Command Limiting Policies Overview

You can use Command Limiting Policies to prevent specific IP addresses or users from executing certain commands on an SFTP or FTP server. This is useful in situations where you want to prevent read/write access to your FTP/SFTP servers.

The command limiting policies define:

  • Which protocol the policy applies to: FTP or SFTP

  • IP addresses or users to be denied access to the specified commands

  • Commands to be blocked

  • Whether the policy applies to all instances of the adapter (protocol level) or only to adapter instances that you choose (instance level)

When planning command limiting policies, remember that all instances of the protocol (SFTP/FTP) are affected by the policy.

Define a Command Limiting Policy

To define a command limiting policy:

  1. From the Administration Menu, select Deployment > Adapter Utilities > Policy Configuration.
  2. Next to New Policy, click Go!
  3. Select Command Limiting Policy and click Next.
  4. Enter the Policy Name.
  5. Enter Description.
  6. Select the Policy Mode: IP Address or Range or User Based.
  7. Select the Protocol: FTP or SFTP.
  8. Select the Level at which this policy is applied: Protocol or Instance.
  9. Click Next.
  10. The next screen displayed depends on the Policy Mode you selected.
    • If you selected User Based, select the users affected by this policy and click Next.
    • If you selected IP Address or Range, enter the IP address or range and click Next.

  11. Select the commands that users or IP addresses will NOT be able to execute on the specified servers and click Next. The commands displayed are dependant on the protocol you selected.

  12. Review the policy configuration.
  13. Click Finish to create the policy.

Disable a Command Limiting Policy

To disable a command limiting policy:

  1. From the Administration Menu, select Deployment > Adapter Utilities > Policy Configuration.

  2. In the List panel, in By Policy Type, select Command Limiting Policy and click Go! A list of the command limiting policies are displayed.

  3. Clear the Enabled checkbox for the policy you want to disable.

Enable a Command Limiting Policy

To enable a command limiting policy that has been disabled:

  1. From the Administration Menu, select Deployment > Adapter Utilities > Policy Configuration.

  2. In the List panel, in By Policy Type, select Command Limiting Policy and click Go! A list of the command limiting policies are displayed.

  3. Check Enabled for the policy you want to enable.

Edit a Command Limiting Policy

To edit a command limiting policy:

  1. From the Administration Menu, select Deployment > Adapter Utilities > Policy Configuration.

  2. In the List panel, in By Policy Type, select Command Limiting Policy and click Go! A list of the command limiting policies are displayed.

  3. Select Edit for the command limiting policy you want to enable.
  4. Review and update as required.
  5. Review the updates.
  6. Click Finish to update the policy.

Delete a Command Limiting Policy

Before you can delete a command limiting policy, you must disable it.

To delete a command limiting policy:

  1. From the Administration Menu, select Deployment > Adapter Utilities > Policy Configuration.

  2. In the List panel, in By Policy Type, select Command Limiting Policy and click Go! A list of the command limiting policies are displayed.

  3. If the policy you want to delete is enabled, clear the Enabled checkbox.
  4. Select Delete for the policy you want to delete.
  5. Review and confirm that you want to delete the policy, as the action can not be reversed.
  6. Click Delete.