Kombuyutarkaaga u rog server-ka FTP maxalli ah oo wata IIS: Hage dhammaystiran

Kombuyutarkaaga u beddel server-ka FTP-ga ee IIS Waa hab degdeg ah oo xoog badan oo lagu wadaago faylasha shabakadaada (iyo, haddii aad xiisaynayso, si ammaan ah internetka). IIS waxaa ka mid ah adeeg FTP ah oo qaan-gaar ah, oo leh taageero xaqiijinta aasaasiga ah, go'doominta isticmaalaha, FTPS (SSL/TLS), gooyn horumarsan, iyo habayn si fiican loo habeeyey ee isku xidhka, shaandhaynta, iyo fariimaha.

Tilmaan-bixiyahan, waxaad ka heli doontaa socod dhammaystiran oo isku-dhafan sida ugu wanaagsan ee dhowr habab oo ay daabacday Microsoft iyo khubarada: rakibaadda doorka, abuurista goobta, qaabeynta amniga iyo dab-damiska, cabbirrada adeegga caadiga ah, go'doominta, shaandhaynta codsiga, soo-gelinta isticmaaleyaasha, tijaabinta konsole/browser, iyo xitaa sida loo abuuro goobta adoo tafatiraaya faylka ApplicationHost.config. Waxa kale oo aad arki doontaa * beddelaad* iyo qoraallo wax ku ool ah oo ku saabsan oggolaanshaha NTFS si ay wax walba ugu socdaan si habsami leh.

Shuruudaha, iswaafajinta iyo fikradaha waa inay cad yihiin

IIS 8 in Windows Server 2012 iyo Windows 8 hadda waxaa ku jira server-ka FTP aad ayayna u fududahay in la dhaqaajiyo. Deegaanadii hore (IIS 7.0/7.5 ee Windows Server 2008/2008 R2 iyo Windows 7) Adeegga FTP waxaa loo qaybiyay sifo ahaan (7.5 oo lagu daray 7.5; 7.0 si gaar ah ayaa loo soo dejiyay), laakiin hawlgalka qaabaynta ayaa aad u eg.

Qalab ku habboon (sida ku cad dukumeenti Microsoft iyo sida loo sameeyo): Windows Server 2012 iyo Windows 8 ee IIS 8, iyo Windows Server 2008/2008 R2/Windows 7 ee IIS 7.x oo leh moduleka FTP ee u dhigma. Ka dhig mid anfacaya rukhsadaha maamulaha iyo, haddii aad rabto inaad ku daabacdo internetka, gelitaanka firewall/router-ka.

Tallaabada 1. Ku rakib adeegga FTP ee IIS

Windows Server 2012 (IIS 8)

1. Furo Maareeyaha Adeegga Guriga oo guji "Ku dar doorarka iyo sifooyinka."
2. Rakibaadda ku salaysan ama doorka ku salaysan iyo "Ka dooro server kooxda server"; dooro server u socda.
3. Door Server Web (IIS) oo balaadhi "Server FTP" si aad u doorato "FTP Server" iyo "Adeegga FTP"; aqbal sifooyinka loo baahan yahay.
4. Ku sii soco Xiga gudaha "Select sifooyinka" oo ku xaqiiji "xaqiiji xulashada rakibaadda", ka dib riix "Ku rakib".

Windows 8 (IIS 8)

1. Guddiga Xakamaynta → Barnaamijyada → "Daar ama dami sifooyinka Windows".
2. Adeegyada Macluumaadka Internetka → Balaadhi "FTP Server" oo dooro "Serfarka FTP" iyo "Adeegga FTP"; aqbal oo codso.

Talooyin wax ku ool ah: Server 2012, calaamadee "Ku dar qalabka maamulka (haddii ay khuseyso)" si nidaamku ugu daro qalabka loo baahan yahay hal mar.

