httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From scte...@apache.org
Subject svn commit: r511957 - in /httpd/mod_ftp/trunk: STATUS docs/manual/ftp/ftp_intro.xml docs/manual/ftp/ftp_tls.html.en docs/manual/ftp/ftp_tls.xml docs/manual/ftp/index.html.en docs/manual/ftp/index.xml docs/manual/mod/mod_ftp.html.en
Date Mon, 26 Feb 2007 19:21:05 GMT
Author: sctemme
Date: Mon Feb 26 11:21:05 2007
New Revision: 511957

URL: http://svn.apache.org/viewvc?view=rev&rev=511957
Log:
* Correct svn URL in STATUS
* Write FTP over TLS content
* Add info to overview page that says where to get the module
* Change HTML entitites to numerical to stop Firefox from barfing at the XML

Modified:
    httpd/mod_ftp/trunk/STATUS
    httpd/mod_ftp/trunk/docs/manual/ftp/ftp_intro.xml
    httpd/mod_ftp/trunk/docs/manual/ftp/ftp_tls.html.en
    httpd/mod_ftp/trunk/docs/manual/ftp/ftp_tls.xml
    httpd/mod_ftp/trunk/docs/manual/ftp/index.html.en
    httpd/mod_ftp/trunk/docs/manual/ftp/index.xml
    httpd/mod_ftp/trunk/docs/manual/mod/mod_ftp.html.en

Modified: httpd/mod_ftp/trunk/STATUS
URL: http://svn.apache.org/viewvc/httpd/mod_ftp/trunk/STATUS?view=diff&rev=511957&r1=511956&r2=511957
==============================================================================
--- httpd/mod_ftp/trunk/STATUS (original)
+++ httpd/mod_ftp/trunk/STATUS Mon Feb 26 11:21:05 2007
@@ -3,7 +3,7 @@
 
 The current version of this file can be found at:
 
-  * https://svn.apache.org/repos/asf/httpd/mod_ftp/trunk/STATUS
+  * http://svn.apache.org/repos/asf/httpd/mod_ftp/trunk/STATUS
 
 Consult the following STATUS files for information on related projects:
 

Modified: httpd/mod_ftp/trunk/docs/manual/ftp/ftp_intro.xml
URL: http://svn.apache.org/viewvc/httpd/mod_ftp/trunk/docs/manual/ftp/ftp_intro.xml?view=diff&rev=511957&r1=511956&r2=511957
==============================================================================
--- httpd/mod_ftp/trunk/docs/manual/ftp/ftp_intro.xml (original)
+++ httpd/mod_ftp/trunk/docs/manual/ftp/ftp_intro.xml Mon Feb 26 11:21:05 2007
@@ -53,11 +53,11 @@
 </summary>
 
 <seealso><a href="http://www.rfc-archive.org/getrfc.php?rfc=959">RFC
-959 &mdash; FILE TRANSFER PROTOCOL (FTP)</a></seealso>
+959 &#8212; FILE TRANSFER PROTOCOL (FTP)</a></seealso>
 <seealso><a href="http://www.rfc-archive.org/getrfc.php?rfc=1579">RFC
-1579 &mdash; Firewall-Friendly FTP</a></seealso>
+1579 &#8212; Firewall-Friendly FTP</a></seealso>
 <seealso><a href="http://www.rfc-archive.org/getrfc.php?rfc=4217">RFC
-4217 &mdash; Securing FTP with TLS</a></seealso> 
+4217 &#8212; Securing FTP with TLS</a></seealso> 
 <seealso><module>mod_ssl</module></seealso>
 <seealso><a href="../howto/auth.html">Authentication, Authorization
 and Access Control</a></seealso>
@@ -78,8 +78,8 @@
 connection to well-known port 21.  If the user issues a command that
 requires a response more elaborate than a one-line response code, a
 <em>Data Connection</em> is established between the client and the
-server.  The response data&mdash;the contents of a file or a
-directory listing&mdash;is sent over that data connection.</p>
+server.  The response data&#8212;the contents of a file or a
+directory listing&#8212;is sent over that data connection.</p>
 
 <p>Historically, the data connection was established from the server
 back to the client.  The client would bind to an arbitrary port, and

