File: ftp-proxy-6.html

package info (click to toggle)
proxy-suite 1.9.2.4-1
  • links: PTS
  • area: main
  • in suites: sarge
  • size: 1,420 kB
  • ctags: 436
  • sloc: ansic: 6,530; sh: 2,955; makefile: 341
file content (75 lines) | stat: -rw-r--r-- 2,735 bytes parent folder | download | duplicates (7)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML>
<HEAD>
 <META NAME="GENERATOR" CONTENT="SGML-Tools 1.0.9">
 <TITLE>The FTP-Proxy White Paper: Command Restriction</TITLE>
 <LINK HREF="ftp-proxy-7.html" REL=next>
 <LINK HREF="ftp-proxy-5.html" REL=previous>
 <LINK HREF="ftp-proxy.html#toc6" REL=contents>
</HEAD>
<BODY>
<A HREF="ftp-proxy-7.html">Next</A>
<A HREF="ftp-proxy-5.html">Previous</A>
<A HREF="ftp-proxy.html#toc6">Contents</A>
<HR>
<H2><A NAME="commandrestriction"></A> <A NAME="s6">6. Command Restriction</A></H2>

<P>The FTP-Proxy allows to define a space separated list of allowed
FTP commands using the <CODE>ValidCommands</CODE> configuration
variable in global and in a per user context.
If this variable is not used (default), no command restriction
will take place and all of the following commands are allowed:
<P>
<PRE>
  ABOR ACCT ALLO APPE CDUP CWD
  DELE HELP LIST MAIL MDTM MKD
  MLFL MODE MRCP MRSQ MSAM MSND
  MSOM NLST NOOP PASS PASV PORT
  PWD  QUIT REIN REST RETR RMD
  RNFR RNTO SITE SIZE SMNT STAT
  STOR STOU STRU SYST TYPE USER
  XCUP XCWD XMKD XPWD XRMD
</PRE>
<P>Otherwise, only commands included in the list are allowed
and all other denied.
<P>
<P>Further, if the FTP-Proxy is compiled with regular expression
support (see 
<A HREF="ftp-proxy-2.html#installation">--with-regex</A> switch),
each command may be followed by an optional equal sign and a
<EM>POSIX 1003.2 Extended Regular Expression (RE)</EM> that
describes the valid argument(s) for the command.
<P>If the whole string is to be matched, the pattern has to start
with a caret (^) and end  with a dollar ($). If no pattern
follows a command, its arguments are not checked.
<P>An example for a name would be the pattern
<CODE>^[a-zA-Z0-9]{1,16}$</CODE>, i.e. as expresion for the USER
command:
<PRE>
  USER=^[a-zA-Z0-9]{1,16}$
</PRE>

This definition specifies, that the argument is mandatory and may
consist of up to 16 letters or digits only.
<P>A command that does not allow any arguments can also easily be
represented, i.e:
<PRE>
  QUIT=^$
</PRE>
<P>
<P>Please note that the regular expression is "pre-processed". This
means that a pattern in the form <CODE>%xx</CODE> will be interpreted
as a hexadecimal constant and will be replaced by the value of
that constant. This looks a bit like HTML and helps to include
characters that might not be handled as expected, like <CODE>%20</CODE>
for space or <CODE>%5c</CODE> (equivalent to <CODE>%5C</CODE>) for backslash.
The space is especially important because it is the separator
for the commands within the list itself.
<P>
<P>
<HR>
<A HREF="ftp-proxy-7.html">Next</A>
<A HREF="ftp-proxy-5.html">Previous</A>
<A HREF="ftp-proxy.html#toc6">Contents</A>
</BODY>
</HTML>