FileZilla Forums

Welcome to the official discussion forums for FileZilla
Donate to project
It is currently 2014-04-19 02:15

All times are UTC




Post new topic Reply to topic  [ 9 posts ] 
Author Message
PostPosted: 2007-10-22 06:53 
Offline
500 Command not understood

Joined: 2007-10-22 06:31
Posts: 3
I've been using FileZilla server 0.9.23 beta for quite a while with no problems. Like many others have posted here, I too am blocking IP ranges from China, Spain, etc., due to stupid hackers attempting to get in via a non-existent 'Administrator' account.

In the process of modifying my configuration to block certain IP ranges, I discovered that IP filtering on the general settings page works just fine, as does filtering on the Groups page. However, IP filtering on the Users page DOES NOT work. This is true for both 0.9.23 and the newer 0.9.24, which I just installed a few minutes ago.

So, it would seem that FileZilla Server is not honoring the IP filters on the Users page at all. Which brings up my question: What is the difference (if any) between the IP filter lists in the three different locations, "General Settings," "Groups," and "Users?" If they are all supposed to have the same effect, why have three lists? And also, if they are supposed to have the same effect, why do the lists in Groups and General Settings work just fine, while the list in Users doesn't work at all?

Thanks,

- Dennis


Top
 Profile  
 
 Post subject:
PostPosted: 2007-10-22 07:18 
Offline
Site Admin
User avatar

Joined: 2004-02-23 20:49
Posts: 22530
The IP filters for the users and groups prevent users/groups from logging on. I've just tried it again, works as expected here.


Top
 Profile  
 
 Post subject:
PostPosted: 2007-10-22 17:49 
Offline
500 Command not understood

Joined: 2007-10-22 06:31
Posts: 3
Okay, then I don't understand what the "as expected" behavior is, and there doesn't seem to be a well-documented explanation anywhere that I can find.

So, let me ask again...how do the IP filter lists in users/groups differ from each other and from the IP filter list on the general settings page? All three of the lists seem to do exactly the same thing (that is, to simply block access from certain IP addresses), and as such, I do not understand why there are three lists. For what reason(s) would I prefer to use one list over another?

Perhaps if I understood why there are three lists, and how they differ from each other, I would then understand why am I able to log on via an address that is listed in the IP filter range on the Users page. I have a username listed in the "Users" list. I have an IP address in the IP filters list. Yet, that user can log on with no problem even if connecting from the address listed in the IP filter list. This is not the case if the address is given in the general settings page, or if it is given in the groups IP filter list. So, either there is a bug in the IP filter list for Users, or "as expected" means something different to you than it does to me.

I am able to block the unwanted access via the general settings page, but I am also eager to get an explanation for the behavior I am seeing.

Thanks,

- Dennis


Top
 Profile  
 
 Post subject:
PostPosted: 2007-10-22 23:37 
Offline
500 Command not understood

Joined: 2007-10-22 23:32
Posts: 1
User IP filter: blocks access to specified user from specified IPs
Group IP filter: blocks access to specified group from specified IPs
General settings filter: blocks access to filezilla server from specified IPs


Top
 Profile  
 
 Post subject:
PostPosted: 2007-10-23 01:10 
Offline
500 Command not understood

Joined: 2007-10-22 06:31
Posts: 3
OH! Duh! *NOW* I see how it works! The IP filter list is User- and Group-specific. Thus, when I enter an IP address into the list, that address is tied to the currently selected user or group, and I have verified that it is indeed working "as expected". Thank you so much for the clarification. I knew there was something wrong with how I was interpreting the interface.

Okay, now this brings up another issue, because what threw me off was, from a user's perspective, hierarchical items are usually arranged so that the higher-order elements are displayed on the left-hand side of the window (at least in western languages where text is read from left-to-right). But in FileZilla, this is backwards -- the user list controls what you see, but the user list is on the right-hand side of the window (which is somewhat counter-intuitive).

I would suggest that this be changed. Since everything is subordinate to the selected user/group, the "Users" and "Groups" lists should be at the far left, with the "Page" list in the middle, and finally the selected page on the right. IMO, this would be more intuitive for users.

Thanks again,

- Dennis


Top
 Profile  
 
PostPosted: 2008-02-07 14:14 
Offline
500 Command not understood

Joined: 2008-02-07 14:06
Posts: 1
Location: N. Illinois
I love the server but for these documentation quirks.

When listing various IP addresses for the filter, what do I use as a separator for the multiple addresses? A space?

I.e. 59.120.154.223 89.97.247.142 60.250.127.184 204.15.150.34

Newton


Top
 Profile  
 
PostPosted: 2008-02-07 17:11 
Offline
Site Admin
User avatar

Joined: 2004-02-23 20:49
Posts: 22530
Space or newline.


Top
 Profile  
 
 Post subject: Re:
PostPosted: 2009-03-22 11:06 
Offline
500 Command not understood

Joined: 2009-03-22 10:44
Posts: 2
djones wrote:
OH! Duh! *NOW* I see how it works! The IP filter list is User- and Group-specific. Thus, when I enter an IP address into the list, that address is tied to the currently selected user or group, and I have verified that it is indeed working "as expected". Thank you so much for the clarification. I knew there was something wrong with how I was interpreting the interface.

Okay, now this brings up another issue, because what threw me off was, from a user's perspective, hierarchical items are usually arranged so that the higher-order elements are displayed on the left-hand side of the window (at least in western languages where text is read from left-to-right). But in FileZilla, this is backwards -- the user list controls what you see, but the user list is on the right-hand side of the window (which is somewhat counter-intuitive).

I would suggest that this be changed. Since everything is subordinate to the selected user/group, the "Users" and "Groups" lists should be at the far left, with the "Page" list in the middle, and finally the selected page on the right. IMO, this would be more intuitive for users.

Thanks again,

- Dennis


100% agree with that cosmetic which would prevent that kind of questions. I think it would be more intuitive if the "User"/"Group" lists were left most placed with their Add/remove/rename/copy buttons, then at right the "Page:" options selector, then right most the settings themselves. This would be more similar as the "General Setteings" left to right hierarchical presentation.

Although, this doesn't help to find an answer to your question "Why should I prefer using IP rules from User/Group or General settings", because there is no explanation on which one have precedance over the other(s), which overrides which.
Did you found?
I'd like to forbid all connections once for all (the better place would be in "General settings") with 0.0.0.0/0.0.0.0 (is it the good syntax?) then allow access on a per User or Group basis. Should I leave the user/group forbid field blank and only enter the exceptions?
What means "Exclude the following IPs from the list of disallowed IPs, thus enbling access again" when the disallowed IPs list is empty?

THank for help or any "what to read" about that


Top
 Profile  
 
PostPosted: 2009-03-22 12:38 
Offline
500 Command not understood

Joined: 2009-03-22 10:44
Posts: 2
I found that disallowing any IP connection ( * ) at General level seems to block any user level allowed IP. To grant back the ability to connect, I had to add the IP also at the general level which makes the user/roup level rules completly unusefull.
I can't beleive this is a bug because Filezilla exists for many years I think, so surely I misunderstand something in the so called "intended behaviour".


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 9 posts ] 

All times are UTC


Who is online

Users browsing this forum: Bing [Bot] and 9 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Dedicated server provided by Artmotion.
Forum sponsored by Everyware.ch.
Powered by phpBB® Forum Software © phpBB Group