Last modified: September 30, 2024
Looking for this interface?
Your hosting provider can enable or disable this interface for resellers in WHM's Edit Reseller Nameservers and Privileges interface (WHM >> Home >> Resellers >> Edit Reseller Nameservers and Privileges).
Overview
The FTP Server Configuration interface allows you to customize your chosen FTP server’s behavior.
- This interface is only available when you enable FTP services on your server. For more information, read our Service Manager documentation.
- We support Transport Layer Security (TLS) protocol version 1.2.
Configure your ProFTPD server
To configure your ProFTPD server, perform the following steps:
- From the TLS Encryption Support menu, select a setting for TLS encryption of FTP connections:
- Optional — FTP users choose whether to use TLS encryption. This setting offers the best compatibility.
- Required — Requires TLS encryption on commands that users issue to the FTP server and on data that comes through the FTP server. This setting protects all traffic from eavesdroppers.
- In the TLS Options text box, enter
NoSessionReuseRequired
. This is the default setting. This setting softens the requirement to reuse the SSL session for data connections from the control connection. - In the TLS Cipher Suite text box, enter the list, in standard format, of the TLS ciphers that you wish your FTP server to use.
- This setting defaults to
HIGH:MEDIUM:+TLSv1:!SSLv2:+SSLv3
. - Typically, you should only adjust this setting for PCI Compliance.
- For more information about TLS ciphers, read OpenSSL’s Cipher documentation.
- This setting defaults to
- In the TLS Protocol text box, enter the TLSProtocol directive that ProFTPD will use when it establishes SSL/TLS sessions.
- This setting defaults to
SSLv23
. This setting allows theSSLv3
andTLSv1
protocols. - You should only adjust this setting for PCI Compliance.
- This setting defaults to
- From the Allow Anonymous Logins menu, select whether users can log in to your FTP server anonymously.
Warning:We do not recommend that you enable anonymous FTP, because it dangerously compromises the security of your server.
- In the Maximum Idle Time (seconds) text box, enter the number of seconds that an FTP connection may remain idle before the server disconnects it.
- In the Maximum Number of FTP Processes text box, enter the maximum number of active processes the FTP server may create. Because each connection creates a process, this setting limits the total number of FTP connections.
Note:To disable limits on the number of FTP processes, enter none.
- From the Show Symlinks menu, select whether you want ProFTPD to display symbolic links (symlinks) as such, and not as files or directories. The default for this setting is Yes.
- From the Symlink Compatibility menu, select whether you want to allow some FTP clients to display the correct symlinks to directories. The default for this setting is No. If you choose Yes, you must also enable the Show Symlinks setting.
- From the TCP Wrappers menu, select whether you would like ProFTPD to use the TCP Wrappers package. With this package, you can configure the
/etc/hosts.allow
and/etc/hosts.deny
files. For more information on how to edit these files, read our ProFTPD Configuration for Host Access Control documentation. The default for this setting is No.Important:- ProFTPD does not use TCP-Wrappers-based access controls on the following systems:
- AlmaLinux OS
- Rocky Linux™
- CloudLinux™
- Use the functionality available in WHM’s Host Access Control interface for these operating systems.
- The rest of ProFTPD’s functionality still works on these operating systems.
- ProFTPD does not use TCP-Wrappers-based access controls on the following systems:
- Click Save.
For more information about ProFTPD, read ProFTPD’s documentation.
ProFTPD Debug Mode
If you are having issues with your ProFTFD server, you can run ProFTPD’s debug mode to view debug messages.
To access ProFTPD’s debug mode, run the following commands:
|
|
For more information about debugging in ProFTPD, read ProFTPD’s Debugging Problems documentation.
Configure your Pure-FTPd server
To configure your Pure-FTPd server, perform the following steps:
- From the TLS Encryption Support menu, select a setting for TLS encryption of FTP connections:
- Disabled — Disables TLS encryption.
- Optional — FTP users choose whether to use TLS encryption. This setting offers the best compatibility.
- Required (Command) — Requires TLS encryption on all commands users issue to the FTP server. This setting hides passwords and usernames.
- Required (Command/Data) — Requires TLS encryption on commands that users issue to the FTP server and on data that comes through the FTP server. This setting protects all traffic from eavesdroppers.
- In the TLS Cipher Suite text box, enter the list, in standard format, of the TLS ciphers you wish your FTP server to use.
- This setting defaults to
HIGH
. - Typically, you should only adjust this setting for PCI compliance.
- For more information about TLS ciphers, read OpenSSL’s Cipher documentation.
- This setting defaults to
- From the Allow Anonymous Logins menu, select whether cPanel users can enable Anonymous FTP logins via cPanel’s Anonymous FTP interface (cPanel » Home » Files » Anonymous FTP).
Warning:We do not recommend that you enable anonymous FTP, because it dangerously compromises the security of your server.
- From the Allow Anonymous Uploads menu, select whether anonymous users can upload files to your FTP servers.
Warning:We do not recommend that you enable anonymous FTP, because it dangerously compromises the security of your server.
- Enter the maximum load for anonymous downloads in the Maximum Load for Anonymous Downloads text box. If the system’s load average exceeds this setting, your FTP server will prevent downloads by anonymous users.
Warning:We do not recommend that you enable anonymous FTP, because it dangerously compromises the security of your server.
- In the Maximum Idle Time (minutes) text box, enter the number of minutes an FTP connection may remain idle before the server disconnects it.
- Enter the maximum number of FTP connections in the Maximum Connections text box. Your FTP server applies this limit server-wide and not on a per-user basis.
- In the Maximum Connections Per IP Address text box, enter the maximum number of FTP connections to allow from a single IP address.
- From the Allow Logins with Root Password menu, select whether to allow the root password to access all FTP accounts.
- From the Broken Clients Compatibility menu, select whether your FTP server will ignore some protocol standards in order to improve compatibility with buggy FTP clients and firewalls.
Note:
If you select Yes, your FTP server will perform the following actions:
- Create symbolic links (symlinks) as actual files and directories.
- Prompt for a dummy password for an anonymous user.
- Disable FTP passive mode.
- Click Save.
The system stores your configuration in the /etc/pureftpd.conf
file.
For more information about Pure-FTPd, read Pure-FTPd’s documentation.
Increase File Limit
By default, Pure-FTPd only returns the first 10,000 files in a directory. To increase this number, perform the following steps:
- Create the
/var/cpanel/conf/pureftpd/local
file with thetouch
command, if one does not exist. - In a text editor, open the
local
file and add the following line, where15000
represents the value that you wish to increase to:LimitRecursion: 15000 8
. The local file should be in the following YAML format:ChrootEveryone: 'yes' LimitRecursion: 15000 8
- Run the
/usr/local/cpanel/scripts/setupftpserver pure-ftpd --force
command to update the/etc/pure-ftpd.conf
file.