IP Access Rule Settings
In addition to the ICIAutobanIPAccessRule Interface, ICIBannedIP Interface Interface, and ICIManualIPAccessRule Interface, there are also other settings in the ICIServer Interface, ICISite Interface, ICIClientSettings Interface, and Enum Reference.
In the ICIServer Interface:
-
Sub AddIPAccessRule (bstrMask As String, bAllow As Boolean, nRulePos As Long)
Adds allowed or denied IP mask for administration.
HRESULT AddIPAccessRule( [in] BSTR bstrMask, [in] VARIANT_BOOL bAllow, [in] long nRulePos) //position in list (0 is first) [in] BSTR bstrComment (added in v7.5)
Example (VBScript):
oServer.AddIPAccessRule("1.2.3.4", false, 2, reason)
EFT v6.3 and later
Function GetIPAccessRules() As Variant
Retrieve an array of administration IP address access rules.
HRESULT GetIPAccessRules([out, retval] VARIANT *aMasks);
Example (VBScript):
rules = oServer.GetIPAccessRules() For Each key In rules If key.type = 0 Then WScript.echo "AutoBan" End if If key.type = 1 Then WScript.echo "Manual " + key.address End if Next
EFT v6.3 and later
Property IPAccessAllowedDefault As Boolean
Retrieves or specifies the default IP Access restriction list.
HRESULT IPAccessAllowedDefault([out, retval] VARIANT_BOOL *pVal); HRESULT IPAccessAllowedDefault([in] VARIANT_BOOL newVal);
True = All IP addresses are allowed except those specified
False = All IP addresses are denied except those specified
All versions
Sub MoveIPAccessRule(nRulePosFrom As Long, nRulePosTo As Long)
Changes allowed administration IP access rule position.
HRESULT MoveIPAccessRule( [in] long nRulePosFrom, //initial position [in] long nRulePosTo); //new position
Example (VBScript):
oServer.MoveIPAccessRule(1,2)
EFT v6.3 and later
Sub RemoveIPAccessRule (nRulePos As Long)
Removes an allowed or denied IP mask for administration.
HRESULT RemoveIPAccessRule([in] long nRulePos); //position
Example (VBScript):
oServer.RemoveIPAccessRule(0)
EFT v6.3 and later
Sub UnbanIP(bstrMask As String)
Removes denied IP mask from Autoban list for administration.
(Does not remove manually banned IPs. Use RemoveIPAccessRule instead.)
HRESULT UnbanIP([in] BSTR bstrMask); //mask to remove
Example (VBScript):
oServer.UnbanIP("1.2.3.4")
EFT v6.3 and later
In the ICISite Interface:
-
Sub AddIPAccessRule(bstrMask As String, bAllow As Boolean, nRulePos As Long)
Adds allowed or denied IP mask for the Site.
HRESULT AddIPAccessRule( [in] BSTR bstrMask, [in] VARIANT_BOOL bAllow, [in] long nRulePos);
Example (VBScript):
oSite.AddIPAccessRule("1.2.3.4", false, 2)
All versions
Property AutoBanIPsPermanently As Boolean
Retrieves or specifies whether to automatically ban IP addresses permanently.
HRESULT AutoBanIPsPermanently([out, retval] VARIANT_BOOL *pVal); HRESULT AutoBanIPsPermanently([in] VARIANT_BOOL newVal);
True=Permanently; False=Temporarily
All versions
Property BanIPForInvalidLoginAttempts As Boolean
When banning an IP address for invalid login attempts, specify whether to count incorrect username and correct username + incorrect password or only incorrect username attempts.
HRESULT BanIPForInvalidLoginAttempts([out, retval] VARIANT_BOOL* pVal); HRESULT BanIPForInvalidLoginAttempts([in] VARIANT_BOOL newVal);
TRUE = Count both 'incorrect username' and 'correct username + incorrect password'
FALSE = Count only incorrect username attempts
EFT v6.4 and later
Property BanIPForInvalidLoginAttemptsWithExistingUsername As Boolean
Retrieves or specifies whether to ban an IP address after excessive invalid login attempts with existing username and wrong password.
HRESULT BanIPForInvalidLoginAttemptsWithExistingUsername([out, retval] VARIANT_BOOL* pVal); HRESULT BanIPForInvalidLoginAttemptsWithExistingUsername([in] VARIANT_BOOL newVal);
EFT v6.4 and later
Property BanIPOnDOS As Boolean
Retrieves or specifies whether to ban an IP address after excessive invalid commands.
HRESULT BanIPOnDOS([out, retval] VARIANT_BOOL *pVal); HRESULT BanIPOnDOS([in] VARIANT_BOOL newVal);
True=Enabled; False=Disabled
All versions
Function GetIPAccessRules() As Variant
Retrieves an array of allowed IP masks.
HRESULT GetIPAccessRules([out, retval] VARIANT *aMasks);
Example (VBScript):
rules = oSite.GetIPAccessRules() For Each key In rules If key.type = 0 Then WScript.echo "AutoBan" End if If key.type = 1 Then WScript.echo "Manual " + key.address End if Next
EFT v6.3 and later
Property InvalidLoginAttemptsCountToBanIP As Long
Retrieves or specifies the number of login attempts after which to ban the IP address.
HRESULT InvalidLoginAttemptsCountToBanIP([out, retval] long* pVal); HRESULT InvalidLoginAttemptsCountToBanIP([in] long newVal);
EFT v6.4 and later
Property IPAccessAllowedDefault As Boolean
Retrieves or specifies whether IP access is allowed by default.
