I can easily block requests to a directory using a .htaccess file with "deny from all". However, I allow want to allow FTP access via clients and browsers alike. Is there a way I can restrict the denial to HTTP requests only?
1 Answer
Adding as an answer based on comment exchange:
Apache has support for providing FTP services via the optionally loadable module mod_ftp, but most likely you have a dedicated FTP server process running alongside with your web services. The output of netstat -anp | egrep ":21.*LISTEN" which lists all listening sockets on port 21 (ftp) and the process name keeping the socket(s) open should help identify the FTP server process.
I believe mod_ftp uses the same access control mechanisms as the apache server and simply inherits what permissions you've defined for the virtual directory or within the .htaccess file. I can't find any reference that this behavior can be changed in the mod_ftp documentation.
If a different FTP server is used, it likely does not use .htaccess directives for access control. Refer to the respective software documentation on how to set access controls in this case.
answered Feb 1, 2012 at 13:14
netstat -anp | egrep ":21.*LISTEN"should help identify the FTP server process