| At line 1 changed one line |
| __Q: How can I enable AES256 encryption, or higher encryption for SSL?__ |
| __Q: How can I enable AES256 encryption, or higher encryption for SSL, SSH, PGP, and keystores?__ |
| At line 3 changed one line |
| A: The policy files must be downloaded manually and installed in your Java lib/security folder. |
| A: See this guide: [JCEInstall] |
| At line 5 changed 2 lines |
| Java6: [http://www.oracle.com/technetwork/java/javase/downloads/jce-6-download-429243.html] \\ |
| Java7: [http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html] \\ |
| ---- |
| At line 8 changed one line |
| You may also search google for: 'java unlimited cryptography policy files' |
| __Q: What are browser limitations when dealing with Drag and Drop, and the Java Applet for advanced mode?__ |
| At line 10 changed 2 lines |
| OS X Java 6 install location: /System/Library/Frameworks/JavaVM.framework/Versions/CurrentJDK/Home/lib/security/ \\ |
| OS X Java 7 install location: /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/security/ \\ |
| A: Browsers are a mess in many ways...lets try and detail it here: |
| At line 13 changed one line |
| Windows install location: C:\Program Files\Java\jre6\lib\security\ or C:\Program Files\Java\jre7\lib\security\ |
| Chrome is the only browser that can natively upload a folder structure. Other browsers will make an attempt, but the browser is missing the support to do it, so it will fail. The advanced mode runs a java applet and it overcomes that ability. |
| At line 15 changed one line |
| Once this has been done, edit the cipher list in the server prefs SSH port item, SSH tab to duplicate the AES128 ciphers and replace the 128 with 256. |
| Windows Limitations:\\ |
| Chrome - no longer supports java, but does handle file/folder uploads natively\\ |
| FireFox - c32bit supports java, 64bit does not. So 32bit can sue the java applet for folder uploads, 64bit cannot. Natively it can upload files though.\\ |
| IE - Only handles drag and drop starting with IE11. IE is slow in all operations due to its poor rendering speed on javascript. Chrome is *much* faster in many areas. But IE can still run Java applets.\\ |
| At line 18 added 5 lines |
| OSX Limitations:\\ |
| Chrome - No longer supports Java, but it natively can handle folders.\\ |
| Safari / FireFox - No drag and drop to the advanced mode applet. Apple/Oracle block all DND operations to Java applets in the browser. It can support file uploads though.\\ |
|
| Resume is supported in the advanced mode, as well as the HTML5 upload mode Chrome, and Edge support. |
| At line 37 added one line |
| ---- |
| At line 39 added 7 lines |
| __Q: Is CrushFTP HIPPA certified?__ |
|
| A: CrushFTP is not HIPPA compliant by default, but can be 'hardened' in a few simple steps, to be HIPPAA compliant. Practically, we need to use latest Java with JCE policy files installed then remove the plain HTTP ports, set enforce FTP to FTPES or use FTPS, disable all insecure SSL cyphers, possibly set <fips140>false</fips140> to true in the main config file, prefs.XML. That and paired with on premises hosting will make crush HIPPAA compliant ( actually we have quite a large number of customers from within healthcare environments). Please see our related docs, let us know if need further info |
|
| [Hardening]\\ |
| [JCEInstall]\\ |
| [SSL]\\ |
| At line 47 added one line |
|
| At line 106 added 14 lines |
| __Q: How can I set the cookie notification?__ |
|
| A: You can go to the CrushFTP WebInterface Localizations folder and edit the en.js and update the fields below: |
|
| CookiePolicyNotificationText : "We use cookies on this site to facilitate your ability to login for technical reasons.", |
