Request validation exit point: client and server
The request validation exit points can be used to restrict operations which can be performed by FTP users.
Request validation exit points are provided by both the FTP client and server; to restrict both FTP client and FTP server access, exit programs must be added to both exit points.
If you implement anonymous FTP, write your FTP Server Request Validation exit program to restrict anonymous FTP users to retrieve subcommands only, and never allow anonymous users to run CL commands.
What your program should include
- Exception handling
- Debugging
- Logging
Allowed and rejected commands
The FTP Request Validation exit program gives you control over whether to accept or reject an operation. Decisions made by exit programs are in addition to any validation that is performed by the FTP client or FTP server application. The FTP client or server application calls the exit program registered for that application each time it processes one of these requests:
- Directory or library creation
- Directory or library deletion
- Setting current directory
- Listing file names
- File deletion
- Sending a file
- Receiving a file
- Renaming a file
- Running a CL command
You might want to set value -1 of parameter 8 (Allow operation) in the VRLQ0100 exit point format to always and unconditionally reject a command.
Is there an exit program timeout feature?
There is no time-out for FTP exit programs. If the exit program has an error or exception that it cannot handle, the FTP server will stop the session.
Example programs
Example programs are available to help you set up anonymous FTP on your system. These examples are for illustration purposes. They do not contain all the features to run on a production system. Use these examples as a starting point to build your own programs. By copying portions of the code from the examples, you can add them to programs that you write yourself. Run the example programs on a system other than your production system.