change FTP IP
Ability to select FTP IP for subscriptions on Windows.
Currently Subscriptions and FTP use the same IP.
Thank you for your input!
Could you please explain your request in more detail and tell us which scenarios you want to enable with this functionality?
He wants to set a different IP for FTP connections. If your hardware firewall have session limit, FTP file transfers will cause your IP get blocked. It is neccessary for every decent hosting company.
Joe Payne commented
We need this as well. We are unable to pass PCI compliance scans for customer domains when FTPS is enabled on our Plesk-Windows server. This is because customer domains respond to port 21 queries since both websites and domains share the same IP address (SNI).
PCI compliance requires that FTP connections be encrypted including the authentication portion. On WIndows Server, the only option is FTPS which requires a specific SSL certificate in order to provide TLS encryption during FTP sessions. However, in a shared environment using SNI, the server will always have the hosting providers SSL cert assigned to the FTP service. Yet port 21 is still accessible on the customer domain because both websites and domains are listening on the same single IP address.
So when pci compliance scans mydomain.com port 21, it receives an ssl cert from myhostingprovider.com. The scan immediately fails compliance because the domain being scanned does not match the domain name in the FTPS ssl certificate.
Having the ability to put FTP service on a different IP address resolves the issue for all domains in any multi-domain environment. It also improves security against other port scanners looking for vulnerabilities against a specific domain name.