Maqaalka laxiriira:

Casharka ku saabsan samaynta server-ka FTP ee gurigaaga ee Windows

Tallaabada 2. Samee goobta FTP gudaha IIS

1. Fur Maareeyaha IIS iyo guddiga Xidhiidhada, dooro noodhka "goobaha".
2. Ficilada → Ku dar goobta FTP. siin a "Magaca Goobta FTP" qeexid oo dooro kuwa Jidka gelitaanka jirka (tusaale ahaan, %SystemDrive%\inetpub\ftproot ama C:\FTP haddii aad kala saarayso waxa ku jira).
3. Links iyo SSL: Dooro "Cinwaanka IP" (waxaad ka tagi kartaa "Dhammaan kuwa aan la magacaabin" ama waxaad cayimi kartaa IP), "Port" (21 sida caadiga ah) iyo ikhtiyaar ahaan "Virtual Host" haddii aad qorsheyneyso FTP-yo badan oo isku mid ah.
4. SSLHaddii aad hore u haysatay shahaado, dooro oo dooro "Oggolow SSL" (lagu daray) ama "Require SSL" (FTPS ayaa loo baahan yahay). Haddii kale, si ku meel gaar ah uga tag iyada oo aan la hubin oo ku soo celi shaashaddan ka dib markaad abuurto shahaadada.
5. XaqiijintaU deji "Aasaasiga ah" ee nidaamka / AD aqoonsiga isticmaalaha iyo "Anonymous" kaliya haddii aad rabto meel dadweyne ah (xusuus: u dir furaha sirta ah qoraal cad haddii aadan isticmaalayn FTPS).
6. Oggolaansho: "Oggolow gelitaanka" → "Dhammaan isticmaalayaasha", "Isticmalayaasha aan la garanayn", "Doorka isticmaale ee la cayimay ama kooxaha", ama "Isticmalayaasha la cayimay". Calaamadee ogolaanshaha "Akhrin" iyo, haddii ay khuseyso, "Qoritaanka".
7. Dhameystir iyo, haddii aad doorbidayso, ka saar "Bilow goobta FTP si toos ah" si aad adigu u bilowdo ka dib markaad si fiican u hagaajiso.

Microsoft IIS 7.x XusuusinTusaalayaalkooda, waxay abuuraan "Goobteyda FTP-ga cusub," waxay dejiyeen 127.0.0.1:21, oggolow SSL, oo oggolaadaan akhrinta qarsoodiga ah. Kadibna waxay awood u siinayaan xaqiijinta aasaasiga ah iyo sharciga oggolaanshaha ee "maamulaha" isticmaalaha ogolaanshaha akhriska iyo qoraalka. Qaabku wuxuu u shaqeeyaa si la mid ah IIS 8.

Tallaabada 3. Habaynta Caalamiga ah iyo Qiimaha Default ee Adeegga FTP

Meesha FTP-ga ayaa meesha ka baxday codso goobo cusub. Gudaha IIS, "Defaults Site FTP" waxay kuu ogolaaneysaa inaad bedesho xulashooyinka aad rabto inaad ogaato:

• General: "Oggolow UTF-8" (runtu si toos ah) iyo "Si toos ah u bilow" (kabaha laga bilaabo goobta marka la abuurayo ama marka la bilaabayo adeegga).
• Xiriirinta: "Hubi el tiempo Wakhtiga kama dambaysta ah ee kanaalka, kanaalka xogta wakhtiga dhimista, Dami safka Socket-ka, Xidhiidhada ugu badan, Dib-u-dejinta xidhiidhada ugu badan, Diiwaanka Dhagaysiga Server-ka, iyo Wakhtiga Aan La Xaqiijin.
• kaydka aqoonsiga: "La dajiyay" iyo "Flush Interval" (ilbiriqsi ayaa lagu hayaa kaydka).
• Xakamaynta faylka" Oggolow in la akhriyo faylasha marka la soo geliyo", "Oggolow beddelka magaca beddelka" iyo "Keep qayb gelinta".

Trick: Haddii aad filayso macaamiil badan ama wareejin dheer, kordhi wakhtiyada oo hagaaji "Xiriirka ugu badan". Goobaha leh IP-yada kala duwan, Dami safka godka iska ilaali safafka la wadaago.

Tallaabada 4. Taageerada Firewall iyo habka dadban

FTP waxay isticmaashaa kanaalka xakamaynta (21) iyo kanaalada xogtaHabka daahsoon, server-ku wuxuu furay dekedo dheeraad ah. Waxaa jira laba hawlood: habaynta tirada dadban ee IIS iyo, dhanka kale, furitaanka dekedahaas dab-damiska Windows iyo, haddii ay khuseyso, xadka/ISP.

