[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[debian-users:50931] proftpdでディレクトリごとのIPアドレスアクセス制限方法を教えてください

From: "yoshi kame" <kame.yo4@xxxxxxxxx>
Subject: [debian-users:50931] proftpdでディレクトリごとのIPアドレスアクセス制限方法を教えてください
Date: Fri, 5 Sep 2008 15:52:04 +0900
Content-disposition: inline
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:mime-version:content-type:content-transfer-encoding :content-disposition; bh=S3WxyTJtYNkHAK8vjXw+8FAsg6QpNP4ohAVjQWkrIc4=; b=bD216PqxjbZHkK2+2ol7jkHtFeRAx9OvRAq+nymeiMKAq32q7aQRlxu0AU9BE7HZj4 HTDcaMAAUrd09rYKCAIiaJiMG1ChLRSQCe5HHdNeXSCAVkl2TbgRPaVHhkF0H4VnnmpD Ll+/0BWwq93TsXPKVdvFWvLxVgrO9Suq1mrAk=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:mime-version:content-type :content-transfer-encoding:content-disposition; b=USJTaS4Vb0w4tcQaLzt8ZXHuQr7nk+Ij/nQ9+RuMW3Z3qfW+28VfNmLuu657hWrXlG q9oiGBzvYGwpAmby92g70DXqvviNQHJf3V5KKhWbppnl4BHHBUinZO6cYvR3vgyn+Kgn vuAJW+U2xDKqzekOzqYb3eEWcGYcmZTiMICfk=
List-help: <mailto:debian-users-ctl@debian.or.jp?body=help>
List-id: debian-users.debian.or.jp
List-owner: <mailto:debian-users-admin@debian.or.jp>
List-post: <mailto:debian-users@debian.or.jp>
List-software: fml [fml 4.0.3 release (20011202/4.0.3)]
List-unsubscribe: <mailto:debian-users-ctl@debian.or.jp?body=unsubscribe>
X-ml-info: If you have a question, send e-mail with the body "help" (without quotes) to the address debian-users-ctl@debian.or.jp; help=<mailto:debian-users-ctl@debian.or.jp?body=help>
X-ml-name: debian-users
X-mlserver: fml [fml 4.0.3 release (20011202/4.0.3)]; post only (only members can post)
X-spam-checker-version: SpamAssassin 3.1.7-deb (2006-10-05) on osdn.debian.or.jp
X-spam-level:
X-spam-status: No, score=-0.9 required=10.0 tests=KI,SUBJECT_ENCODED_TWICE autolearn=disabled version=3.1.7-deb
Message-id: <d77d03cf0809042352x5a55bf92sa9066094e3fde079@xxxxxxxxxxxxxx>
X-mail-count: 50931

件名に記載しておりますが、ディレクトリもしくはアカウントごとにIPアドレスでのアクセス制限をかけたいと思っております。
下記のように設定して、        Allow from 192.168.0.0/24→Deny ALLに変更しても
アクセスできてしまいます

hogeユーザーが/home/hoge/public_htmlにアクセスでき、尚且つhogeがアクセスできるIPアドレスを指定したいのですが、どのように行えばよいでしょうか

どなたかご教授の程宜しくお願い致します

下記は、proftpdのバージョンとproftpd.confです

proftpd 1.3.0-19etch1  Versatile, virtual-hosting FTP daemon

####proftpd.conf####
Include /etc/proftpd/modules.conf

UseIPv6                         off

ServerName                      "FTP"
ServerType                      standalone
DeferWelcome                    off

MultilineRFC2228                on
DefaultServer                   on
ShowSymlinks                    on

TimeoutNoTransfer               600
TimeoutStalled                  600
TimeoutIdle                     1200

DisplayLogin                    welcome.msg
DisplayFirstChdir               .message
ListOptions                     "-l"

DenyFilter                      \*.*/

Port                            21

 PassivePorts                    54321 54351

MaxInstances                    30

Group                           nogroup
User                            nobody

#DefaultRoot    ~

Umask                           002  002
AllowOverwrite                  on

TransferLog /var/log/proftpd/xferlog
SystemLog   /var/log/proftpd/proftpd.log

LogFormat allinfo "%t: %u(%a [%h]):[%s],%T,%m(%f)"
LogFormat write "%t:%u:%F(%a)"
LogFormat read "%t:%u:%F(%a)"
LogFormat auth "%t:%u(%a[%h])"

ExtendedLog /var/log/proftpd/all.log ALL allinfo
ExtendedLog /var/log/proftpd/write.log WRITE write
ExtendedLog /var/log/proftpd/read.log READ read
ExtendedLog /var/log/proftpd/auth.log AUTH auth

Defaultroot    ~
AllowStoreRestart on
AllowRetrieveRestart on
DeleteAbortedStores on

UseReverseDNS                   off
IdentLookups                    off
RootLogin                       off
TimesGMT                        off

<IfModule mod_tls.c>
TLSEngine on
TLSLog /var/log/proftpd/tls.log
TLSProtocol SSLv23
TLSRSACertificateFile /etc/ssl/Server/cert.pem
TLSRSACertificateKeyFile /etc/ssl/Server/private.pem
TLSVerifyClient off
TLSCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
TLSRequired on
</IfModule>

<IfModule mod_quota.c>
QuotaEngine on
</IfModule>

<IfModule mod_ratio.c>
Ratios on
</IfModule>

<IfModule mod_delay.c>
DelayEngine on
</IfModule>

<IfModule mod_ctrls.c>
ControlsEngine        on
ControlsMaxClients    2
ControlsLog           /var/log/proftpd/controls.log
ControlsInterval      5
ControlsSocket        /var/run/proftpd/proftpd.sock
</IfModule>

<IfModule mod_ctrls_admin.c>
AdminControlsEngine on
</IfModule>

DefaultRoot     /home/hoge/public_html hoge
  <Directory /home/hoge/public_html>
        <Limit LOGIN>
        Order allow,deny
        Allow from 192.168.0.0/24
        Deny from all
        </Limit LOGIN>
  </Directory>

Follow-Ups:
- [debian-users:50932] Re: proftpdでディレクトリごとのIPアドレスアクセス制限方法を教えてください
  - From: Kenshi Muto
- [debian-users:50945] Re: proftpdでディレクトリごとのIPアドレスアクセス制限方法を教えてください
  - From: yoshi kame

Prev by Date: [debian-users:50930] [Translate] [SECURITY] [DSA 1633-1] New slash packages fix multiple vulnerabilities
Next by Date: [debian-users:50932] Re: proftpdでディレクトリごとのIPアドレスアクセス制限方法を教えてください
Previous by thread: [debian-users:50930] [Translate] [SECURITY] [DSA 1633-1] New slash packages fix multiple vulnerabilities
Next by thread: [debian-users:50932] Re: proftpdでディレクトリごとのIPアドレスアクセス制限方法を教えてください
Index(es):
- Date
- Thread