zFTPServer highlights

zFTPServer is a high performance managed file server for Windows (32-bit and 64-bit) with easy remote administration and fully integrated with all relevant file transfer protocols; FTP, FTPS, SFTP, TFTP and HTTPS. zFTPServer also runs with AD-integrated user login, has IPv6 support and is Microsoft Server 2012 R2-certified. zFTPServer also has support for HTTP Strict Transport Security and forward secrecy.

Read more about zFTPServer’s many features by clicking your way through the menu on the left.

zFTPServer supports the following plattforms:

  • Windows 10 (32-bit and 64-bit)
  • Windows 2012 R2 Server (64-bit)
  • Windows 8.1 (32-bit and 64-bit)
  • Windows 2012 Server (64-bit)
  • Windows 8 (32-bit and 64-bit)
  • Windows RT (via .NET edition)
  • Windows 2008 R2 Server (64-bit)
  • Windows 7 (32-bit and 64-bit)
  • Windows 2008 Server (32-bit and 64-bit)

Active Directory Integration

Enable ftp access for Windows users. zFTPServer handles Windows or Active directory authentication automatically without the need to manually import users and sync user data. zFTPServer can also override and complement user data, offering powerful, simplified management, and superior ease of use.


Available authentication methods

  • Using an Active Directory / Domain
  • Using a Windows Server (Local or Remote)

Multi-Domain support and Trusts
You may specify several domains (separated with pipe "|"); easily enabling AD trust relationships.

Additions to the Account management
Accounts or entire groups in zFTPServer can be connected to Windows accounts or security groups. If applied to users, it specifies certain account settings like login limits, bandwidth management, and special home directory contents. If applied to groups, it specifies defaults to all users belonging to that Windows group, making management of thousands accounts a breeze (using for instance the %USERNAME% token as a resource path).

Seamless authentication at login
Accounts and settings in zFTPServer always takes precedence and thus zFTPServer checks if the user...
... 1. exist as a regular account in zFTPServer?
... 2. exist as a Windows-connected account in zFTPServer?
... 3. pass Windows authentication?

After aquiring the relevant user data a regular login-attempt to the ftp server is performed. This means that restrictions and security settings can be specified in zFTPServer on accounts (users and groups) that are connected to Windows-accounts and thus effectively enforce all these powerful features of zFTPServer onto the Windows-accounts trying to login to the FTP server.

Windows account impersonation
Using this extension, it is possible to run each connection as the corresponding Windows user - effectively making all Windows access rights and security restrictions apply seamlessly. This means that a folder only a certain Windows user can read can be read by the ftp server pretending to be that user after the user has successfully connected to the ftp server. Of course, this also applies to network paths (UNC), making management a breeze.

Tight integration
Also, using the special Active Directory tokens (%AD_HOMEDIR%, %AD_COMMENT%, %AD_SCRIPT%), setting up management for Windows users is really a breeze. For example, if you specify the home directory in zFTPServer for the Windows integrated zFTPServer group "Domain users" to use %AD_HOMEDIR% as a resource path, all users will automatically have their own home directories.

Actually, the power of this extension goes way beyond anything currently on the market for FTP servers. Despite all this power, it is still a very elegant and easy to use solution.

Two-way authentication

In need of two-way authentication to extend the security in your corporation for accessing heavily secured information outside the company walls? You can easily manage this by setting up a two-way authentication with zFTPServer.

You can set up two-way authentication in many ways, one way can be that the user who tries to access zFTPServer resources has to exist in an external database or perhaps the user also need to provide extra credentials via SMS.

Sample script can be found in the DocWiki.

Collaborate

With zFTPServer it's easy to work with others even within a decentralized group. With the collaborate feature the user can send invitations to his/her business partners and therefore work more efficiently. Even though the function seems equivalent to the so far more well-known Dropbox, Collaborate does what Dropbox does, but without using dropbox. This is of course a much more secure and therefore better way of communicating with files between multiple computers since it can assure that no other people/computers but the authenticated invited users gain access to the information.

Simply click on a folder or a file (if you collaborate on a file the folder containing the file will be set as collaborate) and choose Collaborate. Make your choices in the following dialogue, send the following link to the appropriate users and you're good to go.

For more information visit our DocWiki

HTTPS - Built in client

A built in webserver provides easy and secure access over HTTPS. Users can access their account using a browser; no special client software needed.


HTTPS uses a browser to transfer files. This provides a very different user experience from traditional FTP. The user will not need any FTP software. You can list, download, upload, delete and rename files using a regular webbrowser.

