Filezilla is a powerful Open Source FTP server with a host of features that
any organization will find useful. Among other things it supports secure SSL/TLS
connections, per user speed limit, user groups and much more. In this article,
we will tell you how to setup your own FTP server using Filezilla and configure
it for secured access using SSL and Anti FXP.
Installation
FileZilla Server is just a 2.5MB download. Once you start setup, you have to
choose between the standard, full or service only suite. You can also choose how
FileZilla server should be started; whether as a service automatically started
with windows, as a service started manually, or not as a service but a direct
server. Here, the port where the admin interface of FileZilla listens to is also
needed (which is 14147 by default).
Setting up & configuring User accounts
Once the Installation is done, and the server application is started, you have
to enter the IP address of your FTP server alongwith the port number and admin
password. From the user interface go to the edit menu tab and click on users.
Here, you can add/remove/rename or copy user accounts and set specific shared
folders with data access options such as Read only or read and write, or delete
and append accessibility for various account users. You can also set speed
limits and IP filters for various users within these settings.
|
Configuring Anti-FXP
Filezilla comes with many advanced FTP features such as Anti FXP. Here, FXP
stands for file exchange protocol; it's a method that transfers data from one
FTP server to another. The problem with allowing FXP is that the server becomes
vulnerable to FTP bounce attack. In this attack, an attacker can use the “PORT”
command to access unwanted FTP server ports indirectly and transfer data
directly to his/her own FTP server. By default Anti FXP is enabled when
Filezilla is started. It can be disabled by going to the security settings, but
it is recommended that it should remain enabled, unless you're using multiple
FTP servers yourself and need to transfer data between them.
You can define a number of parameters when you add users to your FileZilla Server, such as enforce SSL, set connection limit per IP, etc |
Configuring SSL/TSL
Another important advanced feature is SSL/TLS support. By default SSL support is
disabled but it can be enabled from the settings to enhance server security. If
the SSL/TLS support is enabled a private key file and certificate file must be
provided for the setting to be accepted alongwith the key password. There is an
option to force start SSL/TLS on all the connections and if SSL is to be enabled
on specific connections only, then the port to be used for such connections can
also be specified. In case a certificate is unavailable, FileZilla has its own
new certificate generation provision available in the SSL settings box. To
generate a certificate, simply click on the generate new certificate button, a
new window will pop up with options for key size and various information boxes
such as Locality, Organization, Contact email, server address and a
key/certificate file name. Out of the above just select the key size and put in
the name of the key/certificate and click on generate certificate. It will
automatically generate a certificate and associate it with the server.
You can enable the Anti-FXP option in FileZilla server so that there's no data transfer bettween your FTP server and others. It's a useful feature to prevent bounce attacks |
In the settings menu itself you can change various settings of the server.
The passive mode setting allow you to enter your external IP or select the
option to retrieve the IP from a website which is helpful if you are behind a
firewall or a router and have a dynamic IP address. There are also setting to
enable GSS support for Kerberos, if you have it installed. When enabled, all
data transfers between FileZilla server and client will be encrypted. Other than
these, you can enable or disable connections logging and transfer, transfer
speed limits and setup File transfer compressions using Mode Z .When enabled, it
compresses files on the fly when transferring them. To conserve CPU power, Mode
Z compression is not recommended inside Local Area networks .
The FileZilla server allows FTP clients to connect securely to it via SSL. When you enable SSL support, you have to provide the files for private key and certificate. Both of these can be generated by clicking on the Generate new certificate button |