| At line 1 added 24 lines |
| __Q: How can I enable AES256 encryption, or higher encryption for SSL, SSH, PGP, and keystores?__ |
|
| A: See this guide: [JCEInstall] |
|
| ---- |
|
| __Q: What are browser limitations when dealing with Drag and Drop, and the Java Applet for advanced mode?__ |
|
| A: Browsers are a mess in many ways...lets try and detail it here: |
|
| Chrome is the only browser that can natively upload a folder structure. Other browsers will make an attempt, but the browser is missing the support to do it, so it will fail. The advanced mode runs a java applet and it overcomes that ability. |
|
| Windows Limitations:\\ |
| Chrome - no longer supports java, but does handle file/folder uploads natively\\ |
| FireFox - c32bit supports java, 64bit does not. So 32bit can sue the java applet for folder uploads, 64bit cannot. Natively it can upload files though.\\ |
| IE - Only handles drag and drop starting with IE11. IE is slow in all operations due to its poor rendering speed on javascript. Chrome is *much* faster in many areas. But IE can still run Java applets.\\ |
|
| OSX Limitations:\\ |
| Chrome - No longer supports Java, but it natively can handle folders.\\ |
| Safari / FireFox - No drag and drop to the advanced mode applet. Apple/Oracle block all DND operations to Java applets in the browser. It can support file uploads though.\\ |
|
| Resume is supported in the advanced mode, as well as the HTML5 upload mode Chrome, and Edge support. |
| ---- |
|
| At line 37 added one line |
| ---- |
| At line 39 added 7 lines |
| __Q: Is CrushFTP HIPPA certified?__ |
|
| A: CrushFTP is not HIPPA compliant by default, but can be 'hardened' in a few simple steps, to be HIPPAA compliant. Practically, we need to use latest Java with JCE policy files installed then remove the plain HTTP ports, set enforce FTP to FTPES or use FTPS, disable all insecure SSL cyphers, possibly set <fips140>false</fips140> to true in the main config file, prefs.XML. That and paired with on premises hosting will make crush HIPPAA compliant ( actually we have quite a large number of customers from within healthcare environments). Please see our related docs, let us know if need further info |
|
| [Hardening]\\ |
| [JCEInstall]\\ |
| [SSL]\\ |
| At line 47 added one line |
|
| At line 73 changed one line |
| __Q: How can I restart CrushFTP from the command line on Linux?__ |
| __Q: How can I set the cookie notification?__ |
| At line 75 changed one line |
| A: Here is an alternate command script for Linux to handle a friendly QUIT and RESTART. The startup_command in the prefs.xml must also have a –Ddir= value set to the path to CrushFTP. |
| A: You can go to the CrushFTP WebInterface Localizations folder and edit the en.js and update the fields below: |
| At line 77 changed one line |
| [attachments|crushftp_init.sh] |
| CookiePolicyNotificationText : "We use cookies on this site to facilitate your ability to login for technical reasons.", |
| CookiePolicyLinkText : "Cookie Policy", |
| CookiePolicyAcceptButtonText : "Accept", |
| CookiePolicyDismissButtonText : "Dismiss |
| At line 115 added 3 lines |
| In case want to disable this notification, can use this snippet on Prefernces->Webinterface->Custom javascript field |
|
| window.dontShowCookieNotification = true; |
| At line 81 changed one line |
| __Q: How can I enable AES256 encryption, or higher encryption for SSL?__ |
| __Q: How can I restart CrushFTP from the command line on Linux?__ |
| At line 83 changed one line |
| A: The policy files must be downloaded manually and installed in your Java lib/security folder. |
| A: Here is an alternate command script for Linux to handle a friendly QUIT and RESTART. The startup_command in the prefs.xml must also have a –Ddir= value set to the path to CrushFTP. |
| At line 85 changed one line |
| [http://www.oracle.com/technetwork/java/javase/downloads/jce-6-download-429243.html] |
| [attachments|crushftp_init.sh] |
| At line 87 removed 8 lines |
| You may also search google for: 'java unlimited cryptography policy files' |
|
| OS X install location: /System/Library/Frameworks/JavaVM.framework/Versions/CurrentJDK/Home/lib/security/ |
|
