521 This user is not allowed to connect from this IP

Need help with FileZilla Server? Something does not work as expected? In this forum you may find an answer.

Moderator: Project members

Message
Author
filezilla_em
500 Command not understood
Posts: 5
Joined: 2017-02-14 03:49
First name: Sami

521 This user is not allowed to connect from this IP

#1 Post by filezilla_em » 2017-02-14 03:59

Hi there,

A client is experiencing an issue connecting to our FTP server and I'm having trouble diagnosing whether this is a server side problem or client side.

The background: This FTP connection has been working fine for months, however stopped working last month. There have been no known changes on the server, it has been very much "set and forget".

In the general server options, the "the following IP addresses are not allowed to connect to the server" is empty.

FTPS support is enabled, explicit FTP over TLS is enabled, and "disallow plain unencrypted FTP" is disabled.

In the user options, the "the following IP addresses are not allowed to connect to the server" is empty.

I have tested the connection on two computers outside of our network and I have no issues connecting.

This is a relatively old box, running Windows 2003 and it is not sitting behind a firewall.

Autobans are not enabled.

Full snippet from logs:

(000337) 14/02/2017 8:40:00 AM - (not logged in) (113.192.45.135)> Connected, sending welcome message...
(000337) 14/02/2017 8:40:00 AM - (not logged in) (113.192.45.135)> 220 Welcome.
(000337) 14/02/2017 8:40:00 AM - (not logged in) (113.192.45.135)> USER myusername
(000337) 14/02/2017 8:40:00 AM - (not logged in) (113.192.45.135)> 331 Password required for myusername
(000337) 14/02/2017 8:40:00 AM - (not logged in) (113.192.45.135)> PASS ************
(000337) 14/02/2017 8:40:00 AM - (not logged in) (113.192.45.135)> 521 This user is not allowed to connect from this IP
(000337) 14/02/2017 8:40:00 AM - (not logged in) (113.192.45.135)> disconnected.

I've struggled to find much about this error message on any official FileZilla websites, and am clueless as to where this issue lies.

Appreciate any feedback you have.

User avatar
botg
Site Admin
Posts: 31577
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: 521 This user is not allowed to connect from this IP

#2 Post by botg » 2017-02-14 07:59

Also check the IP filters in the general server options.

Make sure the list of allowed IP addresses contains the problematic address, e.g. via the * wildcard.

If autoban has once been enabled, you need to restart the server service.

filezilla_em
500 Command not understood
Posts: 5
Joined: 2017-02-14 03:49
First name: Sami

Re: 521 This user is not allowed to connect from this IP

#3 Post by filezilla_em » 2017-02-14 23:17

botg wrote:Also check the IP filters in the general server options.

Make sure the list of allowed IP addresses contains the problematic address, e.g. via the * wildcard.

If autoban has once been enabled, you need to restart the server service.
Yep, as mentioned in my post, general server options have been checked and IP filtering is blank (no wildcards).

Autoban is not enabled nor has it ever been.

Any other thoughts? Is this a server-side problem?

User avatar
botg
Site Admin
Posts: 31577
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: 521 This user is not allowed to connect from this IP

#4 Post by botg » 2017-02-15 13:58

Which version of FileZilla Server are you using?

filezilla_em
500 Command not understood
Posts: 5
Joined: 2017-02-14 03:49
First name: Sami

Re: 521 This user is not allowed to connect from this IP

#5 Post by filezilla_em » 2017-02-16 01:41

botg wrote:Which version of FileZilla Server are you using?
0.9.41.

User avatar
botg
Site Admin
Posts: 31577
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: 521 This user is not allowed to connect from this IP

#6 Post by botg » 2017-02-16 09:09

Please update to the most recent version of FileZilla Server.

filezilla_em
500 Command not understood
Posts: 5
Joined: 2017-02-14 03:49
First name: Sami

Re: 521 This user is not allowed to connect from this IP

#7 Post by filezilla_em » 2017-02-16 23:47

botg wrote:Please update to the most recent version of FileZilla Server.
Really? No explanation for the error message I'm receiving?

User avatar
boco
Contributor
Posts: 24153
Joined: 2006-05-01 03:28
Location: Germany

Re: 521 This user is not allowed to connect from this IP

#8 Post by boco » 2017-02-17 01:46

Really?
Really, as only the very latest version is supported. Which is 0.9.60.x, currently.

0.9.41 might be haunted by obscure bugs that are resolved in the latest version. Additionally, 0.9.41 contains unpatched security vulnerabilities and shouldn't be used anymore. Especially on XP!
### BEGIN SIGNATURE BLOCK ###
No support requests per PM! You will NOT get any reply!!!
FTP connection problems? Do yourself a favor and read Network Configuration.
All FileZilla products fully support IPv6. http://worldipv6launch.org
### END SIGNATURE BLOCK ###

filezilla_em
500 Command not understood
Posts: 5
Joined: 2017-02-14 03:49
First name: Sami

Re: 521 This user is not allowed to connect from this IP

#9 Post by filezilla_em » 2017-02-27 23:31

boco wrote:
Really?
Really, as only the very latest version is supported. Which is 0.9.60.x, currently.