Accessible
Make your FTP server more accessible to the users. By not requiring any extra software your service becomes more appealing by lowering the threshold. Your service will also reach people when they're behind a firewall that blocks FTP.

Link to specific folders and files.
The URI scheme lets you link to the specific folder or file that you need. Just enter the address to the server followed by the path to your file and you are sent directly to it. If you are accessing the same resource regularly, you can quickly reach it through a bookmark.

Encrypted
HTTPS is an encrypted service, no information is sent in clear text. This means your communication is secure.

Powerful
The HTTPS service is integrated with all the features that come with zFTPServer. You get the Speed scheduler, Active Directory Integration, Events and much more.

HTTPS - Sharing and Receiving files

With zFTPServer it is easy to share files with friends and co-workers in a safe and secure way using URL-links. Select a file and create a download link or select a folder and create an upload link. Then simply send the link to those you want to give upload or download access to. They will not even need an account on the server!.

How people solved it in the old days, before zFTPServer: external link to xkcd strip 949


Features

  • Sharing – create a secure download link for direct download access to a file via HTTPS
  • Receiving – create a HTTPS link to one you your folders for others to use for secure uploading
  • Time limited and/or password secured download and upload links

It has never been easier to share your own files in a safe and secure way. Select the file you want to share and then click the Share button and you have created a download link. Just send the link to your co-worker or friend and they can download the file in any browser on any platform – just a click away with no special client software requirements. Same thing with receiving files into folders; select the folder and click Receive. The link leads to an upload page. You no longer need to attach large files to e-mails or use external services such as Dropbox, Microsoft SkyDrive or Google Drive to distribute files or let people upload files to you. On top of that; thanks to HTTPS all file transfers are automatically encrypted. For increased security, it is also possible to put a time limit, an expiration date, on sharing and receiving links.

Sharing and receiving is seamlessly integrated with the user settings and trigger appropriate events to use with proactive and reactive scripts. For example download/upload quotas are handled automatically by the server and you can for instance use scripts to invoke virus checks on files received from receiving links.

HTTPS - Customization

You can customize the way zFTPServer presents itself through the web browser by doing changes such as including your company logotype or modifying the URL for HTTPS.

Please observe that once the official support for altering the HTTPS layout has been implemented into GUI it might be necessary for you to migrate your changes into the new layout.

In the customization chapter of our DocWiki you can download customization templates. The templates should be placed as described below and modified to your needs.



All changes you do to these files will be immediately reflected on the published HTTPS interface, and if you simply remove these files zFTPServer will automatically revert to the original.

HTTPS - Drag-n-Drop

Amazing intergation with desktop, now you can easily upload files just by drag-n-drop them to your web browser.

Its even possibly to drag-n-drop multiple files, not only one file. User can now distribute files even faster because this eliminates the necessity to click in menus.


Individual overwrite prompts are being used when necessary.

SFTP

Securely transfer files using the firewall friendly SFTP protocol. With this extension zFTPServer will support not only FTPS (SSL/TLS) but also SFTP version 3, 4, 5, and 6 of the SSH file transfer protocol.


SFTP uses SSH to transfer files. Unlike standard FTP, it encrypts both commands and data, preventing passwords and sensitive information from being transmitted in clear text over the Internet. It is similar to FTP, but because it uses a different protocol, you must use a FTP client that supports SFTP.

Public/private key authentication
Since zFTPServer can handle public/private keys for authentication, for instance generated with PuTTYGen, it is very robust and secure. The client keeps the private key secure on the client's local computer and distributes the public key so that it may be imported into zFTPServer. zFTPServer will associate this public key with a user's account and use it to verify that the client is using the correct key pair, effectively authenticating the account. zFTPServer supports any combination of allowing or requiering a specific private key from the client in addition to providing a password or not. You may even specify several public keys.

IPv6

Support for fully transparent use of IPv6 in all server functions, including both full and minified addresses. zFTServer uses for instance EPSV/EPRT protocol extensions for FTP.


IPv6 (Next Generation Internet Protocol)
IPv4-addresses nearly depleted, IPv6 secures your future.
Stuck in IPv4?
- The world is growing and so is zFTPServer!

zFTPServer:

  • Fully transparent use of both IPv4 and IPv6.
  • IPv6 just works no fuzzy config needed, upgrade zFTPServer now.
  • IPv6 available in both Corporate and Enterprise editions.

