Microsoft IIS 6.0Administrator's Consultant

The sections that follow examine key tasks for managing FTP sites. You configure most FTP site properties through the IIS snap-in.

Configuring an FTP Site’s Home Directory

Each FTP site on a server has a home directory. The home directory is the base directory for all document transfers. The home directory is mapped to your site’s domain name or to the server name. FTP clients connect to the server and access this directory by default.

With FTP sites configured to use Active Directory, the home directory is arbitrarily assigned at logon and users are mapped directly to their isolated directory. With other types of FTP sites, the home directory is a physical location on the server’s hard disk drive. You can view or change this home directory by completing the following steps:

  1. In the IIS snap-in, access the node for the computer you want to work with and then double-click FTP Sites.

  2. Right-click the FTP site you want to manage and then select Properties.

  3. Select the Home Directory tab, as shown in Figure 9-3.

    Figure 9-3: You can change a site’s home directory at any time.

  4. If the directory you want to use is on the local computer, select A Directory Located On This Computer and then type the directory path in the Local Path field, such as C:\Inetpub\FTProot\. To browse for the folder, click Browse.

  5. If the directory you want to use is on another computer and is accessible as a shared folder, select A Directory Located On Another Computer and then type the UNC path to the share in the Network Share field. The path should be in the form \\ServerName\SharedFolder\, such as \\Gandolf\CorpFTP\.

    Tip

    By default, the user’s credentials are validated prior to accessing the shared folder. If you don’t want users to be prompted or otherwise use their authenticated credentials, click Connect As. This displays the Network Directory Security Credentials dialog box. Clear the Always Use the Authenticated User’s Credentials ... check box, and then enter the user name and password that should be used to connect to the shared folder, such as ADATUM\IUSR_CORPSEVER01.

  6. Click OK twice.

Configuring Ports and IP Addresses Used by FTP Sites

Each FTP site has a unique identity. The identity consists of a TCP port and an IP address. The default TCP port is 21. The default IP address setting is to use any available IP address.

To change the identity of an FTP site, complete the following steps:

  1. If you want the FTP site to use a new IP address, you must configure the IP address before updating the site. For details, refer to Chapter 16, “Managing TCP/IP Networking,” in Microsoft Windows Server 2003 Administrator’s Pocket Consultant.

  2. In the IIS snap-in, access the node for the computer you want to work with. If the computer isn’t shown, connect to it as discussed in the “Connecting To Other Servers” section of Chapter 2 and then perform this task.

  3. Right-click the FTP site you want to manage and then select Properties. The dialog box shown in Figure 9-4 is displayed.

    Figure 9-4: You modify a site’s identity through the FTP Site tab in the Properties dialog box.

  4. The Description field shows the descriptive name for the FTP site. The descriptive name is displayed in the IIS snap-in and isn’t used for other purposes. You can change the current value by typing a new name in the Description field.

  5. The IP Address drop-down list shows the current IP address for the FTP site. If you want to change the current setting, use the drop-down list to select an available IP address, or select (All Unassigned) to allow FTP to respond on all unassigned IP addresses. Multiple FTP sites can use the same IP address if the sites are configured to use different port numbers.

  6. The TCP port for the FTP site is assigned automatically to port 21. If necessary, type a new port number in the TCP Port field. Multiple FTP sites can use the same TCP port if the sites are configured to use different IP addresses.

  7. Click OK.

Restricting Incoming Connections and Setting Time-Out Values

You use connection limits and time-out values to control the number of simultaneous FTP sessions that are allowed. Normally, FTP sites are limited to 100,000 connections and have a time-out of 120 seconds. If you have a server with limited resources, you might want to reduce the number of allowable connections. Keep in mind that once the limit is reached, no other clients are permitted to access the server. The clients must wait until the connection load on the server decreases and connections become available.

The connection time-out value determines when idle user sessions are disconnected. With the default FTP site, sessions time out after they’ve been idle for 120 seconds (2 minutes). This is a good time-out for most FTP uses. If you find that users are complaining about getting disconnected from idle sessions, you might want to increase the time-out value.

You can modify connection limits and time-outs by completing the following steps:

  1. Start the IIS snap-in and then, in the left pane (Console Root), click the plus sign (+) next to the computer you want to work with. Next, double-click FTP sites, right-click the FTP site you want to manage, and then choose Properties.

  2. On the FTP Site tab, the FTP Site Connections frame has two option buttons: Unlimited and Connections Limited To. The Unlimited option removes connection limits, which isn’t a good idea for FTP servers. The Connections Limited To option restricts the number of connections to a specific value. If you select the Connections Limited To option, you must also specify the maximum number of connections that are permitted at any one time.

  3. The Connection Timeout field controls the connection time-out. Type a new value to change the current time-out.

  4. Click OK.

    Tip

    Each connection to an FTP server uses system resources. To reduce the load on the server, you should set a specific connection limit. The default option is Connections Limited To, which allows 100,000 simultaneous connections. On an average-sized server, this is a good value. If a server has limited resources or is used for other purposes, such as publishing your Web site, you might want to reduce this value. If a server is dedicated to FTP or is an enterprise class server, you might want to increase this value.