1. IIS → Taageerada FTP Firewall: Waxay qeexaysaa "Data Channel Range Range" (tusaale 5000-6000 ama 0-0 ee ephemeral) iyo "Firewall External IP Address".
2. Windows Firewall oo leh Badbaado Sare: Wuxuu abuuraa xeerarkii hore ee "FTP Server", oo ogolanaya isku xidhka, oo xaqiijiya in dekedda 21 iyo tirada dadban ay furan yihiin. Dib ayuu u bilaabayaa adeega hadii lagu baahdo.

Haddii aad ku daabacdo internetkaMarka laga soo tago xeerarka maxalliga ah, u gudbi dekedda 21 iyo kala duwanaanta dadban ee ku wareegsan routerkaaga/firewallka IIS serverka IP.

Tallaabada 5. Go'doominta isticmaalayaasha FTP

Go'doominta isticmaalaha Waxay ka ilaalisaa isticmaalaha inuu wax ka baadho meel ka baxsan xididkooda. Ikhtiyaarada ugu waaweyn ee "Go'doominta Isticmaalaha FTP" waa:

• Ha takoorin isticmaalayaashaDhammaan fadhiyadu waxay ka bilowdaan buugga xididka ee goobta FTP. Ikhtiyaar ahaan, "Username Directory" (haddii fayl la mid ah magac isticmaaluhu jiro, tag halkaas; haddii kale, gal xidid).
• Ka saar isticmaalayaasha:
  • Tusaha Magaca isticmaale (Dami tusaha farsamada ee caalamiga ah): ku quful isticmaalaha galkiisa (jidhka/virtual) ee magaciisa.
  • Tusaha magaca isticmaale ee jirka (kar geliya hagayaasha farsamada ee caalamiga ah): la mid ah, laakiin hagayaasha farsamada gacanta ee caalamiga ah ayaa sidoo kale khuseeya.
  • Tusaha Guriga FTP ee Hagaha FirfircoonU isticmaal guriga lagu habeeyay AD akoon kasta.
  • Caado: bixiyayaasha gaarka ah (scenarios horumarsan).

qaabeyntaFuro "FTP User Isolation", dooro qaabka, oo haddii aad isticmaalayso AD, dejiso aqoonsiga galitaanka AD adoo isticmaalaya badhanka "Set". Codso isbedelada

Maqaalka laxiriira:

Sida loogu daro fur-gaabyada goobaha shabakadaha ama server-yada 'PC Tani' ee Windows

Talaabada 6. Ikhtiyaarada Browsing Hagaha

Daalacashada Hagaha FTP waxay xakameysaa qaabka liiska ay macaamiishu arkaan marka ay wax baadhayaan:

• Habka liiska: MS-DOS ama UNIX.
• fursadaha: tus hagaha farsamada gacanta, bytes la heli karo, iyo sannadaha afar-god ah.

Hagaajin waafaqid macmiilka aad isticmaashid (tusaale ahaan, qoraalada qaarkood waxay filayaan qaabka UNIX) oo waxay khuseeyaan goobta ama heerka serverka.

Tallaabada 7. Xakamee isku dayga gelitaanka

Si loo yareeyo weerarada xoogga ah, "Xakamaynta Isku-dayga Galitaanka FTP" waxay kuu ogolaanaysaa inaad dejiso:

• Tirada ugu badan ee isku dayga (default 4) iyo waqti go'an (30 saad ee caadiga ah).
• Acción: Si toos ah u diid IP-ga ama kaliya log.

Talo soo jeedin: Waxay sahlaysa xaddidaadda dhammaan goobaha wax-soo-saarka waxayna la socdaan dhacdooyinka ku jira fiiryaha log FTP.

Tallaabada 8. Shaandhaynta codsiyada FTP

Shaandhaynta codsiyada FTP Waa lakab ammaan si loo xaddido borotokoolka iyo gelitaanka:

• Magaca faylka dheereynta: oggolow/diidid.
• Qaybaha qarsoon: Diid waddooyinka (tusaale, magacyada galleyda xasaasiga ah).
• Loo diiday URL taxanaha: Jooji qaababka waddooyinka.
• AmaradaOggolow/ diidi amarrada FTP gaarka ah (horumarsan; si taxaddar leh u isticmaal ama waxaad ka tagi kartaa server-ka mid aan la heli karin).

Ku beddel goob ahaan iyadoo ku xiran khatarta (tusaale, diid DELE haddii aadan rabin in la tirtiro).

