SonicOS 7.1 Rules and Policies for Classic Mode
Table of Contents
Blocking FTP Commands
You can use App Rules to ensure that your FTP server is read-only by blocking commands such as put, mput, rename_to, rename_from, rmdir, and mkdir. This use case shows a match object containing only the put command, but you could include all of these commands in the same match object.
To block FTP commands
-
Create a match object that matches on the put command. Because the
mputcommand is a variation of theputcommand, a match object that matches on theputcommand is also matched on themputcommand.
-
Optionally, you can create a customized FTP notification action that sends a message to the client; for example:
-
Create a policy that references this match object and action. If you prefer to simply block the
putcommand and reset the connection, you can select the Reset/Drop action when you create the policy.
