我已经在 Windows 10 Pro 机器上从 IIS 设置了 FTP 服务器。
即使我进行了以下设置,仍可以进行未加密访问。我只需通过 telnet 登录并提交USER命令PASS即可成功登录并运行LIST。
我如何强制仅进行 SSL 访问?
答案1
Powershell 脚本仅用于为 SSL 创建 IIS FTP 站点。顺便说一下,这会创建一个新的绑定。
# Install the FTP Server feature
Install-WindowsFeature -Name Web-FTP-Server -IncludeManagementTools
# Set up FTP site
$ftpSiteName = "MyFTPSite"
$ftpRootPath = "C:\inetpub\ftproot"
$ftpBinding = "0.0.0.0:21"
$sslCertThumbprint = "YourSSLThumbprint" # Replace with your SSL certificate thumbprint
New-WebFtpSite -Name $ftpSiteName -PhysicalPath $ftpRootPath -BindingInformation $ftpBinding -Ssl -SslFlags 0 -CertificateHash $sslCertThumbprint
# Configure FTP authentication (you can adjust this based on your needs)
Set-WebConfiguration -Filter "/system.ftpServer/security/authentication" -Value @{
"anonymousAuthentication" = $false
"basicAuthentication" = $true
"windowsAuthentication" = $false
}
# Allow FTP data channel connections
Set-WebConfiguration -Filter "/system.ftpServer/firewallSupport/dynamicIpSecurity" -Value @{
"enableDataChannelPortRange" = $true
"dataChannelPortRange" = "49100-49150"
}
# Restart IIS to apply changes
Restart-Service W3SVC