IP Access Rule Settings

In addition to the ICIAutobanIPAccessRule Interface, ICIBannedIP Interface Interface, and ICIManualIPAccessRule Interface, there are also other settings in the ICIServer Interface, ICISite Interface, ICIClientSettings Interface, and Enum Reference.

In the ICIServer Interface:

  • Sub AddIPAccessRule (bstrMask As String, bAllow As Boolean, nRulePos As Long)

  • Adds allowed or denied IP mask for administration.

    HRESULT AddIPAccessRule(
    [in] BSTR bstrMask,
    [in] VARIANT_BOOL bAllow,
    [in] long nRulePos) //position in list (0 is first)
    [in] BSTR bstrComment (added in v7.5)

    Example (VBScript):

    oServer.AddIPAccessRule("1.2.3.4", false, 2, reason)

    EFT v6.3 and later

  • Function GetIPAccessRules() As Variant

  • Retrieve an array of administration IP address access rules.

    HRESULT GetIPAccessRules([out, retval] VARIANT *aMasks);

    Example (VBScript):

    rules = oServer.GetIPAccessRules()
    For Each key In rules
    If key.type = 0 Then
    WScript.echo "AutoBan"
    End if
    If key.type = 1 Then
    WScript.echo "Manual " + key.address
    End if
    Next

    EFT v6.3 and later

  • Property IPAccessAllowedDefault As Boolean

  • Retrieves or specifies the default IP Access restriction list.

    HRESULT IPAccessAllowedDefault([out, retval] VARIANT_BOOL *pVal);
    HRESULT IPAccessAllowedDefault([in] VARIANT_BOOL newVal);

    True = All IP addresses are allowed except those specified

    False = All IP addresses are denied except those specified

    All versions

  • Sub MoveIPAccessRule(nRulePosFrom As Long, nRulePosTo As Long)

  • Changes allowed administration IP access rule position.

    HRESULT MoveIPAccessRule(
    [in] long nRulePosFrom, //initial position
    [in] long nRulePosTo); //new position

    Example (VBScript):

    oServer.MoveIPAccessRule(1,2)

    EFT v6.3 and later

  • Sub RemoveIPAccessRule (nRulePos As Long)

  • Removes an allowed or denied IP mask for administration.

    HRESULT RemoveIPAccessRule([in] long nRulePos); //position

    Example (VBScript):

    oServer.RemoveIPAccessRule(0)

    EFT v6.3 and later

  • Sub UnbanIP(bstrMask As String)

  • Removes denied IP mask from Autoban list for administration.

    (Does not remove manually banned IPs. Use RemoveIPAccessRule instead.)

    HRESULT UnbanIP([in] BSTR bstrMask); //mask to remove

    Example (VBScript):

    oServer.UnbanIP("1.2.3.4")

    EFT v6.3 and later

In the ICISite Interface:

  • Sub AddIPAccessRule(bstrMask As String, bAllow As Boolean, nRulePos As Long)

  • Adds allowed or denied IP mask for the Site.

    HRESULT AddIPAccessRule(
    [in] BSTR bstrMask,
    [in] VARIANT_BOOL bAllow,
    [in] long nRulePos);

    Example (VBScript):

    oSite.AddIPAccessRule("1.2.3.4", false, 2)

    All versions

  • Property AutoBanIPsPermanently As Boolean

  • Retrieves or specifies whether to automatically ban IP addresses permanently.

    HRESULT AutoBanIPsPermanently([out, retval] VARIANT_BOOL *pVal);
    HRESULT AutoBanIPsPermanently([in] VARIANT_BOOL newVal);

    True=Permanently; False=Temporarily

    All versions

  • Property BanIPForInvalidLoginAttempts As Boolean

  • When banning an IP address for invalid login attempts, specify whether to count incorrect username and correct username + incorrect password or only incorrect username attempts.

