k heitz
asked on
Cloudflare and FTP
Hi Experts ~
I have been tasked with applying Cloudflare to our domains and sub-domains.
I've been 98% successful except for one sub-domain that uses ftp.
The s/w connecting to this sub-domain is failing. It appears Cloudflare doesn't work with FTP and a fix is to have the s/w use the IP instead of the sub-domain, however this s/w is managed thru an external party and making that change has proven problematic to roll out. As a result, I've re-verted back to our GoDaddy DNS service until we can solve the problem.
When I configured the DNS records in Cloudflare, I enabled the security layer. The record looks like the attached.
My question, does any know if I clear the security layer, will the DNS resolve? (e.g. when I hear 'Cloudflare doesn't work with FTP' is that referring to the security layer? or just in general?).
Thanks in advance for any insight or advice.
dom.ftp.bmp
I have been tasked with applying Cloudflare to our domains and sub-domains.
I've been 98% successful except for one sub-domain that uses ftp.
The s/w connecting to this sub-domain is failing. It appears Cloudflare doesn't work with FTP and a fix is to have the s/w use the IP instead of the sub-domain, however this s/w is managed thru an external party and making that change has proven problematic to roll out. As a result, I've re-verted back to our GoDaddy DNS service until we can solve the problem.
When I configured the DNS records in Cloudflare, I enabled the security layer. The record looks like the attached.
My question, does any know if I clear the security layer, will the DNS resolve? (e.g. when I hear 'Cloudflare doesn't work with FTP' is that referring to the security layer? or just in general?).
Thanks in advance for any insight or advice.
dom.ftp.bmp
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you!!
1) it publishes passwords (passwords are sent unencrypted) accross wires.
2) it uses multiple connections for transfer of data, where a firewall or proxy in the middle needs to monitor the command channel to see what the real 2nd connection will become... and act accordingly with setting up NAT, Filters or proxy to act on behalf of a backend in coordination with that backend. (this prevents using encryption on the command channel).
3) data is not encrypted during transmission, which might allow it to be altered (without being noticed), or looked into).
You can lookup fwtk (Firewall Toolkit) to find a ftp proxy.
So unless very specific measures are taken to explicitely support FTP, it will be cumbersome at best.
Please try to avoid FTP and replace it with something else.
sftp / scp (using filetransfers accross a SSH tunnel ) might be a replacement.
Using HTTPS uploads can be a solution. (A form can contain a complete file as one of the "fields").