Apache HTTP Server Version 2.4
Apache HTTP Server Version 2.4
The File Transfer Protocol (FTP) is a classic
standard for transfer of files and records over a TCP/IP network. It
was defined by Jon Postel and Joyce Reynolds in RFC 959,
which was released in 1985. This means that FTP precedes the HTTP
protocol that is usually associated with the Apache server by more
than half a decade. The mod_ftp module brings support
for FTP to the Apache server and includes several updates to the
original protocol. Most notably, mod_ftp implements FTP
over Transport Layer Security (TLS) as described in RFC
4217.
On this manual page, a brief technical overview of the FTP protocol
is provided, followed by a discussion of the FTP implementation by
mod_ftp.
mod_ssl
The File Transfer Protocol (FTP) is designed to facilitate bi-directional transfer of files and records between hosts on a TCP/IP network. Unlike HTTP, the FTP protocol is stateful: the client establishes a Control Connection for the duration of an FTP session that typically spans multiple data transfers.
FTP uses a separate TCP connection for data transfer. Commands are issued and acknowledged over the Control Connection, a TCP connection to well-known port 21. If the user issues a command that requires a response more elaborate than a one-line response code, a Data Connection is established between the client and the server. The response data—the contents of a file or a directory listing—is sent over that data connection.
Historically, the data connection was established from the server back to the client. The client would bind to an arbitrary port, and then transmit its IP address and the port number to the server using the PORT command. The server then set up a data connection to that port on the client host, whereupon the client issues the data transfer command. This approach is referred to as Active FTP (since the server acts to set up the data connection). Unfortunately, active FTP does not work well with firewalls and Network Address Translation (NAT) because incoming connections are often blocked. In the case of NAT, the client only instructs the server to connect to its internal, non-routable IP address. Some firewalls and NAT routers support the FTP protocol, but this support is not universal. In cases where FTP is supported, these devices can rewrite the PORT command and establish ad-hoc access rules for FTP data connections.
Because of these limitations, an alternative approach was developed in which the direction of the data connection is reversed. This is known as Passive FTP. Before starting a data transfer, the client issues a PASV command. The server binds to an arbitrary port number and transmits its IP address and that port number back to the client. The client then sets up a data connection to this address and port on the server, and issues the data transfer command. Passive FTP is more firewall-friendly than Active FTP, because client-side firewalls are typically more lenient on outgoing connections than inbound ones.
While it is possible for FTP to support unauthenticated sessions,
in practice all sessions are authenticated. Typically, FTP servers
authenticate against the user database of the server on which they
run. To facilitate downloads by the general public, FTP servers
generally support a special username (by convention "anonymous"
or "ftp") to provide read-only access. Users are asked (but
often not required) to provide their e-mail address as response to the
Password prompt.
For more information on the basic functionality of the FTP protocol please refer to RFC 959 or Wikipedia.