    HRESULT BanIPForInvalidLoginAttempts([out, retval] VARIANT_BOOL* pVal);
    HRESULT BanIPForInvalidLoginAttempts([in] VARIANT_BOOL newVal);

    TRUE = Count both 'incorrect username' and 'correct username + incorrect password'

    FALSE = Count only incorrect username attempts

    EFT v6.4 and later

  • Property BanIPForInvalidLoginAttemptsWithExistingUsername As Boolean

  • Retrieves or specifies whether to ban an IP address after excessive invalid login attempts with existing username and wrong password.

    HRESULT BanIPForInvalidLoginAttemptsWithExistingUsername([out, retval] VARIANT_BOOL* pVal);
    HRESULT BanIPForInvalidLoginAttemptsWithExistingUsername([in] VARIANT_BOOL newVal);

    EFT v6.4 and later

  • Property BanIPOnDOS As Boolean

  • Retrieves or specifies whether to ban an IP address after excessive invalid commands.

    HRESULT BanIPOnDOS([out, retval] VARIANT_BOOL *pVal);
    HRESULT BanIPOnDOS([in] VARIANT_BOOL newVal);

    True=Enabled; False=Disabled

    All versions

  • Function GetIPAccessRules() As Variant

  • Retrieves an array of allowed IP masks.

    HRESULT GetIPAccessRules([out, retval] VARIANT *aMasks);

    Example (VBScript):

    rules = oSite.GetIPAccessRules()
    For Each key In rules
    If key.type = 0 Then
    WScript.echo "AutoBan"
    End if
    If key.type = 1 Then
    WScript.echo "Manual " + key.address
    End if
    Next

    EFT v6.3 and later

  • Property InvalidLoginAttemptsCountToBanIP As Long

  • Retrieves or specifies the number of login attempts after which to ban the IP address.

    HRESULT InvalidLoginAttemptsCountToBanIP([out, retval] long* pVal);
    HRESULT InvalidLoginAttemptsCountToBanIP([in] long newVal);

    EFT v6.4 and later

  • Property IPAccessAllowedDefault As Boolean

  • Retrieves or specifies whether IP access is allowed by default.

    HRESULT IPAccessAllowedDefault([out, retval] VARIANT_BOOL *pVal);
    HRESULT IPAccessAllowedDefault([in] VARIANT_BOOL newVal);

    True = Allowed; False = Denied

    All versions

  • Property MaxInvalidLoginAttemptsPeriodToBanIP As Long

  • Retrieves or specifies the period during which to count invalid login attempts.

    HRESULT MaxInvalidLoginAttemptsPeriodToBanIP([out, retval] long* pVal);
    HRESULT MaxInvalidLoginAttemptsPeriodToBanIP([in] long newVal);

    EFT v6.4 and later

  • Sub MoveIPAccessRule(bstrMask As String, bAllow As Boolean, nRulePos As Long)

  • Changes allowed or denied IP mask position for the Site.

    HRESULT MoveIPAccessRule([in] long nRulePosFrom,[in] long nRulePosTo);

    Example (VBScript):

    oSite.MoveIPAccessRule(1,2)

    EFT v6.3 and later

  • Sub RemoveIPAccessRule(nRulePos As Long)

  • Removes allowed or denied IP mask for the Site.

    HRESULT RemoveIPAccessRule([in] long nRulePos);

    Example (VBScript):

    oSite.RemoveIPAccessRule(0)

    All versions

  • Sub UnbanIP(bstrMask As String) (read only)

  • Removes denied IP mask from the Autoban list for the Site.

    (Does not remove manually banned IPs. UseRemoveIPAccessRule instead.)

    HRESULT UnbanIP([in] BSTR bstrMask //mask to remove);

    Example (VBScript):

    oSite.UnbanIP("1.2.3.4")

In the ICIClientSettings Interface:

  • Sub AddIPAccessRule(bstrMask As String, bAllow As Boolean, [nRulePos As Long])

  • Adds allowed (true) or denied (false) IP mask for the client.

