521 This user is not allowed to connect from this IP
Moderator: Project members
-
- 500 Command not understood
- Posts: 5
- Joined: 2017-02-14 03:49
- First name: Sami
521 This user is not allowed to connect from this IP
Hi there,
A client is experiencing an issue connecting to our FTP server and I'm having trouble diagnosing whether this is a server side problem or client side.
The background: This FTP connection has been working fine for months, however stopped working last month. There have been no known changes on the server, it has been very much "set and forget".
In the general server options, the "the following IP addresses are not allowed to connect to the server" is empty.
FTPS support is enabled, explicit FTP over TLS is enabled, and "disallow plain unencrypted FTP" is disabled.
In the user options, the "the following IP addresses are not allowed to connect to the server" is empty.
I have tested the connection on two computers outside of our network and I have no issues connecting.
This is a relatively old box, running Windows 2003 and it is not sitting behind a firewall.
Autobans are not enabled.
Full snippet from logs:
(000337) 14/02/2017 8:40:00 AM - (not logged in) (113.192.45.135)> Connected, sending welcome message...
(000337) 14/02/2017 8:40:00 AM - (not logged in) (113.192.45.135)> 220 Welcome.
(000337) 14/02/2017 8:40:00 AM - (not logged in) (113.192.45.135)> USER myusername
(000337) 14/02/2017 8:40:00 AM - (not logged in) (113.192.45.135)> 331 Password required for myusername
(000337) 14/02/2017 8:40:00 AM - (not logged in) (113.192.45.135)> PASS ************
(000337) 14/02/2017 8:40:00 AM - (not logged in) (113.192.45.135)> 521 This user is not allowed to connect from this IP
(000337) 14/02/2017 8:40:00 AM - (not logged in) (113.192.45.135)> disconnected.
I've struggled to find much about this error message on any official FileZilla websites, and am clueless as to where this issue lies.
Appreciate any feedback you have.
A client is experiencing an issue connecting to our FTP server and I'm having trouble diagnosing whether this is a server side problem or client side.
The background: This FTP connection has been working fine for months, however stopped working last month. There have been no known changes on the server, it has been very much "set and forget".
In the general server options, the "the following IP addresses are not allowed to connect to the server" is empty.
FTPS support is enabled, explicit FTP over TLS is enabled, and "disallow plain unencrypted FTP" is disabled.
In the user options, the "the following IP addresses are not allowed to connect to the server" is empty.
I have tested the connection on two computers outside of our network and I have no issues connecting.
This is a relatively old box, running Windows 2003 and it is not sitting behind a firewall.
Autobans are not enabled.
Full snippet from logs:
(000337) 14/02/2017 8:40:00 AM - (not logged in) (113.192.45.135)> Connected, sending welcome message...
(000337) 14/02/2017 8:40:00 AM - (not logged in) (113.192.45.135)> 220 Welcome.
(000337) 14/02/2017 8:40:00 AM - (not logged in) (113.192.45.135)> USER myusername
(000337) 14/02/2017 8:40:00 AM - (not logged in) (113.192.45.135)> 331 Password required for myusername
(000337) 14/02/2017 8:40:00 AM - (not logged in) (113.192.45.135)> PASS ************
(000337) 14/02/2017 8:40:00 AM - (not logged in) (113.192.45.135)> 521 This user is not allowed to connect from this IP
(000337) 14/02/2017 8:40:00 AM - (not logged in) (113.192.45.135)> disconnected.
I've struggled to find much about this error message on any official FileZilla websites, and am clueless as to where this issue lies.
Appreciate any feedback you have.
Re: 521 This user is not allowed to connect from this IP
Also check the IP filters in the general server options.
Make sure the list of allowed IP addresses contains the problematic address, e.g. via the * wildcard.
If autoban has once been enabled, you need to restart the server service.
Make sure the list of allowed IP addresses contains the problematic address, e.g. via the * wildcard.
