in Security

Ban File Extensions Using Pure-ftpd

Pure-ftpd has no direct support to prevent files with certain extensions from being uploaded. But it’s possible to accomplish this goal using a pure-ftp feature. pure-ftpd has a post-upload program that runs after each file is successfully uploaded and can run an external program. Here’s the excerpt from the pure-ftpd manual:

NAME
pure-uploadscript – Automatically run an external program after a successful upload

SYNTAX
pure-uploadscript [-p ] [-B] [-g ] [-h] -r [-u ]

So the program to run in our case can be a simple Bash script I’m going to call ban.sh

#!/bin/bash

uploaded_file=${1};
banned_extensions="zip tar rar";

for ext in ${banned_extensions};
do
count=$(echo ${uploaded_file}|grep -i ${ext}$|wc -l);
if [ "${count}" -gt "0" ];
then
rm -f ${uploaded_file}; # File with banned extension detected. Delete it.
break;
fi;
done

So you start the program in the background like this:

pure-uploadscript -p /var/run/pure-ftpd.pid -B -r /root/ban.sh

That’s all folks.

Write a Comment

Comment

Comment moderation is enabled. Your comment may take some time to appear.

  1. Thank you for sharing this!

    what does “pure-uploadscript -p /var/run/pure-ftpd.pid -B -r” do anyway?

  2. Don’t forget to pass the script name to it (/root/ban.sh comes after the -r) like this:

    pure-uploadscript -p /var/run/pure-ftpd.pid -B -r /root/ban.sh

    The command waits for the FTP user to upload a file. As soon as the user uploads the file(s), pure-uploadscript runs the /root/ban.sh script, which in turn checks against a list of banned extensions. If the extensions match (tar zip rar), it removes the file from the uploaded folder.

    I hope this makes sense.

Webmentions

  • two day diet japan lingzhi August 9, 2009

    two day diet japan lingzhi…

    Link exchange is nothing else but it is simply placing the other person web site link on your page at proper place and other person will also do same for you….

  • URL August 9, 2009

    … [Trackback]…

    […] There you will find 87749 more Infos: blog.unixy.net/2009/07/ban-file-extensions-using-pure-ftpd/ […]…