Modified: httpd/mod_ftp/trunk/docs/manual/ftp/ftp_tls.html.en
URL: http://svn.apache.org/viewvc/httpd/mod_ftp/trunk/docs/manual/ftp/ftp_tls.html.en?view=diff&rev=511957&r1=511956&r2=511957
==============================================================================
--- httpd/mod_ftp/trunk/docs/manual/ftp/ftp_tls.html.en (original)
+++ httpd/mod_ftp/trunk/docs/manual/ftp/ftp_tls.html.en Mon Feb 26 11:21:05 2007
@@ -5,23 +5,208 @@
               This file is generated from xml source: DO NOT EDIT
         XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
       -->
-<title> - Apache HTTP Server</title>
+<title>Securing FTP With TLS - Apache HTTP Server</title>
 <link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main
stylesheet" />
 <link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all"
type="text/css" title="No Sidebar - Default font size" />
 <link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css"
/>
 <link href="../images/favicon.ico" rel="shortcut icon" /></head>
-<body id="manual-page" class="no-sidebar"><div id="page-header">
+<body id="manual-page"><div id="page-header">
 <p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a>
| <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a>
| <a href="../sitemap.html">Sitemap</a></p>
 <p class="apache">Apache HTTP Server Version 2.3</p>
 <img alt="" src="../images/feather.gif" /></div>
-<div class="up"><a href="../"><img title="&lt;-" alt="&lt;-" src="../images/left.gif"
/></a></div>
+<div class="up"><a href="./"><img title="&lt;-" alt="&lt;-" src="../images/left.gif"
/></a></div>
 <div id="path">
-<a href="http://www.apache.org/">Apache</a> &gt; <a href="http://httpd.apache.org/">HTTP
Server</a> &gt; <a href="http://httpd.apache.org/docs/">Documentation</a>
&gt; <a href="../">Version 2.3</a></div><div id="page-content"><div
id="preamble"><h1 />
+<a href="http://www.apache.org/">Apache</a> &gt; <a href="http://httpd.apache.org/">HTTP
Server</a> &gt; <a href="http://httpd.apache.org/docs/">Documentation</a>
&gt; <a href="../">Version 2.3</a> &gt; <a href="./">FTP Protocol
Support</a></div><div id="page-content"><div id="preamble"><h1>Securing
FTP With TLS</h1>
 <div class="toplang">
 <p><span>Available Languages: </span><a href="../en/ftp/ftp_tls.html"
title="English">&nbsp;en&nbsp;</a></p>
 </div>
-</div>
-</div>
+
+    <p>The support for FTP over TLS allows you to run FTP connections
+    securely through TLS encryption and certificate authentication
+    support. Apache mod_ftp supports RFC-compliant TLS support through
+    Apache's own mod_ssl.</p>
+  </div>
+<div id="quickview"><ul id="toc"><li><img alt="" src="../images/down.gif"
/> <a href="#introduction">Introduction</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#protocoldescription">Protocol
Description</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#ftpovertls">FTP over
TLS Support</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#implicitssl">Implicit
SSL Support</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#clientsupport">Client
Support for FTP over TLS</a></li>
+</ul><h3>See also</h3><ul class="seealso"><li><a href="http://www.rfc-archive.org/getrfc.php?rfc=4217">RFC
4217
+    &#8212; Securing FTP with TLS</a></li><li><a href="http://www.rfc-archive.org/getrfc.php?rfc=2228">RFC
2228
+    &#8212; FTP Security Extensions</a></li><li><a href="http://www.rfc-archive.org/getrfc.php?rfc=2246">RFC
2246
+    &#8212; The TLS Protocol Version 1.0</a></li></ul></div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif"
/></a></div>
+<div class="section">
+<h2><a name="introduction" id="introduction">Introduction</a></h2>
+
+    
+
+    <p>As the FTP protocol was developed long before security through
+    encryption became an important consideration, it was originally
+    designed as a clear-text protocol.  Both the command channel and
+    the data channel were, and in many cases remain, unencrypted.
+    Today, this is not desirable since the users' logins and passwords
+    travel in the clear across the network, and could be readily
+    detected by a malicious intruder.  Conversely, a user would not
+    easily be able to detect a spoofed server address because the
+    server could not identify itself by certificate.</p> 
+
+    <p>To address these limitations, the FTP over TLS protocol was
+    developed and became an Internet Standard described in <a href="http://www.rfc-archive.org/getrfc.php?rfc=4217">RFC
+    4217</a>.  The FTP over TLS protocol uses TLS connection upgrade,
+    where the client and server negotiate their features and
+    capabilities before upgrading to an encrypted connection.  </p>
+  </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif"
/></a></div>
+<div class="section">
+<h2><a name="protocoldescription" id="protocoldescription">Protocol Description</a></h2>
+
+    
+
+    <p>The mod_ftp module for the Apache HTTP Server aims to implement
+    FTP over TLS as defined by <a href="http://www.rfc-archive.org/getrfc.php?rfc=4217">RFC
+    4217</a>.  The RFC describes how the FTP client and server can
+    discover each other's security capabilities and how a client can
+    upgrade an FTP control channel to use TLS protection.  This
+    connection upgrade behavior, similar to the SMTP over TLS standard
+    described in <a href="http://www.rfc-archive.org/getrfc.php?rfc=3207">RFC
+    3207</a>, allows an FTP over TLS server to run on the same port as
+    a plaintext FTP server, and offer both plaintext and protected
+    services simultaneously.</p>
+
+    
+    <p>The FTP protocol specification dictates that it is up to the
+    client to specify session attributes like the protection level.
+    The server cannot require that the client use TLS, but it can
+    refuse to accept any command from the client until it sends an
+    <code>AUTH TLS</code> FTP command to upgrade the control channel
+    to TLS protection.  See the <code class="directive"><a href="../mod/mod_ftp.html#ftpoptions">FTPOptions</a></code>,
specifically the
