Joe Payne
My feedback
2 results found
-
84 votes
Thank you for your input! We will consider this functionality in upcoming releases if it will be popular.
Everyone, please continue voting for this feature if you consider it important.— rk
Joe Payne
supported this idea
·
-
10 votesJoe Payne
supported this idea
·
An error occurred while saving the comment
We need this as well. We are unable to pass PCI compliance scans for customer domains when FTPS is enabled on our Plesk-Windows server. This is because customer domains respond to port 21 queries since both websites and domains share the same IP address (SNI).
PCI compliance requires that FTP connections be encrypted including the authentication portion. On WIndows Server, the only option is FTPS which requires a specific SSL certificate in order to provide TLS encryption during FTP sessions. However, in a shared environment using SNI, the server will always have the hosting providers SSL cert assigned to the FTP service. Yet port 21 is still accessible on the customer domain because both websites and domains are listening on the same single IP address.
So when pci compliance scans mydomain.com port 21, it receives an ssl cert from myhostingprovider.com. The scan immediately fails compliance because the domain being scanned does not match the domain name in the FTPS ssl certificate.
Having the ability to put FTP service on a different IP address resolves the issue for all domains in any multi-domain environment. It also improves security against other port scanners looking for vulnerabilities against a specific domain name.