Mechanism for an SFTP allowlist
Hey folks, We use SFTP connections in our deployments and initially had SFTP enabled on all our servers but run into problems when the server goes into protection / lockdown mode due to bot activity on the port. We can enable and disable sftp by reconfiguring the servers in our deploy steps, but ultimately it would be neat if we could leave SFTP on and just not allow any traffic to the port unless they're on the allowlist. IPs seems like one way to do it, though developers often want to use SFTP to move files around themselves for hotfixes or development, and developer IPs change and so we'd need to go in and add our IP manually on any servers we need into relatively regularly.
Hey Shea, this is a great idea and I think one that would benefit a large majority of our users that have SFTP enabled on their servers. Its added to our list and I should have an update on that sooner than later. Thank you.
Join the conversation
Sign in with your Cycle account to reply to this thread.