Is it possible to require FTP over TLS be enforced and not optional?
To secure FTP connections to service nodes Plesk Automation(PA) supports the FTP Secure (FTPS, FTP-SSL) protocol. Unlike the traditional (plain) FTP, FTPS supposes protecting data transferred to and from your server over FTP with SSL and TLS protocols.
As a PA administrator you have the option to select allowed types of FTP connections: secure, plain, or both of them.
We recommend that you allow only FTPS connections. This option secures data and access credentials transferred between the server and clients. Moreover, if you need to comply with the PCI DSS standard, selecting this option is required.
NOTE: Though most of modern FTP client applications support FTPS, some of your customers may use clients that are able to work only through plain FTP. To let such clients connect to your server, allow both FTP and FTPS connections.
By the default, all PA service nodes allows to accept both type of FTP connections: FTP and FTPS. In order to enforce service nodes to accept only FTPS connections please follow instructions below:
If you need to enforce to use FTPS connections on all PA service nodes you should do the following:
Login to Hosting Provider CP as Administrator.
Open following link
- Set required
FTP usage policyand apply changes.
NOTE: do not change any other settings on this page.
After applying settings, PA will reconfigure all Service nodes, for all IP addresses. (Apache, Webmail, IIS).
Also, you can configure FTPS for particular service node. For example, for Apache-based web server:
TLSRequired option can be enabled globally on the service node as follows:
Go to Apache service node shell
Change directory to
# cd /etc/proftpd.d
Create a file with the name like
70-tls.confwith the following content:
<Global> <IfModule mod_tls.c> TLSEngine on TLSRequired on </IfModule> </Global>
# /etc/init.d/xinetd restart Stopping xinetd: [ OK ] Starting xinetd: [ OK ]
For example, for IIS-based web server:
Login to Windows Service node as Administrator.
cmd.exeand execute following command, where
203.0.113.2is IP address of FTP server:
"%plesk_bin%"\ftpmng.exe --update-explicit-ssl --ip-address=203.0.113.2 --enable=true --require
NOTE: If you have several IP address on Windows server you need to perform the same steps for all other server IP addresses.
After this FTP server will require TLS for all incoming connections.