1. cPanel & WHM Documentation
  2. WHM
  3. Service Configuration
  4. FTP Server Configuration
ftp whmui anonymousftp

FTP Server Configuration

Valid for versions 112 through the latest version

Version:

102

112

Last modified: March 27, 2024

Overview

The FTP Server Configuration interface allows you to customize your chosen FTP server’s behavior.

Note:

Configure your ProFTPD server

To configure your ProFTPD server, perform the following steps:

  1. From the TLS Encryption Support menu, select a setting for TLS encryption of FTP connections:
    • Optional — FTP users choose whether to use TLS encryption. This setting offers the best compatibility.
    • Required — Requires TLS encryption on commands that users issue to the FTP server and on data that comes through the FTP server. This setting protects all traffic from eavesdroppers.
  2. In the TLS Options text box, enter NoSessionReuseRequired. This is the default setting. This setting softens the requirement to reuse the SSL session for data connections from the control connection.
  3. In the TLS Cipher Suite text box, enter the list, in standard format, of the TLS ciphers that you wish your FTP server to use.
    • This setting defaults to HIGH:MEDIUM:+TLSv1:!SSLv2:+SSLv3.
    • Typically, you should only adjust this setting for PCI Compliance.
    • For more information about TLS ciphers, read OpenSSL’s Cipher documentation.
  4. In the TLS Protocol text box, enter the TLSProtocol directive that ProFTPD will use when it establishes SSL/TLS sessions.
    • This setting defaults to SSLv23. This setting allows the SSLv3 and TLSv1 protocols.
    • You should only adjust this setting for PCI Compliance.
  5. From the Allow Anonymous Logins menu, select whether users can log in to your FTP server anonymously.
    Warning:
    We do not recommend that you enable anonymous FTP, because it dangerously compromises the security of your server.
  6. In the Maximum Idle Time (seconds) text box, enter the number of seconds that an FTP connection may remain idle before the server disconnects it.
  7. In the Maximum Number of FTP Processes text box, enter the maximum number of active processes the FTP server may create. Because each connection creates a process, this setting limits the total number of FTP connections.
    Note:
    To disable limits on the number of FTP processes, enter none.
  8. From the Show Symlinks menu, select whether you want ProFTPD to display symbolic links (symlinks) as such, and not as files or directories. The default for this setting is Yes.
  9. From the Symlink Compatibility menu, select whether you want to allow some FTP clients to display the correct symlinks to directories. The default for this setting is No. If you choose Yes, you must also enable the Show Symlinks setting.
  10. From the TCP Wrappers menu, select whether you would like ProFTPD to use the TCP Wrappers package. With this package, you can configure the /etc/hosts.allow and /etc/hosts.deny files. For more information on how to edit these files, read our ProFTPD Configuration for Host Access Control documentation. The default for this setting is No.
    Important:
    • ProFTPD does not use TCP-Wrappers-based access controls on the following systems:
    • Use the functionality available in WHM’s Host Access Control interface for these operating systems.
    • The rest of ProFTPD’s functionality still works on these operating systems.
  11. Click Save.

For more information about ProFTPD, read ProFTPD’s documentation.

ProFTPD Debug Mode

If you are having issues with your ProFTFD server, you can run ProFTPD’s debug mode to view debug messages.

To access ProFTPD’s debug mode, run the following commands: 

1
2

/usr/local/cpanel/scripts/restartsrv_proftpd --stop
/usr/sbin/proftpd -nd9

For more information about debugging in ProFTPD, read ProFTPD’s Debugging Problems documentation.

Configure your Pure-FTPd server

To configure your Pure-FTPd server, perform the following steps:

  1. From the TLS Encryption Support menu, select a setting for TLS encryption of FTP connections:
    • Disabled — Disables TLS encryption.
    • Optional — FTP users choose whether to use TLS encryption. This setting offers the best compatibility.
    • Required (Command) — Requires TLS encryption on all commands users issue to the FTP server. This setting hides passwords and usernames.
    • Required (Command/Data) — Requires TLS encryption on commands that users issue to the FTP server and on data that comes through the FTP server. This setting protects all traffic from eavesdroppers.
  2. In the TLS Cipher Suite text box, enter the list, in standard format, of the TLS ciphers you wish your FTP server to use.
    • This setting defaults to HIGH.
    • Typically, you should only adjust this setting for PCI compliance.
    • For more information about TLS ciphers, read OpenSSL’s Cipher documentation.
  3. From the Allow Anonymous Logins menu, select whether cPanel users can enable Anonymous FTP logins via cPanel’s Anonymous FTP interface (cPanel » Home » Files » Anonymous FTP).
    Warning:
    We do not recommend that you enable anonymous FTP, because it dangerously compromises the security of your server.
  4. From the Allow Anonymous Uploads menu, select whether anonymous users can upload files to your FTP servers.
    Warning:
    We do not recommend that you enable anonymous FTP, because it dangerously compromises the security of your server.
  5. Enter the maximum load for anonymous downloads in the Maximum Load for Anonymous Downloads text box. If the system’s load average exceeds this setting, your FTP server will prevent downloads by anonymous users.
    Warning:
    We do not recommend that you enable anonymous FTP, because it dangerously compromises the security of your server.
  6. In the Maximum Idle Time (minutes) text box, enter the number of minutes an FTP connection may remain idle before the server disconnects it.
  7. Enter the maximum number of FTP connections in the Maximum Connections text box. Your FTP server applies this limit server-wide and not on a per-user basis.
  8. In the Maximum Connections Per IP Address text box, enter the maximum number of FTP connections to allow from a single IP address.
  9. From the Allow Logins with Root Password menu, select whether to allow the root password to access all FTP accounts.
  10. From the Broken Clients Compatibility menu, select whether your FTP server will ignore some protocol standards in order to improve compatibility with buggy FTP clients and firewalls.
    Note:

    If you select Yes, your FTP server will perform the following actions:

  11. Click Save.

The system stores your configuration in the /etc/pureftpd.conf file.

For more information about Pure-FTPd, read Pure-FTPd’s documentation.

Increase File Limit

By default, Pure-FTPd only returns the first 10,000 files in a directory. To increase this number, perform the following steps:

  1. Create the /var/cpanel/conf/pureftpd/local file with the touch command, if one does not exist.
  2. In a text editor, open the local file and add the following line, where 15000 represents the value that you wish to increase to: LimitRecursion: 15000 8. The local file should be in the following YAML format: 
    ChrootEveryone: 'yes'
LimitRecursion: 15000 8
  3. Run the /usr/local/cpanel/scripts/setupftpserver pure-ftpd --force command to update the /etc/pure-ftpd.conf file.

Additional Documentation