Tallaabada 9. Galitaanka FTP

Diiwaanka FTP waa furaha baadhista iyo ogaanshaha. Ikhtiyaarada:

• Faylka log per: Goobta ama Server-ka.
• Goobaha W3C: Dooro macluumaadka aad kaydinayso.
• Hagaha abuse: dariiqa salka iyo codeynta (UTF8/ANSI).
• Beddelida faylka: wareegga wakhtiga (saac/maalin/toddobaadkii/bishii), cabbirka ugu sarreeya ama wareeg la'aan.
• Waqtiga maxaliga ah ee magacyada faylka iyo wareejinta.

Consejo: isku rog maalin kasta ama cabbir oo u dhig diiwaannada si loo gorfeeyo.

Maqaalka laxiriira:

Sida loo rogo Android-kaagii hore server-ka warbaahinta guriga oo awood leh

Tallaabada 10. Farriimaha FTP iyo Banner

Fariimaha FTP Kuu ogolaanayaa inaad soo bandhigto qoraalka markaad isku xirayso, soo dhawaynayso, ka baxayso, ama marka tirada ugu badan ee isku xidhka la gaadho. Dabeecadaha:

• Ka saar calanka caadiga ah.
• Doorsoomayaasha isticmaalaha farriimaha: %BytesLagu Helay%, %BytesSent%, %SessionID%,%SiteName%,%UserName%.
• Fariimaha faahfaahsan ee codsiyada maxaliga ah.

Habayn Banner, Soo dhawoow, Bixinta iyo Qoraallada Xiriirinta ugu badan si loo bixiyo macnaha guud iyo xeerarka isticmaalka.

Isticmaalayaasha NTFS, Kooxaha, iyo Oggolaanshaha Guriga FTP

Kala saar nuxurka oo adeegso mabda'a mudnaanta ugu yarSocodka caadiga ah:

1. Abuur isticmaale gaar ah (ama dhowr) iyo, haddii ay khuseyso, koox si ay u maareeyaan oggolaanshaha guud. Daaqadaha, fur maamulka isticmaalaha oo ku samee isticmaalaha furaha sirta ah (waxaad u dejin kartaa inuusan waligii dhicin haddii uu yahay adeege).
2. Samee gal FTP (tusaale ahaan, C: \ FTP) oo fur "Properties → Security → Advanced Options".
3. Distoor dhaxalka iyo "U beddelo rukhsadaha la dhaxlo si aad oggolaansho cad ugu beddelato shaygan."
4. delete Gelida aan loo baahnayn (tusaale, "Isticmalayaasha" mishiinka haddii aysan ahayn inay galaan).
5. Ku dar isticmaale/koox FTP oo ku sii "Kontoroolka Buuxa" galka si aad u akhrido/qorto/tirto khaladaad la'aan.

Isku xidh jidka marka la abuurayo goobta IIS oo xaddidaya oggolaansho ee saaxir ah kuwa isticmaala/kooxaha leh ogolaanshaha lagama maarmaanka ah.

FTP hagayaasha farsamada

Tusaha macmalka ah khariidado waddo jireed oo loo maro magac ku dhex jira FTP. Tusaale ahaan, alias "dir2" oo tilmaamaya C: \ ftp \ directory2. Isticmaaluhu wuu samayn karaa cd dir2 oo ay helaan waxa ku jira iyada oo aan daaha laga qaadin jidka dhabta ah.

Isticmaalka caadiga ahIsku dhafka faylalka kala firdhisan ee hoos yimaada hal xidid oo FTP ah ama la wadaag faylal hoose oo gaar ah isticmaaleyaal badan marka la isticmaalayo go'doominta hagaha farsamada ee caalamiga ah.

Shahaadooyinka iyo FTPS (SSL/TLS) gudaha IIS

Si loo ilaaliyo aqoonsiga iyo xogta, awood FTPS. Tallaabooyinka aasaasiga ah:

1. Samee shahaado: Gudaha IIS (heerka server), "Shahaadooyinka Adeegga" → "Abuur Shahaado Is Saxiixeed". Geli magac oo keydi (Bakhaar Gaar ah). Haddii kale, isticmaal CA ama ku abuur mid leh PowerShell (tusaale: New-SelfSignedCertificate -FriendlyName "FTP Server" -CertStoreLocation cert:\\LocalMachine\\My -DnsName ftp.midominio.com).
2. Ku xidh bogga FTPTag "FTP SSL Settings", dooro shahaadada oo dooro "Require SSL" (ama "Oggolow SSL" haddii aad rabto inaad ku hayso taageerada aan qarsoodi ahayn LAN).
3. macmiilkaIsticmaal "FTP oo leh TLS/SSL sir cad" (dekedda 21) macaamiisha sida WinSCP ama FileZilla.

