sftpgo/docs/post-connect-hook.md

# Post-connect hook

This hook is executed as soon as a new connection is established. It notifies the connection's IP address and protocol. Based on the received response, the connection is accepted or rejected. Combining this hook with the [Post-login hook](./post-login-hook.md) you can implement your own (even for Protocol) blacklist/whitelist of IP addresses.

Please keep in mind that you can easily configure specialized program such as [Fail2ban](http://www.fail2ban.org/) for brute force protection. Executing a hook for each connection can be heavy.

The `post_connect_hook` can be defined as the absolute path of your program or an HTTP URL.

If the hook defines an external program it can read the following environment variables:

- `SFTPGO_CONNECTION_IP`
- `SFTPGO_CONNECTION_PROTOCOL`, possible values are `SSH`, `FTP`, `DAV`, `HTTP`, `OIDC` (OpenID Connect)

If the external command completes with a zero exit status the connection will be accepted otherwise rejected.

Previous global environment variables aren't cleared when the script is called.
The program must finish within 20 seconds.

If the hook defines an HTTP URL then this URL will be invoked as HTTP GET with the following query parameters:

- `ip`
- `protocol`, possible values are `SSH`, `FTP`, `DAV`, `HTTP`, `OIDC` (OpenID Connect)

The connection is accepted if the HTTP response code is `200` otherwise rejected.

The HTTP hook will use the global configuration for HTTP clients and will respect the retry configurations.
add post-login hook a login scope is supported too so you can get notifications for failed logins, successful logins or both 2020-08-12 14:15:12 +00:00			`# Post-connect hook`
add post connect hook Fixes #144 2020-07-30 20:33:49 +00:00
Fix typos (#181) 2020-10-05 09:29:18 +00:00			`This hook is executed as soon as a new connection is established. It notifies the connection's IP address and protocol. Based on the received response, the connection is accepted or rejected. Combining this hook with the [Post-login hook](./post-login-hook.md) you can implement your own (even for Protocol) blacklist/whitelist of IP addresses.`
add post connect hook Fixes #144 2020-07-30 20:33:49 +00:00
add post-login hook a login scope is supported too so you can get notifications for failed logins, successful logins or both 2020-08-12 14:15:12 +00:00			`Please keep in mind that you can easily configure specialized program such as [Fail2ban](http://www.fail2ban.org/) for brute force protection. Executing a hook for each connection can be heavy.`

add data retention check hook 2021-10-03 13:17:49 +00:00			The `post_connect_hook` can be defined as the absolute path of your program or an HTTP URL.
add post connect hook Fixes #144 2020-07-30 20:33:49 +00:00
Fix typos (#181) 2020-10-05 09:29:18 +00:00			`If the hook defines an external program it can read the following environment variables:`
add post connect hook Fixes #144 2020-07-30 20:33:49 +00:00
			- `SFTPGO_CONNECTION_IP`
OIDC: execute pre-login hook after IDP authentication so the SFTPGo users can be auto-created using the hook Signed-off-by: Nicola Murino <nicola.murino@gmail.com> 2022-02-19 09:53:35 +00:00			- `SFTPGO_CONNECTION_PROTOCOL`, possible values are `SSH`, `FTP`, `DAV`, `HTTP`, `OIDC` (OpenID Connect)
add post connect hook Fixes #144 2020-07-30 20:33:49 +00:00
			`If the external command completes with a zero exit status the connection will be accepted otherwise rejected.`

			`Previous global environment variables aren't cleared when the script is called.`
			`The program must finish within 20 seconds.`

			`If the hook defines an HTTP URL then this URL will be invoked as HTTP GET with the following query parameters:`

			- `ip`
OIDC: execute pre-login hook after IDP authentication so the SFTPGo users can be auto-created using the hook Signed-off-by: Nicola Murino <nicola.murino@gmail.com> 2022-02-19 09:53:35 +00:00			- `protocol`, possible values are `SSH`, `FTP`, `DAV`, `HTTP`, `OIDC` (OpenID Connect)
add post connect hook Fixes #144 2020-07-30 20:33:49 +00:00
Fix typos (#181) 2020-10-05 09:29:18 +00:00			The connection is accepted if the HTTP response code is `200` otherwise rejected.
add post connect hook Fixes #144 2020-07-30 20:33:49 +00:00
web hooks: improve resilience by adding a configurable retry the retryable http client is used for hooks that notify events 2021-02-12 20:42:49 +00:00			`The HTTP hook will use the global configuration for HTTP clients and will respect the retry configurations.`