+    <code>RequireSSL</code> option, to make the server refuse any FTP
+    command until a TLS session is established.</p>
+
+    
+
+    
+    <p>The use of TLS allows both the server and client to identify
+    themselves using standard SSL Certificates.  Generally, a
+    certificate will be in use on the server, but the server can be
+    configured to request client-side certificates for
+    authentication.  RFC 4217 requires that the client send a
+    <code>USER</code> command even if a certificate is presented, but
+    the server may forego requiring a password from the client. </p>
+
+    <p>Since the FTP over TLS RFC was published only in 2005, several
+    alternative approaches have arisen to secure file transfer
+    connections.  Besides the TLS connection upgrade on a normal FTP
+    connection as defined by the RFC, another popular approach is to
+    define a separate FTP control channel listener that can only be
+    accessed over SSL.  An SSL handshake has to be completed before
+    even the first FTP protocol exchange can take place.  This
+    approach, known as <em>Implicit SSL</em>, is supported by mod_ftp.
+    Finally, some FTP clients and server support file transfer over
+    SSH.  This approach is not supported by mod_ftp.</p>
+  </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif"
/></a></div>
+<div class="section">
+<h2><a name="ftpovertls" id="ftpovertls">FTP over TLS Support</a></h2>
+
+    
+
+    <p>To implement TLS, mod_ftp uses Apache's
+    <code class="module"><a href="../mod/mod_ssl.html">mod_ssl</a></code>.
 This means that the configuration
+    options for FTP over TLS are not too different from those for
+    HTTPS.  In fact, for RFC 4217-based FTP over TLS support, no
+    additional configuration options are necessary above the ones you
+    would use to set up an HTTP over SSL virtual host.  Note however
+    that we explicitly turn off <code class="directive"><a href="../mod/core.html#acceptfilter">AcceptFilter</a></code>.
 This is necessary because
+    in FTP the server initiates the protocol conversation and not the
+    client.</p>
+
+    <div class="example"><p><code>
+      LoadModule ftp_module /usr/local/apache2/modules/mod_ftp.so<br />
+      <br />
+      Listen 21 ftp<br />
+      AcceptFilter ftp none<br />
+      <br />
+      LogFormat "%u [%a] %r %&gt;s" ftp_command<br />
+      LogFormat "%{%b %e %H:%M:%S %Y}t %T %a %B %U %M %F %d %W %u %S %Z %Y" ftp_transfer<br
/>
+      <br />
+      &lt;VirtualHost _default_:21&gt;<br />
+      &nbsp;&nbsp;<br />
+      &nbsp;&nbsp;FTP On<br />
+      &nbsp;&nbsp;SSLEngine on<br />
+      &nbsp;&nbsp;SSLCertificateFile conf/server.crt<br />
+      &nbsp;&nbsp;SSLCertificateKeyFile conf/server.key<br />
+      &nbsp;&nbsp;<br />
+      &nbsp;&nbsp;ErrorLog logs/ftps_error_log<br />
+      &nbsp;&nbsp;CustomLog logs/ftps_command_log ftp_command<br />
+      &nbsp;&nbsp;CustomLog logs/ftps_transfer_log ftp_transfer env=do_transfer_log<br
/>
+      &nbsp;&nbsp;<br />
+      &lt;/VirtualHost&gt;<br />
+    </code></p></div>
+
+    <div class="note">The above shows the simplest possible configuration of a
+    TLS-enabled FTP virtual host.  You should not use this in
+    production unless sufficient authentication and access control is
+    added. </div>
+
+  </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif"
/></a></div>
+<div class="section">
+<h2><a name="implicitssl" id="implicitssl">Implicit SSL Support</a></h2>
+
+    
+
+    <p>The configuration below is similar to the one above, except for
+    the <code class="directive"><a href="../mod/ftp.html#ftpimplicitssl">FTPImplicitSSL</a></code>
and the
+    listening port which is <code>990</code>. The <code class="directive"><a
href="../mod/core.html#acceptfilter">AcceptFilter</a></code> is set to
+    <code>data</code>, since the conversation starts with an SSL
+    handshake from the client.</p>
+
+    <div class="example"><p><code>
+      LoadModule ftp_module /usr/local/apache2/modules/mod_ftp.so<br />
+      <br />
+      Listen 990 ftps<br />
+      AcceptFilter ftps data<br />
+      <br />
+      LogFormat "%u [%a] %r %&gt;s" ftp_command<br />
+      LogFormat "%{%b %e %H:%M:%S %Y}t %T %a %B %U %M %F %d %W %u %S %Z %Y" ftp_transfer<br
/>
+      <br />
+      &lt;VirtualHost _default_:990&gt;<br />
+      <br />
+      &nbsp;&nbsp;FTP On<br />
+      &nbsp;&nbsp;SSLEngine On<br />
+      &nbsp;&nbsp;FTPImplicitSSL On<br />
+      <br />
+      &nbsp;&nbsp;SSLCertificateFile    ssl/server.crt<br />
+      &nbsp;&nbsp;SSLCertificateKeyFile ssl/server.key<br />
+      <br />     
+      &nbsp;&nbsp;ErrorLog logs/ftps_error.log<br />
+      <br />
+      &nbsp;&nbsp;CustomLog logs/ftps_command.log ftp_command<br />
+      &nbsp;&nbsp;CustomLog logs/ftps_transfer.log ftp_transfer env=do_transfer_log<br
/>
+      <br />
+      &nbsp;&nbsp;DocumentRoot "/usr/local/apache2/htdocs"<br />
+      <br />
+      &lt;/VirtualHost&gt;<br />
+    </code></p></div>
+
+    <div class="note">The above shows the simplest possible configuration of a
+    TLS-enabled FTP virtual host.  You should not use this in
+    production unless sufficient authentication and access control is
+    added. </div>
+
+  </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif"
/></a></div>
+<div class="section">
+<h2><a name="clientsupport" id="clientsupport">Client Support for FTP over TLS</a></h2>
+
+    
+
+    <p>An ever-growing number of FTP clients implements FTP over
+    TLS, and listing them all is outside the scope of this document.
+    A list can be found on <a href="http://en.wikipedia.org/List_of_FTP_clients">Wikipedia</a>.
+    When selecting a client, do keep in mind that the <em>FTP over
+    SSH</em> protocol (sometimes also called <em>SFTP</em>) is not
+    supported by <code class="module"><a href="../mod/mod_ftp.html">mod_ftp</a></code>.</p>
+
+  </div></div>
 <div class="bottomlang">
 <p><span>Available Languages: </span><a href="../en/ftp/ftp_tls.html"
title="English">&nbsp;en&nbsp;</a></p>
 </div><div id="footer">

