Global settings are the settings that apply to the local server and set initial default values for all virtual hosts running on this server.
SSL Encryption, if available on this platform, can be set to disable, allow, or require. There is also a class specific setting for this parameter, which will only have meaning if the global setting is set to 'allow'. For more details on SSL see this web page
Disable this setting for compatability and ease of use by FTP clients. If you enable this setting, FTP clients will be required to send a "client certificate" that was signed by the CA certificate in the file rootCA.pem in the SurgeFTP directory. With ftp this is just a bit of a hassle, as quite a few clients do not support this kind of verification. Basically, you should only use this setting if all your clients will have certificates signed by a trusted CA. SurgeFtp does not come with a default rootCA.pem file. You must either get one for the CA you want to trust, or you can (and probably should) act as your own CA and create certificates for your clients yourself. The sslftp command line client does support client certificates.
FTP port (21)
This is the port that all standard FTP
The port that you want to use to connect
to the Web Admin Gui tool.
The port that you want to use to connect
to the Web Admin Gui tool with the secure https protocol.
This is an alternative method of SSL FTP, it starts SSL before any FTP command negotiation, usually set to port number 990 or 992 or 996. Set to 0 to disable.
Sets the logging level. This is primarily intended for finding faults with the server. Info level logging is the default.
This setting is the path to an alternative directory where the log files per domain can go. If this setting is empty, the default location is used, which is the SurgeFTP install directory, usually c:\surgeftp or /usr/local/surgeftp
This setting is should only be used when you want to keep all log files that SurgeFTP generates. When active, once per day the main log file is closed and renamed to surgeftpYYYYMMDD.log, where YYYYMMDD is the year month and day. These log files are not automatically deleted by SurgeFTP, and can get quite sizeable on busy systems.
This makes the server flush log data after every write to the file. This badly affects performance but can sometimes be the only way to track down an unusual fault.
This setting limits any individual ip address from connecting more than the specified number of times. This can prevent various types of abuse and denial of service attacks. A value of 10 is probably low enough to prevent abuse without affecting real users.
Enter the name of your SMTP mail server, so that SurgeFTP can send you your email mesages.
The command line of a NetWin authentication module, by default SurgeFTP will use the system authentication database. However, you can use one of our standard modules for LDAP, ODBCAuth, MySQL, etc or write your own. For more information on these modules see the authentication section of the DMail manual module list, which will tell you the protocol and gives download pages to download the individual modules that we provide. You don't need to install DMail to use these.
The "ftpquota" response is recognised as a limit on the amount of filespace that a user can have, and the "ftpfromip" is a list of IP addresses that will always allow that user to connect from, eg ftpfromip="127.0.0.1,10.0.0.10"
You will need to manually edit /winnt/surgeftp.ini (/etc/surgeftp.ini) in order to change the path to use the module you download, as the web admin tool does not currently list all options. Do this with SurgeFTP stopped. Here is an example:
Additional responses understood by SurgeFTP are:
If you change to SurgeFTP from another FTP server, and you want to
import existing user logins into SurgeFTP, and you want to use nwauth
for authentication, you can do this with the following steps.
The number of concurrent authent processes to run. If you are using a slow external authent module (e.g. sql etc) it is probably worth running 3-4. There is no need to have more than 1 when using nwauth.exe.
If this is 'true', the virtual domain name is appended to the username before it is passed to the authent process. This lets the authent process deal with virtual domains. If this is not ticked, user 'bob' on one virtual domain will have the same password as user 'bob' on another virtual domain.
If ticked, SurgeFTP will lookup the ip name of connecting users. This can make controlling access and reading log files easier, but it also wastes resources and can slow down connections from users without reverse dns entries. SurgeFTP does include a cache, so normally DNS lookups will not slow it down as much as other servers. If your connections regularly take 30 seconds to complete, you probably have a mis-configured DNS server, and disabling this feature will probably solve the problem.
If turned on, SurgeFTP will spawn a second process that checks every 30 seconds to see if the server is still running. If it isn't running but its pid file still exists (ie. if it died), this second process restarts the missing server and sends the manager of the account an email reporting the fault.
For this to work on NT you will need to set Dr Watson to NOT show visual notification of faults:
This sets Dr Watson to be the default debugger) c:/> drwtsn32 /i This brings up the Dr Watson settings, un-tick "Visual Notification" c:/> drwtsn32
On Windows 98 you would also have to disable visual notification to make this feature work.
As it is highly unlikely that the server will die and this feature does not need to be turned on now. However it is available to be set up to provide additional comfort, or to be set up if a problem was experienced and the server needed to be restarted automatically while the issue is identified.
Set to choose the directory listing style, the same as a UNIX FTP server or the same as a Windows FTP server.
Tick this if you want threads to be reused for another FTP connection after the previous FTP connection has ended. Any threads waiting for a connection will appear as "Idle Thread" under the Status Menu of Web GUI.
If this setting is left blank, the SurgeFTP service will be accessible through all IP addresses that your computer has. If you only want SurgeFTP accessible through certain IP addresses, enter all those addresses in this setting in a comma separated list (no spaces).
The ftp service AND the Web Administration tool are bound by this binding to IP numbers, and changing the setting is not reflected until you restart the SurgeFTP server. It is possible to block out your access to the web admin tool if you do not include "127.0.0.1" in the list, so be careful.
example setting: "127.0.0.1,10.0.0.21"
This setting is an IP wildcard string that lets you specify a range of IP addresses of computers that are allowed to connect to the web administration tool. If you specify "127.0.0.1" then only the server can connect to itself, and if you specify "10.0.0.*" then any IP address that matches that string can connect.
Binds access to the FTP server and web GUI to specific IP addresses.
This setting is the name of all the IP addresses that you want your server to respond to, or if empty, it will accept for any local IP number. This setting only makes sense when your computer has multiple virtual IP numbers.Make sure that you set 127.0.0.1 as one of the addresses when you have this setting set, so that you can still access the web interface!
This setting requires a restart of the SurgeFTP server for the changes to take affect, in a future version this restart may not be required.
This setting is an IP address, if it is set then the web GUI interface will only be available to someone connecting from the nominated IP address.
These settings are the names of an executable or batch/script file(s)
that is run when a file is uploaded or downloaded to the surgeftp
server. The program is passed five command line parameters, filename,
filesize, User that uploaded, their IP address and if the transfer
was upload or download. There may be other parameters in future versions.
An example of the passed parameters:
This turns on the Anonymous hammering checking mechanism. The mechanism
is designed to prevent a person from making thousands of anonymous
connections in order to prevent access to the server for other users.
This setting is a measure of time that SurgeFTP remembers the connections that are made by anonymous users.
This setting is a number of anonymous connections from any single IP address.
This setting is the amount of time to activly block Anonymous access from an IP address that has exceeded the maximum limit of connections. If the Limit is exceeded then the blocking will last until the "time to block" has elapsed, then anonymous connections will be allowed again.