Hi: I want to lock down ftp 7.5 for a specific website running on a unique IP and not using hostnames (just ip address).
Under "FTP IPv4 Address and Domain Restrictions", I have "Deny" set for "access for unspecified clients", and I have an "allow" entry for the client IP address I want to give access to.
I've described in an earlier post (http://forums.iis.net/t/1187709.aspx) that I'm failing PCI because of an AuthTLS vulnerability in FTP 7.5. I thought the above settings would lock down the server, but it's still failing the test. Would that be because the "address and domain restrictions" are not performed until after the handshake is completed?
If not, am I not setting the restrictions properly? Or if restrictions only occur after handshake, do I need to block access using Windows Firewall to/from this specific server IP for FTP? (assuming that would work?)
TIA