Modified: httpd/mod_ftp/trunk/docs/manual/ftp/ftp_tls.xml
URL: http://svn.apache.org/viewvc/httpd/mod_ftp/trunk/docs/manual/ftp/ftp_tls.xml?view=diff&rev=511957&r1=511956&r2=511957
==============================================================================
--- httpd/mod_ftp/trunk/docs/manual/ftp/ftp_tls.xml (original)
+++ httpd/mod_ftp/trunk/docs/manual/ftp/ftp_tls.xml Mon Feb 26 11:21:05 2007
@@ -27,5 +27,213 @@
 -->
 
 <manualpage metafile="ftp_tls.xml.meta">
-<parentdocument href="../"/>
+<parentdocument href="./">FTP Protocol Support</parentdocument>
+
+  <title>Securing FTP With TLS</title>
+
+  <summary>
+    <p>The support for FTP over TLS allows you to run FTP connections
+    securely through TLS encryption and certificate authentication
+    support. Apache mod_ftp supports RFC-compliant TLS support through
+    Apache's own mod_ssl.</p>
+  </summary>
+
+  <section id="introduction">
+
+    <title>Introduction</title>
+
+    <p>As the FTP protocol was developed long before security through
+    encryption became an important consideration, it was originally
+    designed as a clear-text protocol.  Both the command channel and
+    the data channel were, and in many cases remain, unencrypted.
+    Today, this is not desirable since the users' logins and passwords
+    travel in the clear across the network, and could be readily
+    detected by a malicious intruder.  Conversely, a user would not
+    easily be able to detect a spoofed server address because the
+    server could not identify itself by certificate.</p> 
+
+    <p>To address these limitations, the FTP over TLS protocol was
+    developed and became an Internet Standard described in <a
+    href="http://www.rfc-archive.org/getrfc.php?rfc=4217">RFC
+    4217</a>.  The FTP over TLS protocol uses TLS connection upgrade,
+    where the client and server negotiate their features and
+    capabilities before upgrading to an encrypted connection.  </p>
+  </section>
+
+  <seealso><a href="http://www.rfc-archive.org/getrfc.php?rfc=4217">RFC 4217
+    &#8212; Securing FTP with TLS</a></seealso>
+  <seealso><a href="http://www.rfc-archive.org/getrfc.php?rfc=2228">RFC 2228
+    &#8212; FTP Security Extensions</a></seealso>
+<seealso><a href="http://www.rfc-archive.org/getrfc.php?rfc=2246">RFC 2246
+    &#8212; The TLS Protocol Version 1.0</a></seealso>
+
+
+  <section id="protocoldescription">
+
+    <title>Protocol Description</title>
+
+    <p>The mod_ftp module for the Apache HTTP Server aims to implement
+    FTP over TLS as defined by <a
+    href="http://www.rfc-archive.org/getrfc.php?rfc=4217">RFC
+    4217</a>.  The RFC describes how the FTP client and server can
+    discover each other's security capabilities and how a client can
+    upgrade an FTP control channel to use TLS protection.  This
+    connection upgrade behavior, similar to the SMTP over TLS standard
+    described in <a
+    href="http://www.rfc-archive.org/getrfc.php?rfc=3207">RFC
+    3207</a>, allows an FTP over TLS server to run on the same port as
+    a plaintext FTP server, and offer both plaintext and protected
+    services simultaneously.</p>
+
+    <!-- Requiring that TLS be used -->
+    <p>The FTP protocol specification dictates that it is up to the
+    client to specify session attributes like the protection level.
+    The server cannot require that the client use TLS, but it can
+    refuse to accept any command from the client until it sends an
+    <code>AUTH TLS</code> FTP command to upgrade the control channel
+    to TLS protection.  See the <directive
+    module="mod_ftp">FTPOptions</directive>, specifically the
+    <code>RequireSSL</code> option, to make the server refuse any FTP
+    command until a TLS session is established.</p>
+
+    <!-- ###FIXME### Investigate existing (and desired) data channel 
+    protection level and write this paragraph.
+    Note: the FTP Server side is always the 'Server' in TLS context,
+    regardless of the direction of the data channel connection.
+    <p>Data Channel Protection</p>
+    -->
+
+    <!-- Certificates and Authentication -->
+    <p>The use of TLS allows both the server and client to identify
+    themselves using standard SSL Certificates.  Generally, a
+    certificate will be in use on the server, but the server can be
+    configured to request client-side certificates for
+    authentication.  RFC 4217 requires that the client send a
+    <code>USER</code> command even if a certificate is presented, but
+    the server may forego requiring a password from the client. </p>
+
+    <p>Since the FTP over TLS RFC was published only in 2005, several
+    alternative approaches have arisen to secure file transfer
