Pure-ftpd has no direct support to prevent files with certain extensions from being uploaded. But it’s possible to accomplish this goal using a pure-ftp feature. pure-ftpd has a post-upload program that runs after each file is successfully uploaded and can run an external program. Here’s the excerpt from the pure-ftpd manual:
NAME
pure-uploadscript – Automatically run an external program after a successful uploadSYNTAX
pure-uploadscript [-p ] [-B] [-g] [-h] -r [-u ]
So the program to run in our case can be a simple Bash script I’m going to call ban.sh
#!/bin/bashuploaded_file=${1};
banned_extensions="zip tar rar";for ext in ${banned_extensions};
do
count=$(echo ${uploaded_file}|grep -i ${ext}$|wc -l);
if [ "${count}" -gt "0" ];
then
rm -f ${uploaded_file}; # File with banned extension detected. Delete it.
break;
fi;
done
So you start the program in the background like this:
pure-uploadscript -p /var/run/pure-ftpd.pid -B -r /root/ban.sh
That’s all folks.
2 Responses to “Ban File Extensions Using Pure-ftpd”
Thank you for sharing this!
what does “pure-uploadscript -p /var/run/pure-ftpd.pid -B -r” do anyway?
Don’t forget to pass the script name to it (/root/ban.sh comes after the -r) like this:
pure-uploadscript -p /var/run/pure-ftpd.pid -B -r /root/ban.sh
The command waits for the FTP user to upload a file. As soon as the user uploads the file(s), pure-uploadscript runs the /root/ban.sh script, which in turn checks against a list of banned extensions. If the extensions match (tar zip rar), it removes the file from the uploaded folder.
I hope this makes sense.
Leave a Reply