Microsoft KB Archive/216760

= IIS: FTP Users Will Still Be Prompted for Credentials Even From a Restricted IP Address =

Article ID: 216760

Article Last Modified on 6/22/2005

-

APPLIES TO


 * Microsoft Internet Information Server 3.0
 * Microsoft Internet Information Server 4.0
 * Microsoft Internet Information Services 5.0

-



This article was previously published under Q216760



We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 6.0 running on Microsoft Windows Server 2003. IIS 6.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/prodtech/IIS.mspx



SYMPTOMS
When users connect to an IIS FTP server from a restricted IP address, they will still be prompted for credentials.

For example, you have an FTP site at 192.168.1.1 with IP Address and Domain Restrictions, by default, set to denied access. If a user from a denied IP connects to your FTP server, he will be prompted for credentials. Once the user logs into the server, he will receive an access denied message from the server.



CAUSE
Once an FTP connection is established, a client/server handshake must take place before anything else can be done. Part of this handshake is obtaining the username and password to be used for the connection. Once the necessary handshake is finished, then the IP restrictions are checked.

Keywords: KB216760

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.