+    connections.  Besides the TLS connection upgrade on a normal FTP
+    connection as defined by the RFC, another popular approach is to
+    define a separate FTP control channel listener that can only be
+    accessed over SSL.  An SSL handshake has to be completed before
+    even the first FTP protocol exchange can take place.  This
+    approach, known as <em>Implicit SSL</em>, is supported by mod_ftp.
+    Finally, some FTP clients and server support file transfer over
+    SSH.  This approach is not supported by mod_ftp.</p>
+  </section>
+
+  <section id="ftpovertls">
+
+    <title>FTP over TLS Support</title>
+
+    <p>To implement TLS, mod_ftp uses Apache's
+    <module>mod_ssl</module>.  This means that the configuration
+    options for FTP over TLS are not too different from those for
+    HTTPS.  In fact, for RFC 4217-based FTP over TLS support, no
+    additional configuration options are necessary above the ones you
+    would use to set up an HTTP over SSL virtual host.  Note however
+    that we explicitly turn off <directive
+    module="core">AcceptFilter</directive>.  This is necessary because
+    in FTP the server initiates the protocol conversation and not the
+    client.</p>
+
+    <example>
+      LoadModule ftp_module /usr/local/apache2/modules/mod_ftp.so<br/>
+      <br/>
+      Listen 21 ftp<br/>
+      AcceptFilter ftp none<br/>
+      <br/>
+      LogFormat "%u [%a] %r %>s" ftp_command<br/>
+      LogFormat "%{%b %e %H:%M:%S %Y}t %T %a %B %U %M %F %d %W %u %S %Z %Y" ftp_transfer<br/>
+      <br/>
+      &lt;VirtualHost _default_:21&gt;<br/>
+      &#160;&#160;<br/>
+      &#160;&#160;FTP On<br/>
+      &#160;&#160;SSLEngine on<br/>
+      &#160;&#160;SSLCertificateFile conf/server.crt<br/>
+      &#160;&#160;SSLCertificateKeyFile conf/server.key<br/>
+      &#160;&#160;<br/>
+      &#160;&#160;ErrorLog logs/ftps_error_log<br/>
+      &#160;&#160;CustomLog logs/ftps_command_log ftp_command<br/>
+      &#160;&#160;CustomLog logs/ftps_transfer_log ftp_transfer env=do_transfer_log<br/>
+      &#160;&#160;<br/>
+      &lt;/VirtualHost&gt;<br/>
+    </example>
+
+    <note>The above shows the simplest possible configuration of a
+    TLS-enabled FTP virtual host.  You should not use this in
+    production unless sufficient authentication and access control is
+    added. </note>
+
+  </section>
+
+  <section id="implicitssl">
+
+    <title>Implicit SSL Support</title>
+
+    <p>The configuration below is similar to the one above, except for
+    the <directive module="ftp">FTPImplicitSSL</directive> and the
+    listening port which is <code>990</code>. The <directive
+    module="core">AcceptFilter</directive> is set to
+    <code>data</code>, since the conversation starts with an SSL
+    handshake from the client.</p>
+
+    <example>
+      LoadModule ftp_module /usr/local/apache2/modules/mod_ftp.so<br/>
+      <br/>
+      Listen 990 ftps<br/>
+      AcceptFilter ftps data<br/>
+      <br/>
+      LogFormat "%u [%a] %r %>s" ftp_command<br/>
+      LogFormat "%{%b %e %H:%M:%S %Y}t %T %a %B %U %M %F %d %W %u %S %Z %Y" ftp_transfer<br/>
+      <br/>
+      &lt;VirtualHost _default_:990&gt;<br/>
+      <br/>
+      &#160;&#160;FTP On<br/>
+      &#160;&#160;SSLEngine On<br/>
+      &#160;&#160;FTPImplicitSSL On<br/>
+      <br/>
+      &#160;&#160;SSLCertificateFile    ssl/server.crt<br/>
+      &#160;&#160;SSLCertificateKeyFile ssl/server.key<br/>
+      <br/>     
+      &#160;&#160;ErrorLog logs/ftps_error.log<br/>
+      <br/>
+      &#160;&#160;CustomLog logs/ftps_command.log ftp_command<br/>
+      &#160;&#160;CustomLog logs/ftps_transfer.log ftp_transfer env=do_transfer_log<br/>
+      <br/>
+      &#160;&#160;DocumentRoot "/usr/local/apache2/htdocs"<br/>
+      <br/>
+      &lt;/VirtualHost&gt;<br/>
+    </example>
+
+    <note>The above shows the simplest possible configuration of a
+    TLS-enabled FTP virtual host.  You should not use this in
+    production unless sufficient authentication and access control is
+    added. </note>
+
+  </section>
+<!--
+  <section id="clientauth">
+    
+    <title>Client-side Certificate Authentication</title>
+
+  </section>
+-->
+
+  <section id="clientsupport">
+
+    <title>Client Support for FTP over TLS</title>
+
+    <p>An ever-growing number of FTP clients implements FTP over
+    TLS, and listing them all is outside the scope of this document.
+    A list can be found on <a
+    href="http://en.wikipedia.org/List_of_FTP_clients">Wikipedia</a>.
+    When selecting a client, do keep in mind that the <em>FTP over
+    SSH</em> protocol (sometimes also called <em>SFTP</em>) is not
+    supported by <module>mod_ftp</module>.</p>
+
+  </section>
+
 </manualpage>

