Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 7 replies
  • Subscribers 0 subscribers
  • Views 20559 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

FTP downloads

jongers

Hi,

Just a quick post regarding FTP downloads on a WS1000.  Does the web appliance scan the download like it does with http downloads?

Thanks

Jonathan

:15267


This thread was automatically locked due to age.
  • 0

    Hi Jonathan,

    The short answer is Yes, but there are some exceptions you might want to be aware of.

    If you are running explicit mode (where browsers have proxy settings configured) we will scan FTP files downloaded via FTP-over-HTTP.  Most FTP clients (and web browsers) are capable of doing FTP-over-HTTP.

    The WS isn't a native FTP proxy though, so if your FTP client is configured to perform native FTP (usually directly over port 21) then this won't even go through the appliance.  If you're concerned about the security risk of native FTP you could consider blocking this on your firewall.

    Also, if you are using our appliance via the transparent or bridged modes then FTP traffic won't be scanned unless you explicitly tell the FTP client to use an FTP-over-HTTP proxy.

    Hope this answers your query,

    Tom.

    :15307
  • 0

    Thanks for the info Tom

    Cheers

    :15341
  • 0

    Just a quick add-on question. Is there a way to configure that irrespective of the port the download should be scanned. I surely believe that there is a setting but somehow I may be missing it. But anyway thanks for the suggestion given above

     

    :16113
  • 0

    Hi Ryan,

    Unfortunately it's a bit more complicated than that because the appliance can't intercept native FTP traffic. It's not really the port thats the problem - it's the protocol.

    An FTP program like FileZilla by default won't use a HTTP proxy - it will do native FTP.  Even if this native FTP traffic went through the web appliance we wouldn't know how to filter it - so downloads won't be scanned.  Of course programs like FileZilla can be configured to use a HTTP proxy for FTP downloads, but this would be a manual change.

    This isn't usually such a problem with a web browser.  For example, if you check your proxy settings in Internet Explorer (Tools > Internet Options > Connections > Lan Settings > Advanced) you'll notice there is an FTP setting.  If you have a proxy configured, this FTP setting will also usually be setup for you.

    The result is that when you type 'ftp://example.somewhere.tld/directory/file.txt' in Internet Explorer the download is scanned.  This is becasuse it isn't really downloaded via the native FTP protocol - it's actually downloaded via HTTP.

    So if you want FTP downloads scanned it's a good idea to use a web browser for downloads.  Alternatively you would need to make sure the FTP program (eg. FileZilla) is correctly setup. 

    I hope this helps to clear things up - feel free to call our support teams if you need more specific help with this.

    Thanks,
    Tom.

    :16115
  • 0

    Yes Tom thank you very much.

    :16163
  • 0

    Tom thanks a lot for clearing my doubt.

    :16167
  • 0

    great info, tom. thanks a lot!:smileyvery-happy:

    :16223
Unfiltered HTML