Creating Physical Directories for FTP Sites

FTP sites can be used for file uploads and downloads. Typically, directories used for uploading data are configured separately from directories used for retrieving data. Separate directory structures provide a clear separation between files that your organization has made available and files that users have uploaded. Here’s a typical directory tree for an FTP site:

Once you establish the base directory structure, you can add directories to the tree. For example, a software company might have the following subdirectories under %SystemDrive%\Inetpub\FTProot\Public\:

You create physical directories for FTP sites using Windows Explorer. You can create subdirectories within the home directory by completing the following steps:

  1. Start Windows Explorer. Click Start and choose All Programs, Accessories, and then Windows Explorer.

  2. In the Folders pane, select the home directory for the FTP site.

  3. In the Contents pane, right-click a blank area and then, from the shortcut menu, select New and then Folder. A new folder is added to the Contents pane. The folder name defaults to New Folder and is selected for editing.

  4. Edit the name of the folder and press Enter. The best folder names are short but descriptive, such as Documentation, Service_Packs, or Patches.

  5. The new folder inherits the home directory’s default file permissions and the FTP site’s default IIS permissions.

    Note

    The IIS snap-in doesn’t automatically display new folders. You might need to click Refresh on the toolbar (or press F5) to display the folder.

Creating Virtual Directories for FTP Sites

To create virtual directories, you first need to create a physical directory. You can create a physical directory using Windows Explorer or create one using the Virtual Directory Creation Wizard. You can configure virtual directories on FTP sites to allow file uploads, file downloads, or both. The way you control file transfers is simple. You set these configurations:

Don’t forget, however, that permissions at the file and folder level also control user permissions. With an anonymous connection, the Internet Guest account must have the appropriate directory permissions. With an authenticated connection, the user or a group in which the user is a member must have the appropriate directory permissions.

You can create a virtual directory by completing the following steps:

  1. Start the IIS snap-in and then, in the left pane (Console Root), click the plus sign (+) next to the computer you want to work with.

  2. Double-click FTP sites and then right-click the FTP site on which you want to create the virtual directory. From the shortcut menu, choose New and then Virtual Directory. This starts the Virtual Directory Creation Wizard. Click Next.

  3. In the Alias field, type the name you want to use to access the virtual directory. As with directory names, the best alias names are short but descriptive.

  4. The next page lets you set the path to the physical directory where your content is stored. Type the directory path or click Browse to search for a directory. The directory must be created before you can select it. If necessary, click Make New Folder in the Browse For Folder dialog box to create the directory before you select it.

  5. Set access permissions for the virtual directory. Read permission allows users to download files. Write permission allows users to upload files.

  6. Click Next and then click Finish. The virtual directory is created.

Redirecting Requests to a Network Share

When the FTP site is configured to use the non-isolated or standard isolated modes, you can redirect a site’s file requests to locations on a network share. This option is useful if you have network attached storage or a dedicated server for file transfers.

To redirect requests to a network share, complete the following steps:

  1. In the IIS snap-in, right-click the FTP site you want to work with and then select Properties.

  2. Select the Home Directory tab and then select A Directory Located On Another Computer.

  3. Type the UNC path to the network share in the Network Share field. The path should be in the form \\ServerName\SharedFolder\, such as \\Gandolf\CorpFTP\. By default, the user’s credentials are validated prior to accessing the shared folder. If you don’t want users to be prompted or otherwise use their authenticated credentials, click Connect As and then specify the credentials to use.

  4. Click OK twice. Now all requests for files on the FTP site are mapped to files on the specified network share.

Setting the Directory Listing Style

When an FTP client accesses an FTP site, it automatically retrieves a directory listing from the server. If the FTP site is configured to use the non-isolated or standard isolated modes, you can configure the style of directory listing in one of two ways:

MS-DOS style listings are the preferred format, as they’re friendlier and easier to navigate. UNIX style listings are compatible with older browsers that might not understand the MS-DOS format. You set directory listing style at the site level. To do this, complete the following steps:

  1. In the IIS snap-in, right-click the FTP site you want to work with and then select Properties.

  2. Select the Home Directory tab and then, under Directory Listing Style, select either UNIX or MS-DOS.

  3. Click OK.

Setting Banner, Welcome, Exit, and Maximum Connections Messages

IIS FTP sites can display four different types of messages: Banner, Welcome, Exit, and Maximum Connections. These messages are called information messages and are set at the site level. Each FTP site configured on your server can have a different set of information messages. Generally, these messages aren’t displayed in Internet Explorer or other graphical FTP client tools. Most command-line FTP clients will, however, display these messages.

Each information message has a different use:

You can configure information messages by completing the following steps:

  1. In the IIS snap-in, right-click the FTP site you want to work with and then select Properties.

  2. Select the Messages tab.

  3. In the Banner field, type your Banner message. Because you’ll usually want to have the same text in your Welcome message, you should copy this text into the Welcome field. Otherwise, type a separate Welcome message.

    Note

    Each line of text should end with a return (carriage return and line feed). If you don’t end each line of text, Internet Explorer’s FTP client might not display your message properly.

  4. In the Exit field, type your Exit message.

  5. In the Maximum Connections field, type your Maximum Connections message.

  6. Click OK.

Категории