Using the .ftpaccess file on the hosting

The ftp service provides access control using the .ftpaccess file. This file is created in the directory whose access you want to change. The effect of the directives in the .ftpacces file extends to the directory in which it is located, and to all nested directories and files.

In general, the .ftpaccess structure consists of one or more Limit sections and looks like this:

<Limit parameter>
...
list of directives
...
</Limit>

Parameters in this case can be ALL, DIRS, LOGIN, READ, WRITE, or individual ftp commands.

  • ALL — all ftp commands;
  • DIRS — ftp commands: CDUP, CWD, LIST, MDTM, NLST, PWD, RNFR, STAT, XCUP, XCWD, XPWD;
  • LOGIN — ftp login;
  • READ — ftp commands: RETR, SIZE;
  • WRITE — ftp commands: APPE, DELE, MKD, RMD, RNTO, STOR, STOU, XMKD, XRMD.

Directives:

  • Allow from | Deny from — allow | deny, with values all | none | host | network;
  • Order — specifies the sequence of execution of Allow | Deny directives, can take the values allow, deny or deny, allow
    • allow, deny — Allow directives are checked first, if a match is found, access is allowed, otherwise Deny directives are checked and if a match is found, access is denied, otherwise access is granted;
    • deny, allow — Deny directives are checked first, if a match is found, access is denied, otherwise Allow directives are checked and if a match is found, access is granted;
       
  • AllowAll | DenyAll — allow all | deny all;
  • DeleteAbortedStores on | off — delete files that are not fully downloaded, yes | no;
  • ListOptions — options for showing directories;
  • AllowOverwrite on | off — allows overwriting files;
  • AllowUser | DenyUser — allow | Deny user(s), list of users separated by commas;
  • AllowGroup | DenyGroup — allow | deny user groups, list of groups separated by commas.

Setting up access using Limit

To deny all users access via ftp, specify the following in .ftpaccess:

<Limit ALL>
Deny from all
</Limit>

If you want to allow access only from a specific IP address:

<Limit ALL>
Allow from xx.xx.xx.xx
Deny from all
</Limit>

Where xx.xx.xx.xx is the required IP address.

Otherwise, if you want to deny access from a specific address:

<Limit ALL>
Order deny, allow
Allow from all
Deny from xx.xx.xx.xx
</Limit>

You can also restrict permissions for a specific ftp user. To deny write access for the login_ftp user, where login is your hosting service ID, use the following directives in .ftpaccess:

<Limit WRITE>
DenyUser login_ftp
</Limit>

Other .ftpaccess directives

Delete files that were not fully downloaded:

DeleteAbortedStores on

Do not display hidden files with names starting with a dot:

ListOptions "+a"

Prohibit overwriting existing files:

AllowOverwrite off

Всё ещё остались вопросы?