Modified: httpd/mod_ftp/trunk/docs/manual/ftp/index.html.en
URL: http://svn.apache.org/viewvc/httpd/mod_ftp/trunk/docs/manual/ftp/index.html.en?view=diff&rev=511957&r1=511956&r2=511957
==============================================================================
--- httpd/mod_ftp/trunk/docs/manual/ftp/index.html.en (original)
+++ httpd/mod_ftp/trunk/docs/manual/ftp/index.html.en Mon Feb 26 11:21:05 2007
@@ -21,12 +21,35 @@
 <p><span>Available Languages: </span><a href="../en/ftp/" title="English">&nbsp;en&nbsp;</a></p>
 </div>
 
-<p>This is the FTP Protocol Module</p>
+    <p>The FTP Protocol Module provides support for the File Transfer
+       Protocol to the Apache HTTP Server.  It allows you to combine
+       Apache's powerful authentication, SSL encryption, dynamic
+       content and filtering capabilities with the venerable FTP
+       protocol.</p>
 </div>
-<div id="quickview"><ul id="toc"><li><img alt="" src="../images/down.gif"
/> <a href="#documentation">Documentation</a></li>
+<div id="quickview"><ul id="toc"><li><img alt="" src="../images/down.gif"
/> <a href="#howtogetftp">How to Obtain the FTP Protocol Module</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#documentation">Documentation</a></li>
 <li><img alt="" src="../images/down.gif" /> <a href="#mod-ftp"><code>mod_ftp</code></a></li>
 </ul></div>
 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif"
/></a></div>
+<div class="section">
+<h2><a name="howtogetftp" id="howtogetftp">How to Obtain the FTP Protocol Module</a></h2>
+
+    
+
+    <p>The <code class="module"><a href="../mod/mod_ftp.html">mod_ftp</a></code>
module is a subproject of the <a href="http://httpd.apache.org/">Apache HTTP Server</a>
project and
+    is at this time not distributed with the server.  Its source code
+    can be checked out from the Apache Subversion repository at: </p>
+
+    <p><a href="http://svn.apache.org/repos/asf/httpd/mod_ftp/trunk">http://svn.apache.org/repos/asf/httpd/mod_ftp/trunk</a></p>
+
+    <p>See the Apache HTTP Server <a href="http://httpd.apache.org/dev/">Developer
Resources</a> page
+    for more information about the Subversion repository.</p>
+
+    <p>Instructions for building <code class="module"><a href="../mod/mod_ftp.html">mod_ftp</a></code>
are included
+    in the <em>STATUS</em> file in the repository.</p>
+
+</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif"
/></a></div>
 <div class="section">
 <h2><a name="documentation" id="documentation">Documentation</a></h2>
 <ul>

