Skip to main content
We are aware of an issue with a recent Apache update that causes proxied sites to return a "421 Misdirected Request" error. Please see the following article for more information and updates:
Websites show 421 Misdirected Request error while using EA Nginx

"Host Access Control" Does Not Work For Pure-FTPD

Ehsan Dowlatshah
  • Updated

Question

Why does the Host Access Control not work for Pure FTPD?

 

Answer

For Host Access Control (AKA TCPWrappers) to work for a specific service, that service needs to be linked to the libwrap.so.0 shared object/library file. To put it another way, if a given network service has been compiled against the libwrap library file, then we will say that service is a TCP-wrapped service, and consequently, we would be able to manage access to that service via these two files: 

  • /etc/hosts.allow
  • /etc/hosts.deny

We can use the ldd command to determine whether a network service is linked to libwrap. So let's check Pure-FTPD and see if it does support TCP Wrappers: 

ldd /usr/sbin/pure-ftpd | grep -i libwrap
~

As you can see above,  Pure-FTPD has not been compiled against the libwrap library, so TCP-Wrappers (/etc/hosts.{allow,deny}) would not work for this service. Pro-FTPD, on the other hand, does support TCP-Wrappers: 

ldd /usr/sbin/proftpd | grep -i libwrap
	libwrap.so.0 => /lib64/libwrap.so.0 (0x00007fa208034000)

So, to control access to the ftpd daemon, you must use the ProFTPD FTP server. Pure-FTP does not support TCP wrappers.

You can switch to ProFTPD at WHM "Home / Service Configuration / FTP Server Selection".

FTP Server Selection

You can refer to this link from our official documentation for more information on how to configure ProFTPd to utilize the Host Access Control feature: 

ProFTPD Configuration for Host Access Control

 

Related articles

Comments

0 comments

Article is closed for comments.