How to deny FTP uploads for a particular user/group
search cancel

How to deny FTP uploads for a particular user/group


Article ID: 165850


Updated On:


ProxySG Software - SGOS


Block FTP upload from a particular group or user. 


This example will deny FTP upload to the LDAP user test2. The first thing to do is to configure the Proxy FTP Service in order to Intercept traffic.

ProxySG has a default FTP Service used to Intercept both Explicit and Transparent connections. 

Configure an authentication method; this example uses LDAP.

Configure the preferred FTP client. This example uses FileZilla Client in Explicit Proxy configuration.


In order to block FTP upload, deny the FTP commands STOR and STOU. These commands are used to begin transmission of a file to the remote site.

Configure ProxySG using Visual Policy Manager (VPM) or Content Policy Language (CPL). In the first case, create a Web Access Layer. In a new policy Set as Service a Protocol Methods Object.

Select FTP from the Protocol dropdown and check both STOR and STOU from the "Commands that modify data" list. The VPM policy should look like the following:

CPL policy should look like the following:

;; DENY FTP Upload


realm=LDAP user="CN=test2,CN=Users,dc=test,dc=griccia,dc=local" ftp.method=(STOU,STOR) Deny