Virtual Users Integration

Have zFTPServer integrate with any system for user authentication and configuration! With virtual script-based integration zFTPServer can connect to just about any data source (e.g. databases, management information systems, flat-files, ...) to verify and configure accounts. All you have to do is setup two access points; one for verifying that a user will be allowed access, and one that tells zFTPServer the user configuration (home directory structure, limitations, security settings, etc.).


User verification
This script (or program) is used to verify that a user is allowed to login. Your verification script can be supplied with any parameters you choose, but it's recommended that you at least include the two tokens "%USERNAME%" and "%PASSWORD%" to properly verify the user. Then simply use the standard return value to indicate to zFTPServer if this particular user will be allowed access into your system; return value of 0 means access is granted, and any other value denies access.

User configuration
This script (or program) is used to configure the user's setup. Your configuration script can be supplied with any parameters you choose, but it's recommended that you at least include the token "%USERNAME%" to properly know which user is requesting it's configuration. Then simply return a complete user setup to standard out, specifying anything you need like home directory structure, speed- or login-limitations, special security settings, etc. just like a regular account setup file.

Message Customization

Customize messages sent from the FTP Server to the connecting user. This enables the user to, for example, get information of loading statistics, server information and date and time of commands. For more advanced options, tokens and also to get scripting and external program execution ability buy the "Events and Messages"-extensions.


The following tokens are available:

Date / Time:

  • %YYYY% -Current year
  • %MM% -Current month, 2 numbers (01-12)
  • %M% -Current month (1-12)
  • %DD% -Current day, 2 numbers (01-31)
  • %D% -Current day (1-31)
  • %hh% -Current hour, 2 numbers (00-23)
  • %h% -Current hour (0-23)
  • %mm% -Current minute, 2 numbers (00-59)
  • %m% -Current minute (0-59)
  • %ss% -Current second, 2 numbers (00-59)
  • %s% -Current second (0-59)

Statistics:
  • %TOTAL_DOWNLOADED% -Total amount of data downloaded from the server
  • %TOTAL_UPLOADED% -Total amount of data uploaded to the server
  • %TOP_n_DOWNLOADERS% -Shows a list of the n top downloaders (n i explicitly defined, eg. %TOP_15_DOWNLOADERS% returns 15 largest downloaders)
  • %TOP_n_UPLOADERS% -Shows a list of the n top uploaders (n i explicitly defined, eg. %TOP_7_UPLOADERS% returns 7 largest uploaders)
  • %TOP_DOWNLOADER_n_USERNAME% -Shows the username of the n:th top downloader (n i explicitly defined, eg. %TOP_DOWNLOADER_8_USERNAME% returns the 8:th top downloader)
  • %TOP_DOWNLOADER_n_DOWNLOADED% -Shows the amount of data downloaded by the n:th top downloader (n i explicitly defined, eg. %TOP_DOWNLOADER_8_DOWNLOADED%)
  • %TOP_UPLOADER_n_USERNAME% -Shows the username of the n:th top uploader (n i explicitly defined, eg. %TOP_UPLOADER_14_USERNAME% returns the 14:th top uploader)
  • %TOP_UPLOADER_n_UPLOADED% -Shows the amount of data uploaded by the n:th top uploader (n i explicitly defined, eg. %TOP_UPLOADER_14_UPLOADED%)

Server:
  • %CONNECTIONS% -Shows the current number of connections to the server
  • %USERS_LOGGED_ON% -Shows the current number of users logged on to the server
  • %SW_NAME% -Current server program name
  • %SW_VERSION% -Current server program version
  • %SW_BUILD% -Current server program build

User:
  • %IP% -IP of the current user
  • %USERNAME% -Username of the current connected user

Events and Messages : Reactive

Have zFTPServer notify users or initiate actions when events occur using powerful scripting facilities! This extension allows zFTPServer to enforce user scriptable rules and policies such as virus checks on uploaded files, automatically transform between file formats, and to send notifications about special events.

Of course these events can be overridden on a per user/group level with system wide defaults.


