|
Home > Archive > IIS FTP Server > November 2004 > FTP Isolation in IIS 5?
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
FTP Isolation in IIS 5?
|
|
| Fernie 2004-11-08, 2:46 am |
| I recently eliminated the use of dedicated IPs by using host headers on my
webserver to host multiple domains. After I was all done, I realized that
FTP no longer worked since each domain relied on its own IP address.
I followed a very useful link that Bernard had posted below:
How To Set Up an FTP Site So That Users Log Onto Their Folders
http://support.microsoft.com/?id=201771
I was able to allow users to log into their own folder. What I would really
like to do now is to prevent users from navigating up to the root and seeing
other directories (even though access is restricted by folder permissions).
Can someone please provide a suggestion or point me to an applicable article
explaining how user isolation in IIS could be accomplished?
Thank you very much,
Fernie
--
ELKNews FREE Edition - Empower your News Reader! http://www.atozedsoftware.com
| |
| Fernie 2004-11-08, 2:46 am |
| Hi Bernard,
Before this post, I had missed a response that you posted earlier.
I am using physical, not virtual directories to store domain data and most
of these domains also run isapi dlls and cgi executables.
Looking at the instructions on virtual directories, it appears to me that it
is too late for me to convert to virtual domains without lots of work and
website disruptions.
Are there good 3rd party FTP servers that would provide isolation even
though I wish to use the same ip and port? How about a system that allows
end users to upload using HTTP since host headers are supported?
Can you or someone offer a suggestion so that I can obtain complete user
isolation like I had before when using a dedicated IP for each domain?
Thanks in Advance,
Fernie
--
ELKNews FREE Edition - Empower your News Reader! http://www.atozedsoftware.com
| |
| Bernard 2004-11-08, 2:46 am |
| The isolation provided by IIS 5 is a workaround not a real isolation, hence
to hide the user folder, we use 'virtual directory', next I'm not sure about
other ftp server, but you can try google.com. And I have not see one ftp
server that support the so called 'host header' in ftp world.
In your case, even though user able to 'cd ..' and navigate to the ftproot
directory, without proper NTFS permissions, userA will not be able to access
userB folder.
To achieve full user isolation via IIS FTP, you need IIS 6 running on W2k3.
or else, then you need new IP for each ftp site.
--
Regards,
Bernard Cheah
http://www.tryiis.com/
http://support.microsoft.com/
http://www.msmvps.com/bernard/
"Fernie" <Fernie@not_thisDocSignings.net> wrote in message
news:29B5DC2761B3E240Fernie@not_thisDocS
ignings.net...
> Hi Bernard,
>
> Before this post, I had missed a response that you posted earlier.
>
> I am using physical, not virtual directories to store domain data and most
> of these domains also run isapi dlls and cgi executables.
>
> Looking at the instructions on virtual directories, it appears to me that
it
> is too late for me to convert to virtual domains without lots of work and
> website disruptions.
>
> Are there good 3rd party FTP servers that would provide isolation even
> though I wish to use the same ip and port? How about a system that allows
> end users to upload using HTTP since host headers are supported?
>
> Can you or someone offer a suggestion so that I can obtain complete user
> isolation like I had before when using a dedicated IP for each domain?
>
> Thanks in Advance,
>
> Fernie
>
>
>
> --
>
> ELKNews FREE Edition - Empower your News Reader!
http://www.atozedsoftware.com
| |
| Fernie 2004-11-08, 5:50 pm |
| Thanks very much for your response.
Regards,
Fernie
"Bernard" <qbernard@hotmail.com.discuss> wrote in message
news:eInc2rWxEHA.3416@TK2MSFTNGP09.phx.gbl...
> The isolation provided by IIS 5 is a workaround not a real isolation,
> hence
> to hide the user folder, we use 'virtual directory', next I'm not sure
> about
> other ftp server, but you can try google.com. And I have not see one ftp
> server that support the so called 'host header' in ftp world.
>
> In your case, even though user able to 'cd ..' and navigate to the ftproot
> directory, without proper NTFS permissions, userA will not be able to
> access
> userB folder.
>
> To achieve full user isolation via IIS FTP, you need IIS 6 running on
> W2k3.
> or else, then you need new IP for each ftp site.
>
> --
> Regards,
> Bernard Cheah
> http://www.tryiis.com/
> http://support.microsoft.com/
> http://www.msmvps.com/bernard/
--
ELKNews FREE Edition - Empower your News Reader! http://www.atozedsoftware.com
|
|
|
|
|