Search

GlobalSCAPE Knowledge Base

Adjust IP Access Rule Count Limit and IP Auto Ban List limit

Last Week
Karla Marsh
EFT

THE INFORMATION IN THIS ARTICLE APPLIES TO:

  • EFT Server Enterprise version 6.4 and later
  • EFT v8.0 adds advanced properties to an AdvancedProperties.json file instead of the registry.

When you upgrade from EFT v7.4.x to EFT v8, the non-default settings that you have defined in the registry will be added to the Advanced Properties file during upgrade. (Default settings become part of the EFT configuration files.) For a more on how to use advanced properties, and a spreadsheet of the advanced properties, please refer to the "Advanced Properties" topic in the help for your version of EFT.

DISCUSSION

  • Prior to v8, IP Access-related Event Rules are limited to 1000 rules, 10,000 or 50,000, depending on version. When clients upgrade and have 1000+ denied IP addresses, it immediately overflows the rule count and they cannot create new rules.
  • In v8.x and later, IP Access-related Event Rules are limited to 5,000 rules. This can be increased with the advanced properties IPRulesLimit and AutobanLimit, however, you could experience performance issues at higher limits. If the limit is reached, rather than not adding the IP, EFT performs a FIFO operation, adding the newly banned IPs, and removing the oldest banned IP (ONLY for auto-banned IPs; manually added IPs cannot be automatically removed.) If an IP had to be removed, a WARNING is sent to the eft.log, indicating that a new IP has been added, and oldest IP has been dropped as the list is full. The DMZ Gateway has a correspondingly large list to handle any IPs passed to it by EFT.

You can add the following advanced properties to allow you to increase this limit so you can edit the existing rule set.

In EFT v8 and later:

Add the name:value pair to the AdvancedProperties.JSON file.

{
"AutobanLimit": 5,000
"IPRulesLimit": 5,000
}

In versions prior to v8.0:

64-bit OS: HKEY_LOCAL_MACHINE\Software\WOW6432Node\GlobalSCAPE Inc.\EFT Server 4.0

DWORD: IPRulesLimit

Accepts values from 0 to 100,000; default is 5,000

and

DWORD: AutobanLimit

Accepts values from 0 to 100,000; default is 5,000

It is not necessary to restart the server for the changes to take effect.

Share Article

On a scale of 1-5, please rate the helpfulness of this article



Not Helpful
Very Helpful
Optionally provide additional feedback to help us improve this article...

Thank you for your feedback!


Comments require login or registration.

Details
Last Modified: Last Week
Last Modified By: kmarsh
Type: ERRMSG
Rated 1 star based on 8 votes.
Article has been viewed 63K times.
Options
Print Article
Export As PDF
Also In This Category
Tags
AutobanLimit
can't create event rules
IPRulesLimit
upgrade
Customer Support Software By InstantKB 2020 Final
Execution: 0.000. 9 queries. Compression Disabled.