Serving local filesystem, encrypted local filesystem, S3 Compatible Object Storage, Google Cloud Storage, Azure Blob Storage or other SFTP accounts over SFTP, SCP, FTP, WebDAV, HTTPS.
Users are stored in a supported data provider—such as SQLite, MySQL, PostgreSQL, CockroachDB, Bolt, or in-memory storage—and each user’s access is restricted to their own home directory or designated section of a storage bucket.
Granular access control: per-user and per-directory permissions.
Encryption at REST and in Motion.
Audit logs and reporting.
Password, public key and certificate authentication.
Multi-factor and multi-step authentication. Authentication methods can be customized on a per-user basis.
Per-user and per-directory data retention rules to automatically delete or archive old files.
Real-time monitor of active connections.
Quota Management: Each account can have a disk quota, defined by maximum total storage size and/or maximum number of files.
Bandwidth Throttling: Upload and download speeds can be limited separately, with the ability to apply different settings based on the client’s IP address.
Data Transfer Limits: Total bandwidth usage can be restricted, either as a combined limit or with separate thresholds for uploads and downloads. These limits can also be customized per client IP and reset via the REST API or the EventManager.
WebAdmin UI to easily manage users, groups, folders and connections.
WebClient UI so that end users can change their credentials, manage and share their files in the browser.
Virtual folders: these are special folders that connect to any supported storage backend, allowing you to make different types of storage available to users at specific folder paths. For example, a user might access an S3 bucket mapped to one folder path while also having an encrypted local filesystem available at another. Virtual folders can be either private (for a single user) or shared among multiple users. In addition, virtual folders can be used to automate actions based on events. For example, after a file is uploaded, it can be automatically copied or moved to an external SFTP server, an S3 bucket, or transferred on a set schedule. This makes it easier to manage files across different storage services without manual intervention.
Simplified user administrations using groups: you assign settings once to a group, instead of multiple times to each individual user.
Roles enable the creation of restricted administrators who are only permitted to create and manage users with the same assigned role. Allowing to delegate users administration.
The Event Manager makes it possible to set up automated actions based on server activity—such as when files are uploaded, downloaded, or deleted—as well as on defined schedules. This feature can be used to streamline operations, for example by automatically sending notifications or moving files to other storage systems, without requiring manual intervention.
LDAP/Active directory users.
OpenID connect Single Sign-On supporting many Identity Providers including Microsoft Entra ID, Google Identity Platform, Amazon Cognito, Auth0, Okta, OneLogin, Jump Cloud, Ping Identity, Keycloak and many others.
Let’s Encrypt TLS certificates for HTTPS and FTPS/FTPES.
Geo-IP filtering.
Per-user and global IP filters and trusted lists.
Per-protocol rate limiting.
Automatically disactivate or deleted inactive users.
Automatically terminating idle connections.
Automatic blocklist management using the built-in defender, which helps protect the server against brute-force attempts.
Ability to configure and tune ciphers, host keys, key exchanges, message authentication codes and other algorithms.
Support for strict Content Security Policies for WebAdmin and WebClient UI: no unsafe-eval and usafe-inline are required.
Access time restrictions.
Branding: custom logo and name in Web interfaces.
REST API designed for both administrators and end users. Administrators can fully manage the system through the API—creating and managing users, groups, virtual folders, and more—while end users can access and interact with their files securely. This API allows for easy integration with other applications and supports automated workflows to streamline file handling and system administration.
Configurable custom commands and/or HTTP hooks on upload, pre-upload, download, pre-download, delete, pre-delete, rename, mkdir, rmdir on SSH commands and on user add, update and delete.
Support for HAProxy PROXY protocol: you can proxy and/or load balance the SFTP/SCP/FTP service without losing the information about the client's address.