When multiple domains point to same host, user accounts can be restricted to a certain domain only, following these steps:
- change the HTTP server item's User Connection Group to @AutoHostHttp on Preferences -> Ip/Servers page
- add new user connection groups named as the domain FQDN (wst0.intranet.local and wst0.intranet2.local in this example)
- add new login page entries on Preferences -> Webinterfcace page, Options panel, as the domain FQDN prepended with an asterisk (*)
and/or
It is the critical condition the login html file stem to match the exact domain name, and the Connection Group. The extension must always be .html. As per above example wst0.intranet.local.html and wst0.intranet.local.
It is not mandatory the actual login html files to exist, but if these do, can be customized for each domain to have it's own custom look and feel. For that, duplicate the original login.html file, change the logo reference, CSS code, etc. Careful not to remove any critical HTML tags or script components.
Now we can select a User Connection group in User Manager and add user accounts into. These accounts will be restricted to log only when accessing one of these domain URLs.
A special use case of usage is when only one CrushFTP server instance is used as a forward FTPProxy in front of multiple FTP servers belonging to different domains. You need to add a template account into each user connection group set up as described in this article.
Another special use case is integrating this setup within a DMZ scenario. In this situation we'll need to create and assign on the internal server an loopback port item for each domain connection group ( like port 8080 for wst0.intranet.local and port 8081 wst0.intranet2.local following the above example). On the DMZ node we create the same login.html entries on Preferences->Webinterface->Options page, as above, create the domain connection groups on Preferences->IP/servers page and in User Manager we add an 'template' account into each . The template accounts should have their VFS item pointed to the corresponding loopback HTTP port item . The public facing HTTP port item on DMZ has to be assigned to the @AutoHostHTTP connection group.
Add new attachment
List of attachments
Kind | Attachment Name | Size | Version | Date Modified | Author | Change note |
---|---|---|---|---|---|---|
png |
Clipboard01.png | 402.2 kB | 1 | 25-Oct-2018 04:31 | Ben Spink | |
png |
Clipboard02.png | 554.7 kB | 1 | 25-Oct-2018 04:31 | Ben Spink | |
png |
Clipboard03.png | 280.2 kB | 1 | 25-Oct-2018 04:31 | Ben Spink | |
png |
Clipboard04.png | 157.6 kB | 1 | 25-Oct-2018 04:31 | Ben Spink |