Start a new topic

URL based User Groups

Using just one external IP address:


Can I create two ftp servers using just the URL as the identifier for the 'Server' and the 'User Group'  associated with each 'server'?



eg:


dev.domian.org ->  dev.usergroup

pst.domain.org -? pst.usergroup


In this case the usergroup is determined by the domain.

Same port as well.

I would assign a *.domain.org cert on each site.



Thanks




1 Comment

Several issues with your question.


You said FTP...FTP has no concept of domains. (Same goes for SFTP.)  The FTP client never tells the server what DNS record was used to get the IP they re using to connect with.  So using domains for separation is only possible for HTTP/HTTPS.  For those, yes, its possible to have different user databases based on the domain used to get to the server.  The trick there is doing usernames like "ben@CrushFTP.com" for the "CrushFTP.com" User Connection Group.  That can be enabled...but may be confusing to users why they have to use such a username.


A wildcard domain cert is fine, but you only get one certificate per IP to bind to...and you only have one IP.  The fix to this is using SNI (Server Name Inclusion) but few FTP clients support this with FTPS/FTPES.  Most browsers support it.  What it does is load a different certificate keystone based on the domain being used, before SSL ever starts up.  http://www.crushftp.com/crush7wiki/Wiki.jsp?page=SNI


Thanks,

Ben 

Login to post a comment