CrushFTP Server
Developer(s) | CrushFTP, LLC |
---|---|
Stable release | 7.4.0 / November 02, 2015 |
Operating system | OS X, Linux, Unix, Windows |
Type | Secure Web file up/download, FTP server, HTTP server, SFTP Server, WebDAV Server |
License | Proprietary software |
Website | www.crushftp.com |
CrushFTP is a proprietary multi-protocol, multi-platform file transfer server originally developed in 1999. CrushFTP is shareware with a tiered pricing model. It is targeted at home users on up to enterprise users.
Features
CrushFTP supports the following protocols: FTP, FTPS, SFTP, HTTP, HTTPS, WebDAV and WebDAV SSL. Additionally, although not a protocol, it has both AJAX/HTML5 and Java applet web interfaces for end users to manage their files from a web browser. CrushFTP uses a GUI for administration, but also installs as a daemon on Mac OS X, Linux, Unix, and as a service in Windows. It supports multihoming, multiple websites with distinct branding, hot configuration changes, OutLook Attachment interception, and GUI-based management of users and groups. Plugins are included for authentication against SQL databases, LDAP, Active Directory, and other custom methods. All settings are stored in XML files that can be edited directly, or with the web UI. If edited directly, CrushFTP notices the modification timestamp change and load the settings immediately without needing a server restart.
History of CrushFTP
CrushFTP was first published publicly around 1998.[1] Initial versions were FTP only. There were no connection restrictions in version 1.x. CrushFTP 2.x brought about virtual directories in a sense, while CrushFTP 3.x [2] brought about a full virtual file system. It supported the ability to merge and mangle several file systems together regardless if they were from local folders, or another FTP site. It could even act as a proxy for other FTP servers. However the complications from all the potential issues that could go on from this was confusing. CrushFTP 3 introduced tiered pricing models.
CrushFTP 4 focused primarily on a cleaner interface and less confusing virtual file system. While it still seems to have some support for merging FTP sites with a local file system,[3] the support seems limited. Updates in version 4 included a full HTTP server as well as the other supported protocols. Later updates began recognizing connection differences between web browsers and FTP/SFTP clients, counting four web browser connections as only one user against the licensed limit.
[4] CrushFTP 5 continued the evolution of the WebInterface with various iterations. It used a [5] flash interface briefly before replacing it with a HTML/AJAX interface. CrushFTPv5 was the last version to still use a thick client Java Swing UI.[6] Version 6 moved to an all web browser UI.
[7] CrushFTP 6 released in 2012 brought about major changes as the management and monitoring interface became entirely web based. Its interface is based on jQuery and jQuery UI. Multiple administrators can work concurrently, fixing the single admin limitation of prior versions. It had image thumbnail support[8] and file replication and synching.
CrushFTP 7 was released in early 2014. According to the what's new page[9] it adds a dashboard for server information, delegated role based administration, graphical job / event designer, MP4 movie streaming support using HTML5,[10] UPnP / PMP port forwarding and automatic external port validation testing, among many other features. Some features are available only to enterprise customers such as user synchronization and DMZ prefs synchronization between internal servers.
Features
- DMZ feature to separate Internal and external server interfaces.
- High availability, session replication and VIP capabilities.
- Event based actions to trigger emails.
- Job scheduler, visual flow designer, manage and move files across protocols. Pass a list of found files from one step to the next, filtering items out, multithreading multiple steps simultaneously, and monitoring in realtime the progress of the job visually and with realtime logging. [11]
- Scriptable command line CrushClient with support for FTP(ES)/ SFTP/ HTTP(s)[12]
- Supports many back end protocols for file storage, including FTP(ES), SMB, SFTP, HTTP(s), WebDAV, and S3 [13]
- WebInterface allowing on the fly zipped uploads and downloads
- WebInterface supports image thumbnail generation for live image previews [14]
- Drill down into folders on the WebInterface, delete, or rename.
- Custom usage reports that can be run on demand, or scheduled.
- Live realtime dashboard UI for monitoring server health, active users, and their activity.
- Web server supports Server Side Includes, and virtual domains.
- SQL integration to store users and permissions in SQL database tables.
- LDAP authentication integration.
- SAML SSO authentication integration.
- Ability to launch custom shell scripts passing in arguments.
- DDOS protection
- Detailed audit logging and log rolling. Syslog or DB logging for a secondary server with replicated log data (audit purposes)
- Custom web upload forms for collecting additional information with file uploads which can be passed to jobs and events.
- Bandwidth limiters.
- Internal statistic gathering.
- User and group inheritance on a per setting level.
- Max login time, idle time.
- Max upload, download, and minimum download speed.
- Quotas and ratios.
- Max download amount per session, day, or month.
- Auto account expirations.
- Restricted IP ranges for connections.
- Custom events including running a plugin or sending an email.
- Localized into many languages.
- Supports various encodings including UTF-8.
- Can do Virtual File System (VFS) linking to merge several file systems together in one.
- Supports FTP's MODE Z for compressed transfers.
Plugins
- CrushLDAPGroup authenticates against an LDAP servers, including Active Directory.
- CrushTask has a long list of tasks it can perform. AS2, Copy, Delete, Email, Execute, Find, Jump, HTTP, MakeDirectory, Move, PGP, PopImap, Preview, Rename, SQL, Unzip, Wait, WriteFile, Zip and an unknown Custom task.
- MagicDirectory allows creating users by just making a folder. Non administrator type personnel can create users easily.
Development
Continuous product released since 1999, the development has shown continuous improvements in the product.
Authentication options
- Built-in user database consisting of XML files describing the user and Virtual File System access.
- Active Directory
- LDAP
- SAML
- SQL tables
- HTTP Basic Authentication
- HTTP Form Based Authentication
Security
Encryption is supported for files "at rest" using PGP, as well as for passwords using an MD5 or SHA, SHA512, MD4 non-reversible hash. SFTP uses SSH for encryption, and FTPS uses SSL/TLS for encryption.[15] SHA-2 hashing algorithms are supported. Hashes can be salted with random salt values.
There has been a single published vulnerability in CrushFTP 2.1.4 in 2001.[16]
See also
References
- ↑ http://www.crushftp.com/support.html
- ↑ http://macguild.org/reviews/review089.html
- ↑ https://groups.yahoo.com/neo/groups/crushftp3support/conversations/messages/2795
- ↑ http://www.serverwatch.com/server-reviews/article.php/3854336/Getting-Started-With-CrushFTP.htm
- ↑ http://www.crushftp.com/crush5wiki/Wiki.jsp?page=FlashUploads
- ↑ http://www.crushftp.com/crush5wiki/Wiki.jsp?page=Main
- ↑ http://www.macnn.com/articles/12/04/12/server.tech.gets.real.time.sync.multiple.admins/
- ↑ http://www.techrepublic.com/blog/five-apps/five-cost-effective-and-easy-to-setup-ftp-servers-for-your-desktop/
- ↑ http://www.crushftp.com/crush7wiki/Wiki.jsp?page=CrushFTP7New
- ↑ http://www.macnn.com/articles/14/02/11/web.interface.gets.html5.video.zip.file.support/
- ↑ http://www.crushftp.com/CrushFTP_White_Paper.pdf
- ↑ http://www.crushftp.com/crush7wiki/Wiki.jsp?page=CrushClient
- ↑ http://www.crushftp.com/crush7wiki/Wiki.jsp?page=VFS%20Protocols
- ↑ http://anewdomain.net/2012/09/12/crushftp-6-enterprise-a-fast-ftp-server-with-lots-of-extras-review/
- ↑ https://www.digicert.com/sha-2-compatibility.htm
- ↑ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0582