CrushFTP Server

From Wikipedia, the free encyclopedia
Jump to: navigation, search
CrushFTP Server
Developer(s) CrushFTP, LLC
Stable release 7.1.0 / July 8, 2014
Operating system Mac OS X Linux Unix Windows
Type Secure Web file up/download, FTP server, HTTP server, SFTP Server, WebDAV Server
License Proprietary software
Website www.crushftp.com

CrushFTP is a proprietary multi-protocol, multi-platform file transfer server originally developed in 1999. CrushFTP is shareware with a tiered pricing model. It is targeted at home users on up to enterprise users.

Features[edit]

CrushFTP supports the following protocols: FTP, FTPS, SFTP, HTTP, HTTPS, WebDAV and WebDAV SSL. Additionally, although not a protocol, it has both AJAX/HTML5 and Java applet web interfaces for end users to manage their files from a web browser. CrushFTP uses a GUI for administration, but also installs as a daemon on Mac OS X, Linux, Unix, and as a service in Windows. It supports multihoming, multiple websites with distinct branding, hot configuration changes, OutLook Attachment interception, and GUI-based management of users and groups. Plugins are included for authentication against SQL databases, LDAP, Active Directory, and other custom methods. All settings are stored in XML files that can be edited directly, or with the web UI. If edited directly, CrushFTP notices the modification timestamp change and load the settings immediately without needing a server restart.

History of CrushFTP[edit]

CrushFTP was first published publicly around 1998.[1] Initial versions were FTP only. There were no connection restrictions in version 1.x. CrushFTP 2.x brought about virtual directories in a sense, while CrushFTP 3.x brought about a full virtual file system. It supported the ability to merge and mangle several file systems together regardless if they were from local folders, or another FTP site. It in a sense could even act as a proxy for other FTP servers. However the complications from all the potential issues that could go on from this was confusing. CrushFTP 3 introduced tiered pricing models.

CrushFTP 4 focused primarily on a cleaner interface and less confusing virtual file system. While it still seems to have some support for merging FTP sites with a local file system,[2] the support seems limited. CrushFTP 4 includes all of CrushFTP3's features. The learning curve from CrushFTP 3 to 4 is not steep. Updates in version 4 include a full HTTP server as well as the other supported protocols. Recent updates began recognizing connection differences between web browsers and FTP/SFTP clients, counting four web browser connections as only one user against the licensed limit.

CrushFTP 6 released in 2012[3] brought about major changes as the management and monitoring interface became entirely web based. Its interface is based on jQuery and jQueryUI. Multiple administrators can work concurrently, fixing the single admin limitation of prior versions.

CrushFTP 7 was released in early 2014. According to the what's new page[4] it adds a dashboard for server information, delegated role based administration, graphical job / event designer, MP4 movie streaming support using HTML5,[5] UPnP / PMP port forwarding and automatic external port validation testing, among many other features. Some features are available only to enterprise customers such as user synchronization and DMZ prefs synchronization between internal servers.

Features[edit]

  • DMZ feature to separate Internal and external server interfaces.
  • High availability, session replication and VIP capabilities.
  • Event based actions to trigger emails.
  • Job scheduler, visual flow designer, manage and move files across protocols
  • WebInterface allowing on the fly zipped uploads and downloads
  • WebInterface supports image thumbnail generation for live image previews [6]
  • Drill down into folders on the WebInterface, delete, or rename.
  • Custom usage reports that can be run on demand, or scheduled.
  • Live realtime GUI for monitoring active users, and their activity.
  • Web server supports Server Side Includes, and virtual domains.
  • SQL integration to store users and permissions in SQL database tables.
  • LDAP authentication integration.
  • Ability to launch custom shell scripts passing in arguments.
  • DDOS protection
  • Detailed audit logging and log rolling.
  • Custom web upload forms for collecting additional information with file uploads.
  • Bandwidth limiters.
  • Internal statistic gathering.
  • User and group inheritance on a per setting level.
  • Max login time, idle time.
  • Max upload, download, and minimum download speed.
  • Quotas and ratios.
  • Max download amount per session, day, or month.
  • Auto account expirations.
  • Restricted IP ranges for connections.
  • Custom events including running a plugin or sending an email.
  • Localized into many languages.
  • Supports various encodings including UTF-8.
  • Can do Virtual File System (VFS) linking to merge several file systems together in one.
  • Supports FTP's MODE Z for compressed transfers.

Plugins[edit]

  • CrushLDAPGroup authenticates against an LDAP servers, including Active Directory.
  • CrushTask has a long list of tasks it can perform. AS2, Copy, Delete, Email, Execute, Find, Jump, HTTP, MakeDirectory, Move, PGP, PopImap, Preview, Rename, SQL, Unzip, Wait, WriteFile, Zip and an unknown Custom task.
  • MagicDirectory allows creating users by just making a folder. Non administrator type personnel can create users easily.

Development[edit]

Continuous product released since 1999, the development has shown continuous improvements in the product.

Authentication Options[edit]

  • Built-in user database consisting of XML files describing the user and Virtual File System access.
  • Active Directory
  • LDAP
  • SQL Tables
  • HTTP Basic Authentication
  • HTTP Form Based Authentication

Security[edit]

Encryption is supported for files "at rest" using PGP, as well as for passwords using an MD5 or SHA, SHA512, MD4 non-reversible hash. SFTP uses SSH for encryption, and FTPS uses SSL/TLS for encryption.

There has been a single published vulnerability in CrushFTP 2.1.4 in 2001.[7]

See also[edit]

References[edit]

External links[edit]