Restrict user with trusted IPs for SFTP and FTPS

Fri 15 February 2019 | security blog

Computer security illustration.

It is common practice to secure a file transfer server using firewall rules which only allow incoming connections from trusted partners.

Let's assume you have a US partner named "ACME Inc", connecting to your server from IP 1.1.1.1 using the user acme-inc, and another German partner called "AlleWerkzeuge AG", connecting to your server from IP 5.5.5.5 using the user alle-werkzeuge-ag.

You can configure your firewall to only allow connections from a list of trusted IPs like 1.1.1.1 and 5.5.5.5, but the firewall doesn't know about usernames. So it will allow the account acme-inc to connect even if the connection is initiated from 5.5.5.5, which is an IP outside of the ACME Inc network.

To complement firewall restrictions, SFTPPlus allows defining a fixed list of trusted IP rules from which it will allow connections for a specific user.

Such a configuration can be defined per user, but also per group, with multiple users inheriting their configuration from the group.

To restrict a specific user to connect through SFTP or FTPS to the file transfer server only from a certain IP (or IPs), you can use the source_ip_filter configuration option in SFTPPlus.

The remote access is denied when the user connects from a source address which is not whitelisted.

Below is a screenshot from our web-based management console demonstrating such a configuration.

Screenshot of SFTPlus account configuration.

Read more about securing your SFTP/FTPS and HTTPS services with SFTPPlus in our documentation page.

Evaluating SFTPPlus MFT

The features listed in this article are just a selected few out of many integration and configuration options that are available today. Feel free to talk to the Support team about your requirements with file transfer software.

SFTPPlus MFT Server supports FTP, Explicit FTPS, Implicit FTPS, SFTP, SCP, HTTP and HTTPS.

SFTPPlus MFT is available as an on-premise solution supported on Windows, Linux, and macOS.

It is also available on the cloud as Docker containers, AWS or Azure instances and many other cloud providers.

Request a trial using the form below.