Modified: httpd/mod_ftp/trunk/docs/manual/ftp/index.xml
URL: http://svn.apache.org/viewvc/httpd/mod_ftp/trunk/docs/manual/ftp/index.xml?view=diff&rev=511957&r1=511956&r2=511957
==============================================================================
--- httpd/mod_ftp/trunk/docs/manual/ftp/index.xml (original)
+++ httpd/mod_ftp/trunk/docs/manual/ftp/index.xml Mon Feb 26 11:21:05 2007
@@ -32,8 +32,33 @@
 <title>Apache FTP Protocol Support</title>
 
 <summary>
-<p>This is the FTP Protocol Module</p>
+    <p>The FTP Protocol Module provides support for the File Transfer
+       Protocol to the Apache HTTP Server.  It allows you to combine
+       Apache's powerful authentication, SSL encryption, dynamic
+       content and filtering capabilities with the venerable FTP
+       protocol.</p>
 </summary>
+
+<section id="howtogetftp">
+
+    <title>How to Obtain the FTP Protocol Module</title>
+
+    <p>The <module>mod_ftp</module> module is a subproject of the <a
+    href="http://httpd.apache.org/">Apache HTTP Server</a> project and
+    is at this time not distributed with the server.  Its source code
+    can be checked out from the Apache Subversion repository at: </p>
+
+    <p><a
+    href="http://svn.apache.org/repos/asf/httpd/mod_ftp/trunk">http://svn.apache.org/repos/asf/httpd/mod_ftp/trunk</a></p>
+
+    <p>See the Apache HTTP Server <a
+    href="http://httpd.apache.org/dev/">Developer Resources</a> page
+    for more information about the Subversion repository.</p>
+
+    <p>Instructions for building <module>mod_ftp</module> are included
+    in the <em>STATUS</em> file in the repository.</p>
+
+</section>
 
 <section id="documentation"><title>Documentation</title>
 <ul>

Modified: httpd/mod_ftp/trunk/docs/manual/mod/mod_ftp.html.en
URL: http://svn.apache.org/viewvc/httpd/mod_ftp/trunk/docs/manual/mod/mod_ftp.html.en?view=diff&rev=511957&r1=511956&r2=511957
==============================================================================
--- httpd/mod_ftp/trunk/docs/manual/mod/mod_ftp.html.en (original)
+++ httpd/mod_ftp/trunk/docs/manual/mod/mod_ftp.html.en Mon Feb 26 11:21:05 2007
@@ -101,12 +101,11 @@
 <tr><th><a href="directive-dict.html#Status">Status:</a></th><td>External</td></tr>
 <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ftp</td></tr>
 </table>
-      <p>This directive defines the port or ports that the Covalent
-	Enterprise FTP Server will use when making an active connection
-	to the client.  It accepts one or two arguments.  If only one
-	argument is given, the server will always use that port.  If
-	two arguments are given, the server will treat them as a range
-	of ports to be used.</p>
+      <p>This directive defines the port or ports that mod_ftp will
+	use when making an active connection to the client.  It accepts
+        one or two arguments.  If only one argument is given, the server
+        will always use that port.  If two arguments are given, the
+        server will treat them as a range of ports to be used.</p>
 
