How to use IP restriction feature to allow only certain IPAddresses

[Suresh Metla <su...@gmail.com>]

Hi All,
I am looking for a feature where i can allow only certain IPAddress to
access FTP Server. Exactly this feature is mentioned on Apache FTP server
feature pages, unfortunatley I couldn't find any documentation on how to
allow IPS, documentation only talk about the black list.
Could you please help if this feature is available on Apache FTPServer?
If Yes, Please let me know how to use this feature.

Thanks,
Suresh Metla.

Re: How to use IP restriction feature to allow only certain IPAddresses

[Emmanuel Lecharny <el...@gmail.com>]

Maarten Bosteels wrote:
> On Mon, Dec 22, 2008 at 11:02 PM, Emmanuel Lecharny <el...@gmail.com>wrote:
>
>   
>> Suresh Metla wrote:
>>
>>     
>>> Hi All,
>>> I am looking for a feature where i can allow only certain IPAddress to
>>> access FTP Server. Exactly this feature is mentioned on Apache FTP server
>>> feature pages, unfortunatley I couldn't find any documentation on how to
>>> allow IPS, documentation only talk about the black list.
>>> Could you please help if this feature is available on Apache FTPServer?
>>> If Yes, Please let me know how to use this feature.
>>>
>>>
>>>       
>> If you can, don't do that on the FtpServer layer. Use a firewall. Way way
>> way better ...
>>     
>
>
> Well, IMO that is an over-generalization.
>   
You're right, Maarten ...

-- 
--
cordialement, regards,
Emmanuel Lécharny
www.iktek.com
directory.apache.org

Re: How to use IP restriction feature to allow only certain IPAddresses

[Maarten Bosteels <mb...@gmail.com>]

On Mon, Dec 22, 2008 at 11:02 PM, Emmanuel Lecharny <el...@gmail.com>wrote:

> Suresh Metla wrote:
>
>> Hi All,
>> I am looking for a feature where i can allow only certain IPAddress to
>> access FTP Server. Exactly this feature is mentioned on Apache FTP server
>> feature pages, unfortunatley I couldn't find any documentation on how to
>> allow IPS, documentation only talk about the black list.
>> Could you please help if this feature is available on Apache FTPServer?
>> If Yes, Please let me know how to use this feature.
>>
>>
> If you can, don't do that on the FtpServer layer. Use a firewall. Way way
> way better ...


Well, IMO that is an over-generalization.
When you're afraid of a DDOS, then using a firewall to only allow a fixed
set op IP's is indeed the way to go.

But when the set of IP's changes frequently and especially when that set can
be changed via your application,
then it's often way more convenient to do the filtering in your app itself.

Have a look at the BlacklistFilter, it's trivial to convert it to a
WhitelistFilter

http://mina.apache.org/report/trunk/apidocs/org/apache/mina/filter/firewall/BlacklistFilter.html

Maarten


>
> It's a bit like 'When you only have a hammer, everything looks like a nail'
> idea.
>
> --
> --
> cordialement, regards,
> Emmanuel Lécharny
> www.iktek.com
> directory.apache.org
>
>
>

Re: How to use IP restriction feature to allow only certain IPAddresses

[Emmanuel Lecharny <el...@gmail.com>]

Suresh Metla wrote:
> Hi All,
> I am looking for a feature where i can allow only certain IPAddress to
> access FTP Server. Exactly this feature is mentioned on Apache FTP server
> feature pages, unfortunatley I couldn't find any documentation on how to
> allow IPS, documentation only talk about the black list.
> Could you please help if this feature is available on Apache FTPServer?
> If Yes, Please let me know how to use this feature.
>   
If you can, don't do that on the FtpServer layer. Use a firewall. Way 
way way better ...

It's a bit like 'When you only have a hammer, everything looks like a 
nail' idea.

-- 
--
cordialement, regards,
Emmanuel Lécharny
www.iktek.com
directory.apache.org

Re: How to use IP restriction feature to allow only certain IPAddresses

[Suresh Metla <su...@gmail.com>]

Thank you all for the reply and suggestions. My whole idea is to keep
restrictions as close to application as possible, firewall rule setup is
tideous process. (not from technical perspective, but maintaince
perspective), Now I will explore the firewall possibilites..

And I will try to create a whitelist out of black list...

Thanks,
Suresh Metla.

On Tue, Dec 23, 2008 at 4:37 AM, Niklas Gustavsson <ni...@protocol7.com>wrote:

> On Mon, Dec 22, 2008 at 9:37 PM, Suresh Metla <su...@gmail.com>
> wrote:
> > I am looking for a feature where i can allow only certain IPAddress to
> > access FTP Server. Exactly this feature is mentioned on Apache FTP server
> > feature pages, unfortunatley I couldn't find any documentation on how to
> > allow IPS, documentation only talk about the black list.
>
> You're correct, we only support blacklisting at the moment (I've
> updated the documentation).
>
> > Could you please help if this feature is available on Apache FTPServer?
> > If Yes, Please let me know how to use this feature.
>
> This feature has been requested before, please add a JIRA ticket
> requesting this feature and we'll have a look at it after 1.0.
>
> /niklas
>

Re: How to use IP restriction feature to allow only certain IPAddresses

[Niklas Gustavsson <ni...@protocol7.com>]

On Mon, Dec 22, 2008 at 9:37 PM, Suresh Metla <su...@gmail.com> wrote:
> I am looking for a feature where i can allow only certain IPAddress to
> access FTP Server. Exactly this feature is mentioned on Apache FTP server
> feature pages, unfortunatley I couldn't find any documentation on how to
> allow IPS, documentation only talk about the black list.

You're correct, we only support blacklisting at the moment (I've
updated the documentation).

> Could you please help if this feature is available on Apache FTPServer?
> If Yes, Please let me know how to use this feature.

This feature has been requested before, please add a JIRA ticket
requesting this feature and we'll have a look at it after 1.0.

/niklas

Re: How to use IP restriction feature to allow only certain IPAddresses

[Niklas Gustavsson <ni...@protocol7.com>]

On Mon, Dec 22, 2008 at 9:37 PM, Suresh Metla <su...@gmail.com> wrote:
> I am looking for a feature where i can allow only certain IPAddress to
> access FTP Server. Exactly this feature is mentioned on Apache FTP server
> feature pages, unfortunatley I couldn't find any documentation on how to
> allow IPS, documentation only talk about the black list.

You're correct, we only support blacklisting at the moment (I've
updated the documentation).

> Could you please help if this feature is available on Apache FTPServer?
> If Yes, Please let me know how to use this feature.

This feature has been requested before, please add a JIRA ticket
requesting this feature and we'll have a look at it after 1.0.

/niklas