Search

GlobalSCAPE Knowledge Base

Adjust IP Access Rule Count Limit and IP Auto Ban List limit

Karla Marsh
EFT

THE INFORMATION IN THIS ARTICLE APPLIES TO:

  • EFT Server Enterprise version 6.4 and later
  • EFT v8.0 adds advanced properties to an AdvancedProperties.json file instead of the registry. Refer to your version of EFT v8.x help for information about editing the AdvancedProperties.json file.

DISCUSSION

By default, IP Access-related Event Rules are limited to 1000 rules, 10,000 or 50,000, depending on version. When clients upgrade and have 1000+ denied IP addresses, it immediately overflows the rule count and they cannot create new rules.

In v8.x and later, IP Access-related Event Rules are limited to 50,000 rules. This can be increased with the advanced properties IPRulesLimit and AutobanLimit, however, you could experience performance issues at higher limits. If the limit is reached, rather than not adding the IP, EFT performs a FIFO operation, adding the newly banned IPs, and removing the oldest banned IP (ONLY for auto-banned IPs; manually added IPs cannot be automatically removed.) If an IP had to be removed, a WARNING is sent to the eft.log, indicating that a new IP has been added, and oldest IP has been dropped as the list is full. The DMZ Gateway has a correspondingly large list to handle any IPs passed to it by EFT.

You can add the following advanced properties to allow you to increase this limit so you can edit the existing rule set.

64-bit OS: HKEY_LOCAL_MACHINE\Software\WOW6432Node\GlobalSCAPE Inc.\EFT Server 4.0

DWORD: IPRulesLimit

Accepts values from 0 to 100,000; default is 5,000

and

DWORD: AutobanLimit

Accepts values from 0 to 100,000; default is 5,000

It is not necessary to restart the server for the changes to take effect.

Details
Last Modified: 2 Months Ago
Last Modified By: kmarsh
Type: ERRMSG
Rated 1 star based on 7 votes.
Article has been viewed 52K times.
Options
Also In This Category
Tags