SFTP Gateway Support

3.0

Disabling the IP Ban Feature

Overview

SFTP Gateway has an automatic IP banning feature that locks out SFTP users. This is intended to automate the blocking of scripted attacks.

However, in some environments, you might need to configure a proxy (such as a firewall appliance) in front of the SFTP Gateway VM. Depending on how it's set up, the IP banning feature could end up blocking the proxy's IP address if it can't figure out the original IP. This results in all SFTP users getting locked out repeatedly.

In this situation, you might consider disabling the IP banning feature altogether.

Disabling the Policy

SSH into the VM, and elevate your privileges to root:

sudo su

Edit the file /opt/sftpgw/application.properties and add the following line:

features.sftp-subsystem.enable-default-ip-banning-policy=false

To apply your change, restart the Java service:

service sftpgw-admin-api restart

This will now disable the IP banning policy.

PreviousNext