| Windows install location: C:\Program Files\Java\jre6\lib\security\ |
|
| Once this has been done, edit the cipher list in the server prefs SSH port item, SSH tab to duplicate the AES128 ciphers and replace the 128 with 256. |
|
| At line 123 removed one line |
| Download and install the Windows Server 2003 Support Tools |
| At line 155 added 9 lines |
| {{{ |
| netsh http add iplisten *your_iis_ip_goes_here* |
| net stop http /y |
| net start w3svc |
| }}} |
| \\ |
| \\ |
| For old servers, use this: Download and install the Windows Server 2003 Support Tools |
|
| At line 170 added 95 lines |
|
| ---- |
| __Q: How do you stop Apache on OSX to bind to ports that are used by CrushFTP ?__ |
|
| A: Try and run the following command from terminal: |
| sudo launchctl unload -w /System/Library/LaunchDaemons/org.apache.httpd.plist |
|
|
| ---- |
|
| __Q: How can I setup port rules in the Windows server?__ |
|
| A: Follow up these screen shots... it's usually almost the same on the majority of Windows servers. |
|
| [attachments|1.png] |
| [attachments|2.png] |
| [attachments|3.png] |
| [attachments|4.png] |
| [attachments|5.png] |
| [attachments|6.png] |
| [attachments|7.png] |
| ---- |
|
| __Q: How can I remove the OS X apache service to regain control over my ports?__ |
|
| A: In terminal, issue these commands. Once OSX Server starts its apache service, it won't stop it. It will only print a message saying its off. |
|
| sudo launchctl unload /System/Library/LaunchDaemons/org.apache.httpd.plist |
|
| sudo launchctl remove /System/Library/LaunchDaemons/org.apache.httpd.plist\\ |
| \\ |
| For OSX 10.11+:\\ |
| {{{ |
| sudo launchctl unload -w /Applications/Server.app/Contents/ServerRoot/System/Library/LaunchDaemons/com.apple.serviceproxy.plist |
| }}} |
| ---- |
|
| __Q: How can I configure CrushFTP to use a proxy for its update check and download system?__ |
|
| A: In a shell prompt, do a startup command like this for a socks proxy: |
|
| java -Dhttps.proxyHost=192.168.1.50 -Dhttps.proxyPort=3128 -Xmx384M -jar plugins/lib/CrushFTPJarProxy.jar –d |
| ---- |
|
| __Q: How can I set up Symantec Endpoint Protection getting the email alerts to send out from CrushFTP.__ |
|
| A: You need to have the Custom Firewall Policy configured on the server -- in addition to the service running as domain admin. |
|
| Create a Separate Group on the Sep Server and dropp CrushFTP box into it. |
| Disable the inherit policies, then do a copy policy on the AntiVirus and Antispyware policy. |
|
| [attachents|FAQ/image001.png]\\ |
|
| Disable the Symantec Internet Email Auto-Protect on Server Policy |
| See pic for Server and where to see it on Client |
|
| [attachements|FAQ/image002.png]\\ |
|
| This is on the client – that is why it is greyed out. |
|
| [attachements|FAQ/image003.png] |
|
| Create Exceptions for the CrushFTP.exe and the Java.exe in the C:\Program Files\ on client and\or server policy |
|
| [attachemnts|FAQ/image004.png] |
|
| ---- |
|
| __Q: How can I configure NGINX proxy to forward uploads without buffering everything first?__ |
|
| # Ensure we allow large files to be uploaded for CrushFTP |
| client_max_body_size 10000M; |
|
| # Switch off buffering so large file uploaded are forwarded to CrushFTP immediately (otherwise just get an error) |
| proxy_request_buffering off; |
|
| (These settings can be placed in NGINX config in the http, server, or location sections, depending on what is best for your usage.) |
|
| ---- |
|
| __Q: How can I default my login page to another language?__ |
|
| You can go to the Admin>>Preferences>>Webinterface>>LoginPage tab and there add the below custom javascript as needed: |
| {{{ |
| window.showLanguageSelection = true; //true/false |
| window.showLanguageSelectionPos = "left"; //left/right |
| window.saveLanguageSelectionInCookie = true; //true/false |
| window.defaultWILanguage = "de"; //any one from : en,cs,da,nl,fr,de,hu,it,pl,es |
| window.detectBrowserLanguage = true; //true/false |
| }}} |
| ---- |
|
| __Q: Who did your voice over audio?__ |
|
| A: On some videos, but not all, we used Eli Wood & Co [http://eliwprod.com/]. They were fast and professional on their delivery! |
