IIS 7 and Above
IP Restrictions On FTP Folders In IIS Not Working
Last post May 18, 2018 04:13 PM by Gr8North
May 09, 2018 05:25 PM|Gr8North|LINK
I've exhaustively searched for an answer to this IP Restrictions issue without success. Any guidance provided is greatly appreciated.
The environment is FTP running in IIS on Windows Server 2016 in Azure. Multiple users are setup in FTP using FTP User Isolation of 'User name physical directory'.
I need to restrict FTP access by IP for some users, but not all. It appears I can add an IP restriction by User folder, as the changes are reflected in the ApplictionaHost.config file for the specific folder. In my sample I am denying one IP address
as a test on the 'UserA" folder. (No 'Allow' feature is set within this testing.)
I hope these images come through.
I have restarted the IIS and FTP services between tests. I cannot get the restriction to work at the folder level. In testing, the only place the IP restriction seems will work is if it is at the top FTP site level. Setting it there it give a 'home folder
The FTP log file shows correct client IPs so it's not a NAT or Proxy issue.
Any thoughts on how to get the IP Restrictions to work on selected FTP User folders? Many thanks in advance.
May 09, 2018 05:32 PM|Gr8North|LINK
Sorry. Images didn't post (First time on this Forum)
In IIS, the FTP site/folders are:
Here is the ApplicationHost.Confg results showing it's for UserA's Path.
<add ipAddress="18.104.22.168" allowed="false" />
May 11, 2018 08:34 AM|deepakpanchal10|LINK
I try to find example regarding restrictions on folders.
Unfortunately, I did not get any example or details or any article or link about it.
It looks like, Currently it is not possible to restrict IP on FTP Folder.
May 11, 2018 04:04 PM|Gr8North|LINK
It is odd that you can configure it at the folder level, but seems not to work.
I couldn't find much on it either. That's why I posted here.
May 18, 2018 06:57 AM|deepakpanchal10|LINK
I did not get any way to put restrictions on folders but you can refer steps below to restrict IP.
How to Restrict FTP Access by IP (via IIS)
May 18, 2018 04:13 PM|Gr8North|LINK
Thank you for your reply and detailed instructions. I am aware of this process. However, it will restrict ALL IPs except those white listed. My requirement is to allow most logins to not be restricted by IP, while specific FTP usernames must be restricted.
That is why it is required at the folder/username level.
I find it interesting that you can create the restriction by IP at the folder level, and it is in the config file for that specific user, but is not respected by IIS.
My search continues.... :D