0.9.41 might be haunted by obscure bugs that are resolved in the latest version. Additionally, 0.9.41 contains unpatched security vulnerabilities and shouldn't be used anymore. Especially on XP!
I'm not able to upgrade as the latest version isn't supported by my server's o/s. I know you'll probably say that you don't support it but surely there should be some sort of definitive explanation as to what this error message means? Is it categorically a server-side issue or could this be client related?

User avatar
botg
Site Admin
Posts: 31577
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: 521 This user is not allowed to connect from this IP

#10 Post by botg » 2017-02-28 07:56

You absolutely must upgrade to a more modern operating system then. Your current operating system is insecure, it contains a plethora of known, unpatched and actively exploited security vulnerabilities.

User avatar
boco
Contributor
Posts: 24153
Joined: 2006-05-01 03:28
Location: Germany

Re: 521 This user is not allowed to connect from this IP

#11 Post by boco » 2017-02-28 08:27

Since you posted server logs, and lines starting with a number come from the server, it's purely server side (IP ban, ban by Autoban etc.).

Sorry, no further support.
### BEGIN SIGNATURE BLOCK ###
No support requests per PM! You will NOT get any reply!!!
FTP connection problems? Do yourself a favor and read Network Configuration.
All FileZilla products fully support IPv6. http://worldipv6launch.org
### END SIGNATURE BLOCK ###

manxtim
500 Command not understood
Posts: 3
Joined: 2018-10-18 19:49
First name: Tim
Last name: McDade

Re: 521 This user is not allowed to connect from this IP

#12 Post by manxtim » 2018-10-18 20:24

!FIX!

I know this won't help the OP due to the length of time that has past, however, I have found myself in a similar situation and again like the OP there was no answer... BUT I've spent a bit of time and figured it out.

There's two phases to this, bear with me.

Phase 1 (You've definitely done this by now, but it's still a necessary step)

Go to: Edit > Settings > Expand General settings > Select IP Filter > Insert IP into the text field below 'Exclude the following IPs from the list of disallowed IPs, thus allow access again'

Phase 2 (You've not done this yet...)

1. Close Filezilla.
2. STOP Filezilla server service.
3. Go to the application directory, mine was C:\Program Files (x86)\FileZilla Server
4. Copy FileZilla Server.xml and save this to another repository (this is your backup should this fail for you).
5. Edit the version in the original directory mention/discovered in step 3.
6. Look for <Allowed> towards the top, this is on line 14 for me but may differ for you but if you understand the hierarchy this is under <IpFilter>.
7. You will notice the subnet you allowed hasn't been written to this section of the file but it has been written to <Item name="IP Filter Allowed" type="string">, that's the problem... manually add your subnet at the top of the document under <IpFilter><Allow> before or after the IP's so this matches what you had done in phase 1.
8. Save and close the file, restart the service you stopped in step 2 and open the Filezilla server interface, everything should be as it was (check your users are still there) and retry the FTP again.

Revert
1. Close Filezilla.
2. STOP Filezilla server service.
3. Go to the application directory, mine was C:\Program Files (x86)\FileZilla Server
4. Copy the backup you took in Phase 2 step 4 and replace the version you edited.
5. STAR the Filezilla service and open the server interface, your users and settings should reappear.

User avatar
botg
Site Admin
Posts: 31577
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: 521 This user is not allowed to connect from this IP

#13 Post by botg » 2018-10-18 21:13

@manxtim: There is no need to ever manually edit FileZilla Server.xml, you aren't understanding what you're doing.

manxtim
500 Command not understood
Posts: 3
Joined: 2018-10-18 19:49
First name: Tim
Last name: McDade

Re: 521 This user is not allowed to connect from this IP

#14 Post by manxtim » 2018-10-19 08:17

@botg: Let the people make that decision for themselves :)
you aren't understanding what you're doing
That's an assumption on your part, like they say "never assume because it makes an Ass out of U and Me"

You were too quick to palm the OP off with 'upgrade to the latest version', this isn't always feasible and you will find people often run this on hosts that will never be reachable externally; the only weakness there is local/direct connections but this applies to EVERYTHING, it is up to the discretion of the admin.
There is no need to ever manually edit FileZilla Server.xml
The fact is, the front end of the application isn't writing to the config files correctly (in older versions), I don't understand why but I found an answer and it worked so I shared it - Enjoy!

User avatar
botg
Site Admin
Posts: 31577
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: 521 This user is not allowed to connect from this IP

#15 Post by botg » 2018-10-19 09:03

You were too quick to palm the OP off with 'upgrade to the latest version', this isn't always feasible
It is always feasible. What isn't feasible is running outdated, potentially vulnerable software with known bugs.

Post Reply