If autoban has once been enabled, you need to restart the server service.
-
- 500 Command not understood
- Posts: 5
- Joined: 2017-02-14 03:49
- First name: Sami
Re: 521 This user is not allowed to connect from this IP
Yep, as mentioned in my post, general server options have been checked and IP filtering is blank (no wildcards).botg wrote:Also check the IP filters in the general server options.
Make sure the list of allowed IP addresses contains the problematic address, e.g. via the * wildcard.
If autoban has once been enabled, you need to restart the server service.
Autoban is not enabled nor has it ever been.
Any other thoughts? Is this a server-side problem?
Re: 521 This user is not allowed to connect from this IP
Which version of FileZilla Server are you using?
-
- 500 Command not understood
- Posts: 5
- Joined: 2017-02-14 03:49
- First name: Sami
Re: 521 This user is not allowed to connect from this IP
0.9.41.botg wrote:Which version of FileZilla Server are you using?
Re: 521 This user is not allowed to connect from this IP
Please update to the most recent version of FileZilla Server.
-
- 500 Command not understood
- Posts: 5
- Joined: 2017-02-14 03:49
- First name: Sami
Re: 521 This user is not allowed to connect from this IP
Really? No explanation for the error message I'm receiving?botg wrote:Please update to the most recent version of FileZilla Server.
Re: 521 This user is not allowed to connect from this IP
Really, as only the very latest version is supported. Which is 0.9.60.x, currently.Really?
0.9.41 might be haunted by obscure bugs that are resolved in the latest version. Additionally, 0.9.41 contains unpatched security vulnerabilities and shouldn't be used anymore. Especially on XP!
No support requests over PM! You will NOT get any reply!!!
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
-
- 500 Command not understood
- Posts: 5
- Joined: 2017-02-14 03:49
- First name: Sami
Re: 521 This user is not allowed to connect from this IP
I'm not able to upgrade as the latest version isn't supported by my server's o/s. I know you'll probably say that you don't support it but surely there should be some sort of definitive explanation as to what this error message means? Is it categorically a server-side issue or could this be client related?boco wrote:Really, as only the very latest version is supported. Which is 0.9.60.x, currently.Really?
0.9.41 might be haunted by obscure bugs that are resolved in the latest version. Additionally, 0.9.41 contains unpatched security vulnerabilities and shouldn't be used anymore. Especially on XP!
Re: 521 This user is not allowed to connect from this IP
You absolutely must upgrade to a more modern operating system then. Your current operating system is insecure, it contains a plethora of known, unpatched and actively exploited security vulnerabilities.
Re: 521 This user is not allowed to connect from this IP
Since you posted server logs, and lines starting with a number come from the server, it's purely server side (IP ban, ban by Autoban etc.).
Sorry, no further support.
Sorry, no further support.
No support requests over PM! You will NOT get any reply!!!
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
-
- 500 Command not understood
- Posts: 3
- Joined: 2018-10-18 19:49
- First name: Tim
- Last name: McDade
Re: 521 This user is not allowed to connect from this IP
!FIX!
I know this won't help the OP due to the length of time that has past, however, I have found myself in a similar situation and again like the OP there was no answer... BUT I've spent a bit of time and figured it out.
There's two phases to this, bear with me.
Phase 1 (You've definitely done this by now, but it's still a necessary step)
Go to: Edit > Settings > Expand General settings > Select IP Filter > Insert IP into the text field below 'Exclude the following IPs from the list of disallowed IPs, thus allow access again'
Phase 2 (You've not done this yet...)
1. Close Filezilla.
2. STOP Filezilla server service.
3. Go to the application directory, mine was C:\Program Files (x86)\FileZilla Server
4. Copy FileZilla Server.xml and save this to another repository (this is your backup should this fail for you).
5. Edit the version in the original directory mention/discovered in step 3.
6. Look for <Allowed> towards the top, this is on line 14 for me but may differ for you but if you understand the hierarchy this is under <IpFilter>.