Faahfaahin muhiim ah: SFTP (dhaaf SSH) aan la mid ahayn FTPS; IIS waxay fulisaa FTPS. Haddii macmiilku si gaar ah ugu hadlo SFTP, lama shaqayn doono IIS.

Tijaabinta ka socota console-ka iyo browserka

Hubinta ugu horeysa ee maxaliga ah (CMD):

1. isku xir con ftp localhostImtixaanada dad waynaha, isticmaal "annymous" iyo iimaylkaaga; imtixaanada gaarka ah, isticmaal "administrator" ama isticmaalaha aad abuurtay.
2. Gal fayl con put archivo.extensión; firfircoon hash si aad u aragto horumarka haddii macmiilkaagu uu taageero.

Beddel degdeg ah: Fur File Explorer oo ku qor ftp://IP_del_Servidor Bar ciwaanka, geli warqadaha aqoonsiga marka laguu soo jeediyo oo xaqiiji inaad arki karto oo aad maareyn karto waxa ku jira si waafaqsan ogolaanshaha.

Beddelka: Seerarka FTP qolo saddexaad (FileZilla Server)

Haddii aad doorbidayso hab aan IIS ahaynServer FileZilla wuxuu kuu ogolaanayaa inaad dejiso server-ka FTP maxalli ah oo leh rakibaad la caawiyay: rakib, gal konsole, samee isticmaalayaasha, meelayso furaha sirta ah, oo aad u qoondayso ogolaanshaha galka la wadaago. Tani waxay faa'iido u leedahay kombuyuutarrada isticmaalaha, in kasta oo deegaannada Windows Server-ka, IIS ay bixiso is-dhexgalka iyo amniga FTPS iyo sifooyinka kor lagu sharaxay.

Abuuritaanka goobta FTP adoo tafatiraya ApplicationHost.config

Marka lagu daro saaxirkii IIS, waxaad samayn kartaa goobta adigoo tafatiraya %SystemRoot%\\System32\\inetsrv\\config\\ApplicationHost.config oo leh mudnaanta maamulaha:

• Labalaab Gelida "Default Web Site" gudaha <sites>, u magacow wax sida "Default FTP Site", beddelo protocol "ftp", ku physicalPath ilaa %SystemDrive% \\ inetpub \\ ftproot iyo isku xirka *:21:.
• Iskujir goobta hoosteeda qayb <ftpServer> con <security>: awood anonymousAuthentication Haddii aad rabto akhris qarsoodi ah, basicAuthentication haddii aad rabto shahaadooyin, oo deji siyaasadda SSL si aad "Oggolow" haddii aadan weli u baahnayn.
• Qayb site-gaar ah, ku daray <system.ftpServer><security><authorization> oo leh xeerar: tusaale ahaan, oggolow in loo akhriyo "*" iyo in loo akhriyo/qorto "maamulaha".

Kaydi oo dib u soo deji IIS; Waxaad hadda awoodi doontaa inaad ku xidho "localhost" macmiilka FTP oo aad xaqiijiso labadaba qarsoodi (akhri) iyo mid la xaqiijiyay (akhri/qor) gelitaanka si waafaqsan xeerarkaaga.

Dhammaan kuwan kor ku xusan, waxaad haysataa server-ka FTP adag ee IIS, oo leh FTPS, go'doominta isticmaalaha, xeerarka dab-damiska, shaandhaynta, gaynta, iyo fariimaha gaarka ah; oo lagu daray oggolaanshaha NTFS oo si fiican loo habeeyey, hagayaal toosan oo dabacsanaan ah, iyo qaab beddelka qaabaynta faylka si loo habeeyo hawlgelinta.

Isaac

Qora xamaasad leh oo ku saabsan adduunka bytes iyo farsamada guud ahaan. Waxaan jeclahay inaan aqoontayda ku wadaago qoraal, taasina waa waxa aan ku samayn doono blog-gan, ku tusi doona dhammaan waxyaabaha ugu xiisaha badan ee ku saabsan qalabka, software-ka, qalabka, isbeddellada tignoolajiyada, iyo in ka badan. Hadafkaygu waa inaan kaa caawiyo inaad u dhex marato adduunka dhijitaalka ah si fudud oo madadaalo leh.