) when it receives a <code>LIST</code> request. This
- enables the Covalent Enterprise FTP Server to behave like
- most standard FTP servers, where users are allowed to list
+ fail) when it receives a <code>LIST</code> or similar
+ <code>NLST</code> command. These commands will then behave
+ as most standard FTP servers, where users see the list of
all files and directories, even those they are not allowed
to access.</p>
</dd>
Re: svn commit: r511957 - in /httpd/mod_ftp/trunk: STATUS docs/manual/ftp/ftp_intro.xml docs/manual/ftp/ftp_tls.html.en docs/manual/ftp/ftp_tls.xml docs/manual/ftp/index.html.en docs/manual/ftp/index.xml docs/manual/mod/mod_ftp.html.en
Posted by Sander Temme <sa...@temme.net>.
On Feb 26, 2007, at 11:30 AM, André Malo wrote:
> Sander, can you please not use these nobreakspaces in code
> examples? c&p
> into config files doesn't work very well with those (configs won't
> work for
> no apparent reason). You can use the <indent> element for
> indentations.
Oh, I didn't know about <indent>. Awesome. Fixed.
S.
--
sander@temme.net http://www.temme.net/sander/
PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF
Re: svn commit: r511957 - in /httpd/mod_ftp/trunk: STATUS docs/manual/ftp/ftp_intro.xml docs/manual/ftp/ftp_tls.html.en docs/manual/ftp/ftp_tls.xml docs/manual/ftp/index.html.en docs/manual/ftp/index.xml docs/manual/mod/mod_ftp.html.en
Posted by André Malo <nd...@perlig.de>.
* sctemme@apache.org wrote:
> + <example>
> + LoadModule ftp_module /usr/local/apache2/modules/mod_ftp.so<br/>
> + <br/>
> + Listen 990 ftps<br/>
> + AcceptFilter ftps data<br/>
> + <br/>
> + LogFormat "%u [%a] %r %>s" ftp_command<br/>
> + LogFormat "%{%b %e %H:%M:%S %Y}t %T %a %B %U %M %F %d %W %u %S %Z
> %Y" ftp_transfer<br/> + <br/>
> + <VirtualHost _default_:990><br/>
> + <br/>
> +   FTP On<br/>
> +   SSLEngine On<br/>
> +   FTPImplicitSSL On<br/>
> + <br/>
> +   SSLCertificateFile ssl/server.crt<br/>
> +   SSLCertificateKeyFile ssl/server.key<br/>
> + <br/>
> +   ErrorLog logs/ftps_error.log<br/>
> + <br/>
> +   CustomLog logs/ftps_command.log ftp_command<br/>
> +   CustomLog logs/ftps_transfer.log ftp_transfer
> env=do_transfer_log<br/> + <br/>
> +   DocumentRoot "/usr/local/apache2/htdocs"<br/>
> + <br/>
> + </VirtualHost><br/>
> + </example>
Sander, can you please not use these nobreakspaces in code examples? c&p
into config files doesn't work very well with those (configs won't work for
no apparent reason). You can use the <indent> element for indentations.
Thanks, nd
--
"Das Verhalten von Gates hatte mir bewiesen, dass ich auf ihn und seine
beiden Gefährten nicht zu zählen brauchte" -- Karl May, "Winnetou III"
Im Westen was neues: <http://pub.perlig.de/books.html#apache2>
---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org