7. You will notice the subnet you allowed hasn't been written to this section of the file but it has been written to <Item name="IP Filter Allowed" type="string">, that's the problem... manually add your subnet at the top of the document under <IpFilter><Allow> before or after the IP's so this matches what you had done in phase 1.
8. Save and close the file, restart the service you stopped in step 2 and open the Filezilla server interface, everything should be as it was (check your users are still there) and retry the FTP again.
Revert
1. Close Filezilla.
2. STOP Filezilla server service.
3. Go to the application directory, mine was C:\Program Files (x86)\FileZilla Server
4. Copy the backup you took in Phase 2 step 4 and replace the version you edited.
5. STAR the Filezilla service and open the server interface, your users and settings should reappear.
I know this won't help the OP due to the length of time that has past, however, I have found myself in a similar situation and again like the OP there was no answer... BUT I've spent a bit of time and figured it out.
There's two phases to this, bear with me.
Phase 1 (You've definitely done this by now, but it's still a necessary step)
Go to: Edit > Settings > Expand General settings > Select IP Filter > Insert IP into the text field below 'Exclude the following IPs from the list of disallowed IPs, thus allow access again'
Phase 2 (You've not done this yet...)
1. Close Filezilla.
2. STOP Filezilla server service.
3. Go to the application directory, mine was C:\Program Files (x86)\FileZilla Server
4. Copy FileZilla Server.xml and save this to another repository (this is your backup should this fail for you).
5. Edit the version in the original directory mention/discovered in step 3.
6. Look for <Allowed> towards the top, this is on line 14 for me but may differ for you but if you understand the hierarchy this is under <IpFilter>.
7. You will notice the subnet you allowed hasn't been written to this section of the file but it has been written to <Item name="IP Filter Allowed" type="string">, that's the problem... manually add your subnet at the top of the document under <IpFilter><Allow> before or after the IP's so this matches what you had done in phase 1.
8. Save and close the file, restart the service you stopped in step 2 and open the Filezilla server interface, everything should be as it was (check your users are still there) and retry the FTP again.
Revert
1. Close Filezilla.
2. STOP Filezilla server service.
3. Go to the application directory, mine was C:\Program Files (x86)\FileZilla Server
4. Copy the backup you took in Phase 2 step 4 and replace the version you edited.
5. STAR the Filezilla service and open the server interface, your users and settings should reappear.
Re: 521 This user is not allowed to connect from this IP
@manxtim: There is no need to ever manually edit FileZilla Server.xml, you aren't understanding what you're doing.
-
- 500 Command not understood
- Posts: 3
- Joined: 2018-10-18 19:49
- First name: Tim
- Last name: McDade
Re: 521 This user is not allowed to connect from this IP
@botg: Let the people make that decision for themselves
You were too quick to palm the OP off with 'upgrade to the latest version', this isn't always feasible and you will find people often run this on hosts that will never be reachable externally; the only weakness there is local/direct connections but this applies to EVERYTHING, it is up to the discretion of the admin.
That's an assumption on your part, like they say "never assume because it makes an Ass out of U and Me"you aren't understanding what you're doing
You were too quick to palm the OP off with 'upgrade to the latest version', this isn't always feasible and you will find people often run this on hosts that will never be reachable externally; the only weakness there is local/direct connections but this applies to EVERYTHING, it is up to the discretion of the admin.
The fact is, the front end of the application isn't writing to the config files correctly (in older versions), I don't understand why but I found an answer and it worked so I shared it - Enjoy!There is no need to ever manually edit FileZilla Server.xml
Re: 521 This user is not allowed to connect from this IP
It is always feasible. What isn't feasible is running outdated, potentially vulnerable software with known bugs.You were too quick to palm the OP off with 'upgrade to the latest version', this isn't always feasible