Skip to content

Joe Payne

My feedback

2 results found

  1. 83 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    Joe Payne supported this idea  · 
  2. 10 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    Joe Payne supported this idea  · 
    An error occurred while saving the comment
    Joe Payne commented  · 

    We need this as well. We are unable to pass PCI compliance scans for customer domains when FTPS is enabled on our Plesk-Windows server. This is because customer domains respond to port 21 queries since both websites and domains share the same IP address (SNI).

    PCI compliance requires that FTP connections be encrypted including the authentication portion. On WIndows Server, the only option is FTPS which requires a specific SSL certificate in order to provide TLS encryption during FTP sessions. However, in a shared environment using SNI, the server will always have the hosting providers SSL cert assigned to the FTP service. Yet port 21 is still accessible on the customer domain because both websites and domains are listening on the same single IP address.

    So when pci compliance scans mydomain.com port 21, it receives an ssl cert from myhostingprovider.com. The scan immediately fails compliance because the domain being scanned does not match the domain name in the FTPS ssl certificate.

    Having the ability to put FTP service on a different IP address resolves the issue for all domains in any multi-domain environment. It also improves security against other port scanners looking for vulnerabilities against a specific domain name.

Feedback and Knowledge Base