Solved Simple files transfer across the web

Hi,

Since much time, I have an FTP server. Its use is to allow some people, given they have the credential, to download some files on this server. It's very basic, I use only one user/password to do that.

With some delay, I realized that the FTP protocol has been withdrawn of almost all browsers. So, it's no more convenient to use it for people that just know using Windows and surfing on the internet. It only remains http/https protocols.

I'm looking for an HTTP interface to this FTP server or a software to download/upload files with a simple browser (written in PHP for example).

I know there is ownCloud and others in the same idea, but it seems to me too much for my needs. I would like to know if there is a simpler solution.
 
Is sftp a possibility, or do you think it would be a pain to teach your users. Although, I think that ftp/filezilla now has an sftp option, and it's pretty much point and drool, if I remember correctly.
 
Thank you.
That's not the kind of beast I was expected, theses are more of a Dropbox thing.
But yeah that can do the job even though we changed the road we were taking at first.
 
I like the idea of "a simple web server" you were talking about combined with a file browser like one of those:

I did some test with one or two few months ago.
It worked fine, it was easier do use for non-tech people, but the only thing people can do with it is: browse and download.
IIRC in order to upload I had to copy files myself through 'scp' into the server, that's where this solution is limited, well at that time I didn't find any other solution but may be there is one ?
 
For download you can use a simple web-server. For upload you might need a commercial product.

Hmm I am interested to know what application can do that, do you have a link please ?

No commercial product necessary. You can upload using a form like

<form action="upload.tcl" method="post" enctype="multipart/form-data">
...
<input type="file" name="file" size="50" multiple>
...

An example of upload script here:

 
Thanks for your suggestions. I'm afraid I have to write some PHP code to interface the FTP server.
It will be long and I'm not a security specialist.
 
It will be long and I'm not a security specialist.
Not long, as you see in my upload.tcl script above.

And perhaps php has a method for separating the parts of a multipart/form-data stream given by the script
(that is what my mpart2tar.c do)
 
Not long, as you see in my upload.tcl script above.

And perhaps php has a method for separating the parts of a multipart/form-data stream given by the script
(that is what my mpart2tar.c do)
Upload isn't a mandatory requirement for the HTTP server since it's reserved to me. I can still use FTP for that.
 
I realized that the FTP protocol has been withdrawn of almost all browsers.
FTP has been discontinued/withdrawn for good reason, it's not safe! It's easy to sniff people's usernames and passwords, and it's also possible for someone to inject malware into downloads. Even uploading using FTP is dangerous. Anybody could sniff your password and login, and then your system is vulnerable.

If at all possible, you should switch to SFTP (secure FTP). That might be easier than you think, depending on the software you're using. And browsers still support SFTP.

There's no simple solution, and you'll have a steep learning curve no matter how you solve the problem. Just be prepared to put some effort in!
 
Only firefox seems to support sftp. Chrome and Edge do not (at least by default). So, it isn't a solution.
Maybe I should try to activate secure layer on my ftp, but I'm not paranoid. Maybe black hats don't want to waste their time to download my music and films.
 
Only firefox seems to support sftp. Chrome and Edge do not (at least by default). So, it isn't a solution.
Ah, fair enough, I only use Firefox and it's derivatives (I live a google-free life).


I'm not paranoid. Maybe black hats don't want to waste their time to download my music and films.
It's not about being paranoid. There aren't actual people attacking individual machines, it's all automated. Bots don't sleep, and they're not interested in your music. But they are interested in using your machine to spam us, or to take part in bot-nets. Using FTP to upload files might result in you contributing to DDoS attacks on me.

It's like being vaccinated. It's not just about you, it's also about protecting the community you live in. Whenever anybody thinks "I'm not worth hacking", they're effectively ensuring they're a bot-net node in waiting.
 
I have different layers of security: non standard port, sort of port knocking to open the access and the FTP is in a jail. All the softwares are up to date.

All incoming and outcoming paquets are filtered and partially logged by a pfSense firewall (also up to date, of course).

Few chances an upload or an attack will remain unseen.
 
if you already run apache on that box you can enable webdav
Thanks, I didn't know that. But, I don't run Apache. No web server on this machine, so to speak.

diizzy

However, I have tested miniserve in a jail and it works great. There is a problem I can't solve, it is the handling of mime-type. In a browser, documents like text and picture are displayed and not downloaded. I know this is the expected behaviour from the miniserve author's point of view, but I would like to force the mime-type to application/octet-stream in order to avoid that. Not sure it's possible.

Anyway, this can be a solution if one can download movies and mp3. I have to do some additional testings.
 
if you already run apache on that box you can enable webdav
That is interesting. But it is a solution at http level, not html level than mine.

Do you think enabling webdav in apache is enough? One needs a client. Do you know a simple one?
 
That is interesting. But it is a solution at http level, not html level than mine.

Do you think enabling webdav in apache is enough? One needs a client. Do you know a simple one?
on mac and windows (or kde / gnome) you just mount https://host/dir
haven't used it recently but i remember it worked on mac and windows
or maybe sysutils/fusefs-webdavfs/
 
I don't run Apache. No web server on this machine, so to speak.
There is 'sshfs' as a solution otherwise, it gives you the possibility of browsing (with a file manager GUI or CLI) the mounted remote filesystem through ssh.
It's quite handy, and IIRC quicker than 'webdav' (webdav tends to be sloggish because of its speed, that's what I remember of it).
 
Back
Top