The following events are included:

  • OnConnect -when a user connects
  • OnQuit -when a user sends QUIT
  • OnDisconnect -when a user disconnects
  • OnLoggedIn -when a user successfully logs in
  • OnChangeDirectory -when a user change directory
  • OnCreateDirectory -when a directory is created
  • OnRemoveDirectory -when a directory is removed
  • OnListDirectoryStart -when a file listing starts
  • OnListDirectoryEnd -when a file listing ends
  • OnDownloadStart -when a file download starts
  • OnDownloadEnd -when a file download ends
  • OnUploadStart -when a file upload starts
  • OnUploadEnd -when a file upload ends
  • OnRemoveFile -when a file is removed
  • OnRename -when a file or directory is renamed

The following tokens are included:

Scripting:
  • %EXECUTE(cmd)% -executes an external command (cmd), that may consist of other tokens and returns the result

User:
  • %GROUPS% -a single-quoted, space-separated list of groups that the current user is member of
  • %FTP_DIRECTORY% -FTP directory of current user
  • %LOCAL_DIRECTORIES% -a single-quoted, space-separated list of local directories of current FTP directory
  • %FTP_FILENAME% -last file accessed by user (FTP path)
  • %LOCAL_FILENAME% -last file accessed by user (local path)
  • %FTP_FILENAME_NEW% -new name of last file accessed by user (FTP path), used only during rename events
  • %LOCAL_FILENAME_NEW% -new name of last file accessed by user (local path), used only during rename events
  • %TRANSFERRED% -bytes transferred by user during last command
  • %FILESIZE% -size of last file accessed by user

Events and Messages : Proactive

Have zFTPServer react to events before they happen! With this extension you can specify before-scripts that limits access based on date/time, downloaded files or even information stored in external databases. Together with Reactive you have a full-fledged Integration Server. Your imagination is the limit!

Of course these events can be overridden on a per user/group level with system wide defaults.


The following events are included:

  • BeforeConnect -before a user connect
  • BeforeLoggedIn -before a user is authenticated
  • BeforeChangeDirectory -before a user change directory
  • BeforeCreateDirectory -before a directory is created
  • BeforeRemoveDirectory -before a directory is removed
  • BeforeListDirectory -before a file listing
  • BeforeDownload -before a download starts
  • BeforeUpload -before an upload starts
  • BeforeRemoveFile -before a file is removed
  • BeforeRename -before a file or directory is renamed

The following tokens are included:

Scripting:
  • %EXECUTE(cmd)% -executes an external command (cmd), that may consist of other tokens and returns the result

User:
  • %GROUPS% -a single-quoted, space-separated list of groups that the current user is member of
  • %FTP_DIRECTORY% -FTP directory of current user
  • %LOCAL_DIRECTORIES% -a single-quoted, space-separated list of local directories of current FTP directory
  • %FTP_FILENAME% -last file accessed by user (FTP path)
  • %LOCAL_FILENAME% -last file accessed by user (local path)
  • %FTP_FILENAME_NEW% -new name of last file accessed by user (FTP path), used only during rename events
  • %LOCAL_FILENAME_NEW% -new name of last file accessed by user (local path), used only during rename events
  • %TRANSFERRED% -bytes transferred by user during last command
  • %FILESIZE% -size of last file accessed by user

Speed Scheduler

Schedule server activity to idle time when you are away from the computer. Speed Scheduler allows administrators to throttle upload and download speeds limits based on rule sets and time constraints. Rules can of cource be ignored for local network access.


With Speed Scheduler you won't have to turn off zFTPServer during gaming sessions with your friends or suffer poor download speeds due to massive uploads. Speed scheduler allows multiple prioritized rules to be created so that speed limitations can be set to suite your every need.

Virtual Filesystem

Access directories, network shares and NAS-units seamlessly using FTP. zFTPServer can dynamically mount any disk or directory for any user or group. The virtual file system also allows administrators to map several directories resident on different servers or computers into a virtual directory accessible for users when they log in.

SSL/TLS Support

Secure your data transfers. Integrated encryption support using cutting edge standards (up to 256 bits AES) means zFTPServer is up for the task of securely managing business critical data. Support for professionally signed encryption certificates (like Verisign certificates) and self-signed keys are of course included.


With zFTPServer you can choose exactly which protocols you wish to use, we currently have support for the following protocols:
SSL 2.0, SSL 3.0.
TLSv1.0, TLSv1.1, TLSv1.2, TLSv1.3

For more information on TLS/SSL, please visit our DocWiki

Anti-Hammering

zFTPServer can automatically detect and block multiple connection attempts to for instance avoid brute force attacks.

Advanced IP-Access Management

Access rights with respect to IP adresses or domain names may be specified, granting or denying access from specific locations.

Advanced Account Expiration

Accounts expire on fulfillment of specific criteria, including date, after a specified number of days/weeks/months has passed, after a specified number of downloads have been performed, and more.

Powerful User & Group Management

Users and Groups may join multiple groups simultaneously. zFTPServer is flexible and innovative user and group rights management system coupled with scripting and other management features is the administrators dream.

