[
https://issues.apache.org/jira/browse/FTPSERVER-428?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13143675#comment-13143675
]
Blaine Simpson commented on FTPSERVER-428:
------------------------------------------
It is <ip-filter> not <ipfilter>. Wouldn't be a big deal if there were any
documentation anywhere to look it up.
Have to build JavaDocs on our own since the project doesn't post it, but still
impossible to figure out element naming from that.
Online configuration docs were very incomplete to begin with and are now
obsolete too
New IP filtering implementation pretty amateur. Every access refusal results
in an NPE at
org.apache.ftpserver.impl.IODataConnectionFactory.<init>(IODataConnectionFactory.java:81)
So instead of logging useful information about access violations, instead we
get a code stack trace.
> Allow positive ACL instead of just blacklists
> ---------------------------------------------
>
> Key: FTPSERVER-428
> URL: https://issues.apache.org/jira/browse/FTPSERVER-428
> Project: FtpServer
> Issue Type: Improvement
> Components: Server
> Affects Versions: 1.0.6
> Reporter: Blaine Simpson
> Assignee: Niklas Gustavsson
> Labels: ACL, address, blacklist, security, vulnerability
>
> There are tons of situations where it is desirable to allow only specified
> source addresses (and ranges) rather than allowing all except for those
> specified (i.e. blacklisted). To require administrators to use a black list
> when the situation really demands a white list is to encourage security
> lapses.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
