How to Restrict FTP Access by IP (via IIS)

APPLIES TO:
  • Windows Servers with IIS 7 and above
  • Dedicated Server
  • Shared Hosting (will need to contact Support)
REQUIREMENTS:
  • You must have a dedicated IP address on your hosting subscription, as the rule will be applied specifically to that address. See the following article for more information on getting a dedicated IP address:
 
Basic FTP service is provided for all of our hosting, and is not restricted in any way. Those with security in mind may wish to restrict access to their FTP accounts to only a few select IP addresses. This can be done in IIS, though you cannot allow entire IP ranges in this manner. Once these changes are in place, only connections from the specified IP address will be accepted to the FTP server on your dedicated IP address and accounts.
This method is best used when you or your developer have a static IP address that they will be accessing your site and hosting from as dynamic addresses may change too often to make this method practical (but not impossible).
 

HOW TO ADD IP RESTRICTIONS FOR AN FTP SITE

 
  1. Open Internet Information Services (IIS) Manager.
    • If you are using Windows Server 2012 or Windows Server 2012 R2:
      On the taskbar, click Server Manager, click Tools, and then click Internet Information Services (IIS) Manager.
       
    • If you are using Windows Server 2008 or Windows Server 2008 R2:
      On the taskbar, click Start, point to Administrative Tools, and then click Internet Information Services (IIS) Manager.
       
  2. In the Connections pane, expand the server name, expand Sites, and then select the FTP site or URL for which you want to add IP restrictions. In this case, it will be the dedicated IP assigned to the site you’re restricting access to (not the site name).
  3. In the Home pane, double-click the FTP IPv4 Address and Domain Restrictions icon.
  4. In the FTP IPv4 Address and Domain Restrictions feature, click Edit Feature Settings in the Actions pane. A new window will pop up, allowing you to select Allow or Deny. Select Deny and click Ok. Once this is complete, all connections to your FTP accounts will be blocked (for now).

     
  5. In the Actions pane, click Add Allow Entry. In the Specific IP Address field, enter your desired IP address to allow access to your FTP accounts and click OK. You may also choose to configure the allow rule for A range of IP addresses, however we do not recommend this as it reduces the security of this process.
  6. You should test that you are able to connect properly from the IP specified, as well as testing to make sure that other connections are being rejected (try to connect from a different workstation or network). If all of the above steps have been completed, your FTP accounts should now be secured by the IP(s) that you specified.

Add Feedback