4.5.2.1. Configuring policies for FTP commands and responses

Changing the default behavior of commands can be done by using the hash attribute request, indexed by the command name (e.g.: USER or PWD). There is a similar attribute for responses called response, indexed by the command name and the response code. The possible values of these hashes are shown in the tables below. See Section 2.1, Policies for requests and responses for details. When looking up entries of the response attribute hash, the lookup precedence described in Section 2.1.2, Response codes is used.

ActionDescription
FTP_REQ_ACCEPT Allow the request to pass.
FTP_REQ_REJECT Reject the request with the error message specified in the second optional parameter.
FTP_REQ_ABORT Terminate the connection.

Table 4.3.  Action codes for commands in FTP

ActionDescription
FTP_RSP_ACCEPT Allow the response to pass.
FTP_RSP_REJECT Modify the response to a general failure with error message specified in the optional second parameter.
FTP_RSP_ABORT Terminate the connection.

Table 4.4.  Action codes for responses in FTP

Example 4.2. Customizing FTP to allow only anonymous sessions

This example calls a function called pUser (defined in the example) whenever a USER command is received. All other commands are accepted. The parameter of the USER command (i.e. the username) is examined: if it is 'anonymous' or 'Anonymous', the connection is accepted, otherwise it is rejected.

class AnonFtp(FtpProxy):
        def config(self):
                self.request["USER"] = (FTP_REQ_POLICY, self.pUser)
                self.request["*"] = (FTP_REQ_ACCEPT)

        def pUser(self,command):
                if self.request_parameter == "anonymous" or self.request_parameter == "Anonymous":
                        return FTP_REQ_ACCEPT
                return FTP_REQ_REJECT