With the FTPService, the Integration Server provides a complete FTP server, which, through its integration into the overall system, is able to inform all connected applications about FTP events. This might, for example be the uploading of files by a partner to which can be responded with immediate processing. The FTPService offers the following possibilities.

FTP (plain), FTPS (implicit and explicit).
FTP in active or passive transmission mode.
Limitation of FTP functionality, e.g. to certain network addresses and ports.
Subsequent processing by using the MessageService.

XML configuration

Important note: The availability of a service depends on the license purchased and whether the service has been registered in the configuration file ./etc/factory.xml of the Service Factory (changes require server restart!). There you will also find the responsible configuration file for a service, otherwise you can also edit the configuration file of the service directly in the GUI of the service (changes require a service restart!).

The following XML fragment with all possible settings can be used to configure the FTPService.

<Set name="anonymousLogin" type="boolean">true</Set>
<Set name="delayTimeBetweenLogin">10</Set>
<Set name="denyDuplicateLogin" type="boolean">true</Set>
<Set name="denyDirCreation">False</Set>
<Set name="keyPassword">passwd</Set>
<Set name="keystore">./crypt/ks.dat</Set>
<Set name="listenAddress"></Set>
<Set name="maxConnections">200</Set>
<Set name="useUtf8Encoding" type="boolean">true</Set>
<Set name="passiveHost"></Set>
<Set name="passivePort">10001</Set>
<Set name="securePassiveHost"></Set>
<Set name="securePassivePort">20001</Set>
<Set name="port">21</Set>
<Set name="secureFtpServerPort">-1</Set>
<Set name="authenticationService">AuthenticationService</Set>
<Set name="communicationLogService">CommunicationLogService</Set>
<Set name="unrestrictedActiveHost" type="boolean">false</Set>
<Call name="setPortRange">
	<Arg type="int">port from</Arg>
	<Arg type="int">port until</Arg>
</Call>
<Call name="setSecurePortRange">
	<Arg type="int">port from</Arg>
	<Arg type="int">port until</Arg>
</Call>

The parameters have the following meaning.

Parameter	Description
anonymousLogin	When set, users using the anonymous account will be able to access a restricted area without a password.
delayTimeBetweenLogin	Specifies the time in seconds to wait after a login (unsuccessful and unsuccessful) until a new login attempt is enabled. This can, for example, make dictionary attacks more difficult.
denyDuplicateLogin	If set, users are only able to log in with one session at a time. Attempting to establish a second connection with this user account will be rejected.
denyDirCreation	If set to true, no FTP user can create or delete subdirectories.
keyPassword	The password to use for the keystore (see below).
keystore	Filename of the keystore to use.
listenAddress	IP address to listen for incoming connections. If no address is specified, all available addresses listen for incoming connections.
maxConnections	Specifies the maximum number of simultaneous open connections.
useUtf8Encoding	Specifies whether the the LIST command return the file names with UTF8 encoding.
passiveHost	Specifies the host name for a passive connection that is communicated to the client to connect to.
passivePort	Specifies the port that the server uses to listen for a passive connection. Attention: If this parameter is set, then only one FTP client can access the service in passive mode at the same time. setPortRange can specify a range of ports.
securePassiveHost	Specifies the host name for a SSL-encrypted passive connection that is communicated to the client to connect to.
securePassivePort	Specifies the port that the server uses to listen for SSL-encrypted passive connections.
port	Specifies the port on which the FTPService waits for incoming connections.
secureFtpServerPort	Specifies the port on which the FTPService waits for incoming SSL-encrypted connections.
setPortRange	You can restrict the port range for passive connections. Only the ports within this range will be open.
setSecurePortRange	You can restrict the port range for SSL-encrypted passive connections. Only the ports within this range will be open.
authenticationService	The name of the AuthenticationService.
communicationLogService	The name of the CommunicationLogService.
unrestrictedActiveHost	Here you can set whether the server should accept a different IP than the one from which the control channel was opened. The default value is false. If "true", a so-called bounce attack could create a security issue.
keystore	Filename of the keystore to use.

Enabling the Message-based notification

The following XML fragment activates the notification of applications via the MessageService for incoming files and other FTP-based events.

<Call name="enableMessageService">
	<Arg>MessageService</Arg>
	<Arg>System</Arg>
	<Arg>ftp</Arg>
</Call>

The arguments have the following meaning.

Arguments	Description
MessageService	The name of the MessageService to use. This is generally the name seen in the example and should not be changed.
System	The message context. System is the default context.
ftp	The message queue. ftp is the default queue.

Activating the "FtpLog" manager

If FTP sessions are to be monitored via the FtpLog manager, the following XML fragment has to be be used.

<Call name="enableFtpLog">
	<Arg type="boolean">true</Arg>
</Call>
<Set name="logManagerName">FtpLog</Set>
<Set name="logServiceName">LogService</Set>

LogManagerName and logServiceName can be used to configure where the log messages should be written.

Setting whitelist and blacklist entries

With this XML fragment, a whitelist (allowed addresses) and blacklist (non-allowed addresses) can be added. You can specify a single IP address with addIpAddress and an address range with addAddressRange.

<!-- define white access list here -->
<Call name="getWhiteAccessList">
	<Call name="addIpAddress"><Arg>a_single_IP_address</Arg></Call>
	<Call name="addAddressRange"><Arg>base_IP_address</Arg><Arg>a_netmask</Arg></Call>
</Call>
 
<!-- define black access list here -->
<Call name ="getBlackAccessList">
	<Call name="addIpAddress"><Arg>a_single_IP_address</Arg></Call>
	<Call name="addAddressRange"><Arg>base_IP_address</Arg><Arg>a_netmask</Arg></Call>
</Call>

General settings

images/download/attachments/189461105/Services_32_EN-version-1-modificationdate-1737700223574-api-v2.png

(1) The used AuthenticationService and CommunicationLogService. These values usually do not need to be changed.

(2) The used LogService.

(3) The used MessageService.

(4) Here you can change the log behaviour of the FTPService and the LogManager to be used.

(5) Context and queue for the MessageService to which FTP events are sent.

Interface settings

images/download/attachments/189461105/Services_33_EN-version-1-modificationdate-1737700223569-api-v2.png

(1) IP address at which to wait for incoming connections. If no address is specified or 0.0.0.0, all available addresses are awaiting incoming connections.

(2) Here you can configure the ports for normal and SSL based connections.

(3) Here you can specify the range of open ports for normal and SSL-based passive connections.

(4) Here you can specify the external IP addresses with which the FTP service identifies itself externally for passive connections.

(5) Maximum number of concurrent connections.

(6) Here you can edit the whitelist (addresses that are allowed).

(7) Here you can edit the blacklist (addresses that are not allowed).

Other settings

images/download/attachments/189461105/Services_17_EN-version-1-modificationdate-1737700223576-api-v2.png

(1) Specifies whether the file names are to be returned with UTF8 encoding for the LIST command.

(2) The field corresponds to the parameter unrestrictedActiveHost from the XML configuration. Please note the safety warnings there.

(3) If this option is activated, users will only be granted one session at a time. Attempting to establish a second connection with this user will be rejected.

(4) Specifies the time in seconds to wait for an unsuccessful login until a new login attempt is enabled. This is to make dictionary attacks more difficult.

Log level dependencies

Changes to the log level of the LogService have no influence on the logging behaviour of the FtpService.

If the service is set to verbose, it records how the individual FTP sessions progress, i.e. which commands are received by the server and how they are processed, even if no FTPLog has been defined. The logging of the FTPLog remains unaffected.