    HRESULT AddIPAccessRule([in] BSTR bstrMask,
    [in] VARIANT_BOOL bAllow,
    [in] long nRulePos);

    VARIANT_BOOL equals TRUE(-1) when it is allowed and FALSE(0) when it is denied

    Example (C#):

    client.AddIPAccessRule("1.1.1.2", true, 0);

    EFT v5.1.1 and later

  • Function GetIPAccessRules() As Variant

  • Retrieves an array of client/template IP Access rules.

    HRESULT GetIPAccessRules([out, retval] VARIANT *aMasks);

    Example (VBScript):

    The following script would retrieve a list of all IP addresses that have been banned automatically for a user or Settings template.

    rules = oClientSettings.GetIPAccessRules()
    For Each key In rules
    If key.type = 0 Then
    WScript.echo "AutoBan"
    End if
    If key.type = 1 Then
    WScript.echo "Manual " + key.address
    End if
    Next

    EFT v6.3 and later

  • Function GetLimitAccessByIP([pInherited]) As Boolean

  • Determines if the IP Access Restriction List is enabled on the Settings Template or user account.

    HRESULT GetLimitAccessByIP(
    [out, optional] VARIANT *pInherited,
    [out, retval] VARIANT_BOOL *pVal);

    VARIANT_BOOL equals True(-1) = Enabled; False(0) = Disabled

    Example (VBScript):

    If client.GetLimitAccessByIP Then
    MsgBox "client’s Limit Access by IP is on"
    End If

    EFT v6.1 and later

  • Property IPAccessAllowedDefault As Boolean

  • Specify or retrieve whether user or Settings Template IP access settings allow or deny access by default (if no rule match).

    HRESULT IPAccessAllowedDefault([out, retval] VARIANT_BOOL *pVal);
    HRESULT IPAccessAllowedDefault([in] VARIANT_BOOL newVal);

    VARIANT_BOOL equals True(-1) = Allow; False(0) = Deny

    EFT v5.1.1 and later

  • Sub MoveIPAccessRule(nRulePosFrom As Long nRulePosTo As Long)

  • Change allowed IP access rule position.

    HRESULT MoveIPAccessRule([in] long nRulePosFrom,[in] long nRulePosTo);

    VARIANT_BOOL True(-1) = Enabled; False(0) = Disabled

    Example (VBScript):

    oClientSettings.MoveIPAccessRule(1,2)

    EFT v6.3 and later

  • Sub RemoveIPAccessRule(nRulePos As Long)

  • Remove the IP access rule.

    HRESULT RemoveIPAccessRule([in] long nRulePos);

    Example (VBScript):

    oClientSettings.RemoveIPAccessRule(0)

    EFT v5.1.1 and later

  • Sub SetLimitAccessByIP(val As SFTPAdvBool)

  • Specify whether Limit Access by IP is on for the Settings Template or user account.

    HRESULT SetLimitAccessByIP([in] SFTPAdvBool val);

    SFTPAdvBool

    • abFalse = 0

    • abInherited = -2

    • abTrue = 1

    Example (VBScript):

    client.SetLimitAccessByIP abInherit

    Example (VBScript); assigns IP address 1.1.1.1 to a client as an allowed IP address:

    client.AddIPAccessRule "1.1.1.1", True 'Assign 'Allowed 'IP

    EFT v6.1 and later

In the Enum Reference:

IPAccessRuleType (v6.3 and later)

Server.GetIPAccessRules, Site.GetIPAccessRules, and Client.GetIPAccessRules return the array of ICIIPAccessRule (which can be either Manual or Autoban); ICIAutobanIPAccesRule.BannedIPs is the array of ICIBannedIP. All are read-only properties; to modify IP Access, use the corresponding methods of Server, Site, or Client (Move, Remove, Unban, etc).

  • AutobanIPRule = 0

  • ManualIPRule = 1

Example (VBScript):

rules = oServer.GetIPAccessRules()
For Each key In rules
If key.type = 0 Then
WScript.echo "AutoBan"
End if
If key.type = 1 Then
WScript.echo "Manual " + key.address
End if
Next