Auto Block IP adresses based on country or threat level
CompletedWe currently have the ability to block IP addresses based only on the IP address.
I have been working with the ipstack API lately and note that it has the ability to return country codes as well as other security information such as if it as SSH attack host.
I think using this extra information to our advantage would be an excellent upgrade to the IP Manager menu.
I work for a business that only has legitimate dealings with 4 countries, it would be powerful for us to only allow access to our site from these 4 countries, and would help mitigate risk in leaving SSH on the default port as it is constantly being probed.
-
Official comment
Hello everyone,
Thank you all for your interest in this feature. I'm excited to announce that geoblocking based on country is now available in Cerberus FTP Server 12.11. You can read more about it here:
Cerberus FTP Server 12.11 Introduces Connection Country Restrictions
As always, we'd love to hear your feedback regarding what you think about the new geoblocking capability.
Sincerely,
Grant
-
This would be extremely useful for us as well.
3 -
On the old forum, see this link, geolocation blocking was mentioned as a then upcoming feature of 10.0. We would be very interested in implementing this. Is this feature still planned?
0 -
Hello, Jason.
No immediate plans at the moment to add geofencing. It is still on the road map but the timeline for release isn't known right now.
0 -
Geo-fencing would be great, and having a check box or something to mark the web interface so its not indexed by search engines if at all possible.
0 -
Hi Ray,
The checkbox for not indexing is a good idea, but in the meantime you can drop a robots.txt file in the:
C:\Program Files\Cerberus LLC\Cerberus FTP Server\webadmin\client
folder. That is the root of the Cerberus web server for the web client and will provide an option for telling search engines to not index your site.
0 -
Have there been any changes to whether or not this feature is on the roadmap?
0 -
I too would like this feature and want to see it on the roadmap very soon!
0 -
I expect, with the email I'm about to send to my manager, that this feature is one that she'd ask me about if I didn't already put in the email that it's not available, it is on the roadmap, but with no arrival time.
0 -
Steve, as you can see from the comments, there are several comments over the last 3 years asking for this feature. Especially with the uptick in Cyber-Attacks and Cyber-Crime, especially from Russia and China (as well as other "Bad Actors"), this would most assuredly be used by most of your users if it were available.
Please try to impress on your manager just how widespread the Cyber Threat problem is and how extremely useful this feature would be. I'm sure that most of your users would turn this feature on immediately if it were available.
Sincerely, Mat Jackmond (longtime user)
1 -
Mat - just to clarify - I'm a customer too ;)
Given our business and user base, I think we could safely geofence out anything not in the U.S. with the possible exception of Canada.
Steve
0 -
Wanted to bump this thread as it would be a great QoL addition.
0 -
+1 Geofencing feature extremely needed please... Thanks!
0 -
Hello Yohann W., thanks for your comment. You will be happy to hear that this has been under development and is imminent. I recommend you sign up for our 'Software and Security' updates newsletter at https://www.cerberusftp.com/contact/mailing-lists/ for notification of when this will be released. We will also be posting a comment here when this feature is available.
0 -
Thanks for continuing to add feedback on this feature and upvoting it. I just wanted to expand a bit on Ian's comments. We've been noting the interest in this capability for a while, and I'm excited to share that blocking or allowing connections based on the country the connection originates from is coming in our next minor release.
These new features are already complete and are in final review and testing in preparation for our next update (12.11). Geofencing by country will leverage our existing geolocation integration with the commercial ipstack service to enable administrators to enable geoblocking in one of two modes:
- Allow only countries specified to connect -OR-
- Deny countries specified from connecting
We will continue to refine and improve this capability as we receive feedback from customers, although we believe the initial release will be quite full featured and expect it will meet most customer's needs. We are considering supporting other commercial geolocation service APIs in future releases (depending on feedback).
1 -
Really appreciated thank you very much for your feedback!
0 -
We are happy to announce Cerberus FTP version 12.11, which includes Geoblocking.
You can find more information about the version here:
https://www.cerberusftp.com/cerberus-ftp-server-12-11-introduces-connection-country-restrictions/
Please enjoy it, and feel free to reach out if you have any questions
0
Please sign in to leave a comment.
Comments
17 comments