Community
- Command Central
- MVP Program
- Monthly Mission
- Blogs
- Groups
- Events
- Media Vault
Products
- Observability
- Network Management
- Application Management
- IT Security
- IT Service Management
- System Management
- Database Management
Content Exchange
- SolarWinds Platform
- Server & Application Monitor
- Database Performance Analyzer
- Server Configuration Monitor
- Network Performance Monitor
- Network Configuration Manager
- SQL Sentry
- Web Help Desk
Free Tools & Trials

Disable (Cleartext) FTP Option

One of my consulting clients noticed that it isn't possible to disable plain old FTP access when signing on to Serv-U's dual FTP/explicit-FTPS interfaces. This came across as a security issue to them because it allowed people to accidentally send credentials and data in the clear if they didn't configure their client correctly.

(This isn't needed for SFTP because that's always secure, or for HTTP vs. HTTPS because the listeners are on different ports.)

Find more posts tagged with

disable_ftp

ftp_server

ftp

cleartext

Status: None

Comments

dougpapenthien

You can setup a limit to require secure connections (Domain Limits & Settings | Limits | Connection | Require secure connection before login). Once this done, Serv-U expects FTP clients to negotiate a secure connection before it will process a login attempt. Doing so will also cause connections to a regular HTTP listener to get redirected to a corresponding HTTPS listener.