🛠️FTPS site with user isolation in IIS 10

tags
server
IIS
type
Post
summary
status
Published
slug
ftps-site-with-user-isolation-in-iis
date
Jan 12, 2022
This article is showing how to set FTPS site in IIS 10 but also works for the legacy IIS version.
For the FTP server, here are two ports that will be used for each transfer:
  1. Control Channel: The default port is 21. Transfer FTP commands.
  1. Data Channel: Using to transfer file data.
      • Active mode - Default port is 20.
      • Passive mode - A range of ports. Will be changed in different connections.

Prerequisites

  • A server certificate. Run the below command in PowerShell (Run in Administrator) to create a self-signed cert on the target machine.
New-SelfSignedCertificate -FriendlyName "selfsigned-ftpcert" -CertStoreLocation cert:\LocalMachine\My -DnsName localhost
  • File system settings.
Create a user group of FTPS users. In Computer Management, create users and user group.
Create a user group of FTPS users. In Computer Management, create users and user group.
notion image
Specific the root folder of the files, and create a subfolder for each user. The name of each folder should same as the username.
Specific the root folder of the files, and create a subfolder for each user. The name of each folder should same as the username.
Grant access permission for the FTP user group to access the FTP root folder.
Grant access permission for the FTP user group to access the FTP root folder.

Step by step to build an FTPS site

Open Server Manager, in Add Roles and Features Wizard, select Web Server (IIS). Don’t forget to install FTP Server.
notion image
notion image
notion image
notion image
notion image
notion image
Open IIS Manager. Delete Default Web Site, if you are using this server just for FTP. Right-click on the Sites (in the left panel), select Add FTP Site. Input the site name and physical path of the FTP site. For most situations, we don’t suggest using a physical path directly, especially for the user isolation FTP server.
notion image
Binding the FTP site and external IP address of the target server. Select Require SSL to enable FTPS.
notion image
Just enable Basic Authentication. Grant necessary permission for the FTP user group. Click Finish
notion image
Right-click on the FTP site, select Add Virtual Directory. Use LocalUser as alias, and mapping the FTP root folder to in the Physical Path. More information: FTP User Isolation
notion image
In the left panel, select the FTPS site. Open FTP User Isolation, set as below.
notion image
In the left panel, select the server node. Open FTP Firewall Support here. Can specify the passive mode data port range here if needed.
notion image
notion image

Expected Result

notion image

lucky_bricks © 2018 - 2024