HRESULT IPAccessAllowedDefault([out, retval] VARIANT_BOOL *pVal); HRESULT IPAccessAllowedDefault([in] VARIANT_BOOL newVal);
True = Allowed; False = Denied
All versions
Property MaxInvalidLoginAttemptsPeriodToBanIP As Long
Retrieves or specifies the period during which to count invalid login attempts.
HRESULT MaxInvalidLoginAttemptsPeriodToBanIP([out, retval] long* pVal); HRESULT MaxInvalidLoginAttemptsPeriodToBanIP([in] long newVal);
EFT v6.4 and later
Sub MoveIPAccessRule(bstrMask As String, bAllow As Boolean, nRulePos As Long)
Changes allowed or denied IP mask position for the Site.
HRESULT MoveIPAccessRule([in] long nRulePosFrom,[in] long nRulePosTo);
Example (VBScript):
oSite.MoveIPAccessRule(1,2)
EFT v6.3 and later
Sub RemoveIPAccessRule(nRulePos As Long)
Removes allowed or denied IP mask for the Site.
HRESULT RemoveIPAccessRule([in] long nRulePos);
Example (VBScript):
oSite.RemoveIPAccessRule(0)
All versions
Sub UnbanIP(bstrMask As String) (read only)
Removes denied IP mask from the Autoban list for the Site.
(Does not remove manually banned IPs. UseRemoveIPAccessRule instead.)
HRESULT UnbanIP([in] BSTR bstrMask //mask to remove);
Example (VBScript):
oSite.UnbanIP("1.2.3.4")
In the ICIClientSettings Interface:
-
Sub AddIPAccessRule(bstrMask As String, bAllow As Boolean, [nRulePos As Long])
Adds allowed (true) or denied (false) IP mask for the client.
HRESULT AddIPAccessRule([in] BSTR bstrMask, [in] VARIANT_BOOL bAllow, [in] long nRulePos);
VARIANT_BOOL equals TRUE(-1) when it is allowed and FALSE(0) when it is denied
Example (C#):
client.AddIPAccessRule("1.1.1.2", true, 0);
EFT v5.1.1 and later
Function GetIPAccessRules() As Variant
Retrieves an array of client/template IP Access rules.
HRESULT GetIPAccessRules([out, retval] VARIANT *aMasks);
Example (VBScript):
The following script would retrieve a list of all IP addresses that have been banned automatically for a user or Settings template.
rules = oClientSettings.GetIPAccessRules() For Each key In rules If key.type = 0 Then WScript.echo "AutoBan" End if If key.type = 1 Then WScript.echo "Manual " + key.address End if Next
EFT v6.3 and later
Determines if the IP Access Restriction List is enabled on the Settings Template or user account.
HRESULT GetLimitAccessByIP( [out, optional] VARIANT *pInherited, [out, retval] VARIANT_BOOL *pVal);
VARIANT_BOOL equals True(-1) = Enabled; False(0) = Disabled
Example (VBScript):
If client.GetLimitAccessByIP Then MsgBox "client’s Limit Access by IP is on" End If
EFT v6.1 and later
Property IPAccessAllowedDefault As Boolean
Specify or retrieve whether user or Settings Template IP access settings allow or deny access by default (if no rule match).
HRESULT IPAccessAllowedDefault([out, retval] VARIANT_BOOL *pVal); HRESULT IPAccessAllowedDefault([in] VARIANT_BOOL newVal);
VARIANT_BOOL equals True(-1) = Allow; False(0) = Deny
EFT v5.1.1 and later
Sub MoveIPAccessRule(nRulePosFrom As Long nRulePosTo As Long)
Change allowed IP access rule position.
HRESULT MoveIPAccessRule([in] long nRulePosFrom,[in] long nRulePosTo);
VARIANT_BOOL True(-1) = Enabled; False(0) = Disabled
Example (VBScript):
oClientSettings.MoveIPAccessRule(1,2)
EFT v6.3 and later
Sub RemoveIPAccessRule(nRulePos As Long)
Remove the IP access rule.
HRESULT RemoveIPAccessRule([in] long nRulePos);
Example (VBScript):
oClientSettings.RemoveIPAccessRule(0)
EFT v5.1.1 and later
Sub SetLimitAccessByIP(val As SFTPAdvBool)
Specify whether Limit Access by IP is on for the Settings Template or user account.
HRESULT SetLimitAccessByIP([in] SFTPAdvBool val);
SFTPAdvBool
-
abFalse = 0
-
abInherited = -2
-
abTrue = 1
Example (VBScript):
client.SetLimitAccessByIP abInherit
Example (VBScript); assigns IP address 1.1.1.1 to a client as an allowed IP address:
client.AddIPAccessRule "1.1.1.1", True 'Assign 'Allowed 'IP
EFT v6.1 and later
In the Enum Reference:
IPAccessRuleType (v6.3 and later)
Server.GetIPAccessRules, Site.GetIPAccessRules, and Client.GetIPAccessRules return the array of ICIIPAccessRule (which can be either Manual or Autoban); ICIAutobanIPAccesRule.BannedIPs is the array of ICIBannedIP. All are read-only properties; to modify IP Access, use the corresponding methods of Server, Site, or Client (Move, Remove, Unban, etc).
-
AutobanIPRule = 0
-
ManualIPRule = 1
Example (VBScript):
rules = oServer.GetIPAccessRules() For Each key In rules If key.type = 0 Then WScript.echo "AutoBan" End if If key.type = 1 Then WScript.echo "Manual " + key.address End if Next