       <div class="note"><p>By default, Apache will not allow the FTP server to
use
 	  privileged ports for active connections.  If you specify a
@@ -166,7 +165,7 @@
 <tr><th><a href="directive-dict.html#Status">Status:</a></th><td>External</td></tr>
 <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ftp</td></tr>
 </table>
-      <div class="note">Not documented by Covalent</div>
+      <div class="note">Not documented</div>
     
 </div>
 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif"
/></a></div>
@@ -179,7 +178,7 @@
 <tr><th><a href="directive-dict.html#Status">Status:</a></th><td>External</td></tr>
 <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ftp</td></tr>
 </table>
-      <div class="note">Not documented by Covalent</div>
+      <div class="note">Not documented</div>
     
 </div>
 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif"
/></a></div>
@@ -199,13 +198,11 @@
 	is defined.  The <code>envvar</code> variable must contain a
 	full, rooted file path, e.g. <code>/some/path</code> on Unix
 	or <code>d:/some/path</code> on Windows.</p>
-      
-      <p>This may be used with the <code class="directive">CovalentLDAPPassProperty
-	</code> directive, or other directives that provide an
-	environment variable assignment, to change FTP's Document Root
-	on a per-user basis.</p> 
-      <div class="example"><p><code>CovalentLDAPPassProperty homeDir </code></p><p><code>FTPDocRootEnv
homeDir</code></p><p>Extract a user's LDAP <code>homeDir</code>
property, and
-	  then use it for the user's FTP Document Root.</p></div>
+      <p>This may be used with any authentication module which sets
+        the value of an environment variable based on the logged in
+        user or another condition (similar to <code class="module"><a href="../mod/mod_env.html">mod_env</a></code>
+        or <code class="module"><a href="../mod/mod_setenvif.html">mod_setenvif</a></code>
to change FTP's Document Root
+        on a per-user basis.</p> 
     
 </div>
 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif"
/></a></div>
@@ -307,13 +304,12 @@
 <tr><th><a href="directive-dict.html#Status">Status:</a></th><td>External</td></tr>
 <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ftp</td></tr>
 </table>
-      
-      <p>To allow for <code class="directive"><a href="#ftplimitloginuser">FTPLimitLoginUser</a></code>
and
-	<code class="directive"><a href="#ftplimitloginserver">FTPLimitLoginServer</a></code>
capability, the FTP
-	server uses a small DBM file to store login data.  This
+      <p>To provide <code class="directive"><a href="#ftplimitloginuser">FTPLimitLoginUser</a></code>
+        and <code class="directive"><a href="#ftplimitloginserver">FTPLimitLoginServer</a></code>
+        features, mod_ftp uses a small DBM file to store login data.  This
 	directive determines the filename-path of that database file.
-	If either <code>FTPLimit</code> directive is used, this
-	must point to a valid file-location.</p>
+	If either <code>FTPLimit</code> directive is used, this directive
+        must specify a filename for this DBM, writeable by the server.</p>
       <div class="example"><p><code><code>FTPLimitDBFile logs/ftplogins</code></code></p></div>
       
 </div>
@@ -328,7 +324,7 @@
 <tr><th><a href="directive-dict.html#Status">Status:</a></th><td>External</td></tr>
 <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ftp</td></tr>
 </table>
-      <div class="note">Not documented by Covalent</div>
+      <div class="note">Not documented</div>
     
 </div>
 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif"
/></a></div>
@@ -473,9 +469,9 @@
 	    the server to show files that the user does not have
 	    authorization to retrieve and directories that the user
 	    does not have authorization to enter (<code>cd</code> will
-	    fail) when it receives a <code>LIST</code> request.  This
-	    enables the Covalent Enterprise FTP Server to behave like
-	    most standard FTP servers, where users are allowed to list
+	    fail) when it receives a <code>LIST</code> or similar
+            <code>NLST</code> command.  These commands will then behave 
+            as most standard FTP servers, where users see the list of
 	    all files and directories, even those they are not allowed
 	    to access.</p>
 	</dd>



Mime
View raw message