| CookiePolicyLinkText : "Cookie Policy", |
| CookiePolicyAcceptButtonText : "Accept", |
| CookiePolicyDismissButtonText : "Dismiss |
|
| In case want to disable this notification, can use this snippet on Prefernces->Webinterface->Custom javascript field |
|
| window.dontShowCookieNotification = true; |
| ---- |
|
| At line 125 removed one line |
| Download and install the Windows Server 2003 Support Tools |
| At line 155 added 9 lines |
| {{{ |
| netsh http add iplisten *your_iis_ip_goes_here* |
| net stop http /y |
| net start w3svc |
| }}} |
| \\ |
| \\ |
| For old servers, use this: Download and install the Windows Server 2003 Support Tools |
|
| At line 172 added one line |
| __Q: How do you stop Apache on OSX to bind to ports that are used by CrushFTP ?__ |
| At line 174 added 6 lines |
| A: Try and run the following command from terminal: |
| sudo launchctl unload -w /System/Library/LaunchDaemons/org.apache.httpd.plist |
|
|
| ---- |
|
| At line 155 changed one line |
| sudo launchctl remove /System/Library/LaunchDaemons/org.apache.httpd.plist |
| sudo launchctl remove /System/Library/LaunchDaemons/org.apache.httpd.plist\\ |
| \\ |
| For OSX 10.11+:\\ |
| {{{ |
| sudo launchctl unload -w /Applications/Server.app/Contents/ServerRoot/System/Library/LaunchDaemons/com.apple.serviceproxy.plist |
| }}} |
| ---- |
|
| __Q: How can I configure CrushFTP to use a proxy for its update check and download system?__ |
|
| A: In a shell prompt, do a startup command like this for a socks proxy: |
|
| java -Dhttps.proxyHost=192.168.1.50 -Dhttps.proxyPort=3128 -Xmx384M -jar plugins/lib/CrushFTPJarProxy.jar –d |
| ---- |
|
| __Q: How can I set up Symantec Endpoint Protection getting the email alerts to send out from CrushFTP.__ |
|
| A: You need to have the Custom Firewall Policy configured on the server -- in addition to the service running as domain admin. |
|
| Create a Separate Group on the Sep Server and dropp CrushFTP box into it. |
| Disable the inherit policies, then do a copy policy on the AntiVirus and Antispyware policy. |
|
| [attachents|FAQ/image001.png]\\ |
|
| Disable the Symantec Internet Email Auto-Protect on Server Policy |
| See pic for Server and where to see it on Client |
|
| [attachements|FAQ/image002.png]\\ |
|
| This is on the client – that is why it is greyed out. |
|
| [attachements|FAQ/image003.png] |
|
| Create Exceptions for the CrushFTP.exe and the Java.exe in the C:\Program Files\ on client and\or server policy |
|
| [attachemnts|FAQ/image004.png] |
|
| ---- |
|
| __Q: How can I configure NGINX proxy to forward uploads without buffering everything first?__ |
|
| # Ensure we allow large files to be uploaded for CrushFTP |
| client_max_body_size 10000M; |
|
| # Switch off buffering so large file uploaded are forwarded to CrushFTP immediately (otherwise just get an error) |
| proxy_request_buffering off; |
|
| (These settings can be placed in NGINX config in the http, server, or location sections, depending on what is best for your usage.) |
|
| ---- |
|
| __Q: How can I default my login page to another language?__ |
|
| You can go to the Admin>>Preferences>>Webinterface>>LoginPage tab and there add the below custom javascript as needed: |
| {{{ |
| window.showLanguageSelection = true; //true/false |
| window.showLanguageSelectionPos = "left"; //left/right |
| window.saveLanguageSelectionInCookie = true; //true/false |
| window.defaultWILanguage = "de"; //any one from : en,cs,da,nl,fr,de,hu,it,pl,es |
| window.detectBrowserLanguage = true; //true/false |
| }}} |
| ---- |
|
| __Q: Who did your voice over audio?__ |
|
| A: On some videos, but not all, we used Eli Wood & Co [http://eliwprod.com/]. They were fast and professional on their delivery! |
