We are currently defining in the Global scope of our ProFTPd server the following lines:
# Allow max 3 unauthenticated connections by IP
MaxConnectionsPerHost 3 "Sorry, you may not connect more than (%m) times."
# Allow max 3 authenticated connections by IP
MaxClientsPerHost 3 "Sorry, the maximum number clients (%m) from your host are already connected."
# Allow max 10 connection by user
###### MaxClientsPerUser 10 "Sorry, there is already (%m) other connection for this account."
It works as attended but we would like to allow some specific (not all) authenticated users (or IPs as drawback), to open more connections than the ones specified upper.
Is that possible with ProFTPd ?
Yes -> any help would be appreciated.
No -> Is there any other Production grade free FTP server like PureFTP or vsftpd maybe, that fit these requirement ?
Yes, this is possible, using the
mod_ifsession's<IfUser>and<IfClass>sections.Using the
<IfUser>section, you would define user-specific sections, like so:If you have many users, you might also consider using groups rather than individual user names, and the
<IfGroup>section.For restrictions by IP address/range, I would recommend using ProFTPD's classes. With classes, and the
<IfClass>section frommod_ifsession, you can do something like this:Note that it is a very good idea to define both the "matching" rules and the "not matching" rules.
The ProFTPD Connection ACLS howto also covers this topic, and mentions other modules (e.g.
mod_wrap2,mod_geoip) which can also help in this area.Hope this helps!