UAC - User Account Control

Fully UAC compatible means zFTPServer runs without hazzle in Windows Vista / 7 / 8 / 8.1 and Windows Server 2008 / 2008 R2 / 2012 / 2012 R2.

  • Windows 2012 R2 Server (64-bit)
  • Windows 8.1 (32-bit and 64-bit)
  • Windows 2012 Server (64-bit)
  • Windows 8 (32-bit and 64-bit)
  • Windows RT (via .NET edition)
  • Windows 2008 R2 Server (64-bit)
  • Windows 7 (32-bit and 64-bit)
  • Windows 2008 Server (32-bit and 64-bit)
  • Minimal Resource Footprint

    zFTPServer is designed with minimal resource footprint in mind from the very beginning. Threading, separating the administration application from the server application, and careful allocation and deallocation of memory with no memory leakages, are some of the design choices and strategies implemented to minimize performance costs.

    Automatic Updates

    Get the latest version automatically or handle updates manually!

    API - Scripting Friendly

    Powerful scripting features means administrators or developers can access and control zFTPServer or even include zFTPServer as part of a data management or business support system. zFTPServer supports standard TCP/IP connections, making scripts easy to develop (e.g. create new accounts via php).

    Everything that can be excuted via the command line, can be scripted in zFTPServer. Use the tools your organization are familiar with, to integrate with zFTPserver. zFTPServer can provide the information available at the low level of the application, to allow for detailed scripting options.

    Sample scripts can be obtained here.

    Remote Administration

    Administer zFTPServer on the move! The server and the administrative interface are separated into two different applications enabling remote maintenance and administration of the server. Connect to your zFTPServer and configure it from anywhere in the world.

    Run as System Service

    Run your zFTPServer automatically as a system service or in application mode.

    Multiprocessor/Multicore

    Heavily threaded, each user login, download and upload operation runs threaded. This means the OS can distribute threads over several processors or cores. Strict memory allocation, deallocation, and resource control also means proper deallocation after completion of each operation.

    Optional Tray Applet

    To optimize performance, zFTPServer runs either as a regular application with a tray applet OR (preferably) as a system service. Running as a service we have chosen not to have a tray applet running. However zFTPServer Administration that connects, natively or remote, to your server minimizes to the tray with an active icon giving you an updated overview of the server state should you like.

    Registry Free (Optional)

    zFTPServer and zFTPServer Administration can run directly from a USB-stick on the fly, as zFTPServer, running in application mode makes no registry entries.

    Unicode using UTF-8

    Need support for foreign languages like Chinese and Russian. zFTPServer works internally with Unicode and supports UTF-8 mode to allow special (multibyte) characters when communicating with client software.

    Ultra Fast Transfer Speed

    World class performance with minimal system resource allocation! More than 11MB/sec. on average on 100MBit LAN means zFTPServer outperforms most windows ftp servers. Tests with 500 concurrent active users have been performed without any performance concerns (on a standard desktop PC).

    Passive Mode Host/IP

    Need to pass through a firewall? zFTPServer supports active and passive mode connections allowing administrators to specify both IP-adresses or host names for servers with dynamic ip adresses and/or behind firewalls (e.g. myserver.no-ip.com)

    Upload Balancing

    zFTPServer supports automatic upload balancing for virtual directories. Uploaded files end up where there is space.

    Site-to-Site (FXP)

    zFTPServer supports allowing or disallowing site-to-site transfers.

    Multilingual Interface

    zFTPServer Suite is currently available in English, Swedish, Italian, Traditional Chinese (Taiwan), Portuguese (Portugal), Slovak, Hungarian, German, French, Portuguese (Brazil), Simplified Chinese (P.R.C.), Czech, Russian, Ukrainian, Spanish (Traditional), Norwegian (Bokmål).

    Multi-Homed

    zFTPServer can handle different combinations of settings for ports and IPs including listening on the same port for all available IPs, listening on several ports for all available IPs and listening on several ports on specific IPs.

    Multiple domains with trusts

    If your company uses several Active Directory Domains you can configure zFTPServer to work with Active Directory Users from each domain.

    By doing this configuration you get a centralized administration for zFTPServer which enables you to control everything from the same place. Also, the Active Directory Administrators kan choose which users that should have access to zFTPServer by configuring a security group accordingly.

    The multiple domains are configured by establishing a trust between domains and entering the different domain names in the Authentication Integration setting.

    Read more about how the configuration can be done in our DocWiki.