Re: [SLE] proftpd problem: "Forbidden filename"
On Sunday 02 June 2002 20:42, Nicolas CORNELY wrote:
- [ Réponse à David List ] - [ [SLE] proftpd problem: "Forbidden filename" ]
! I am trying to make an upload directory...
Maybe try something more simple. The more simple the more efficient! Here is my config... and it works on both 7.3 and 8.0. ...<snip>...
Thank you very much. I will try it out and return later. Best regards, David List
On Monday 03 June 2002 15:49, David List wrote:
On Sunday 02 June 2002 20:42, Nicolas CORNELY wrote:
- [ Réponse à David List ] - [ [SLE] proftpd problem: "Forbidden filename" ]
! I am trying to make an upload directory...
Maybe try something more simple. The more simple the more efficient! Here is my config... and it works on both 7.3 and 8.0.
...<snip>...
Thank you very much. I will try it out and return later.
OK, I've got it working now. Thank you. However, it only works when I disable the PathAllowFilter directive in /etc/proftpd.conf. I have not altered the suggestion for the PathAllowFilter directive that was already in the file after installing the SuSE Linux 7.3 proftpd package. It looks like this: PathAllowFilter ".*/[a-zA-Z0-9]+$" When I try uploading a file simply named 'test' I get the "Forbidden filename" message again. I am certainly a regexp expert, but I believe this filet should allow naming files with every alphanumeric character - so how come that it prevents me from uploading a file named 'test'? Best regards, David List
* David List (david@davidlist.dk) [020603 09:45]:
However, it only works when I disable the PathAllowFilter directive in /etc/proftpd.conf. I have not altered the suggestion for the PathAllowFilter directive that was already in the file after installing the SuSE Linux 7.3 proftpd package. It looks like this: PathAllowFilter ".*/[a-zA-Z0-9]+$" When I try uploading a file simply named 'test' I get the "Forbidden filename" message again.
'./test' should work. Kind of a strange regex there, especially since it allows names like ../../../../../libc.so.6 If you had a script that automatically removed files from the writable directory but ran outside of the chroot you could be in for a nasty surprise :) Something a little safer might be '^[a-zA-Z0-9\.\-]+$' That is, the start of the record, any number of alphanumeric characters, '.', and '-', and the end of the record. The clinically paranoid might limit the filename length as well: '^[a-zA-Z0-9\.\-]{1-20}$' which would be at least one character but no more than 20. -- -ckm
On Monday 03 June 2002 19:59, Christopher Mahmood wrote:
'./test' should work. Kind of a strange regex there, especially since it allows names like ../../../../../libc.so.6 If you had a script that automatically removed files from the writable directory but ran outside of the chroot you could be in for a nasty surprise :) Something a little safer might be '^[a-zA-Z0-9\.\-]+$' That is, the start of the record, any number of alphanumeric characters, '.', and '-', and the end of the record. The clinically paranoid might limit the filename length as well: '^[a-zA-Z0-9\.\-]{1-20}$' which would be at least one character but no more than 20.
Thanks, I will try it out. Best regards, David List
participants (2)
-
Christopher Mahmood -
David List