URL Editor

FTP URL Scheme

Understand FTP URLs and secure alternatives.

5 min readUpdated January 2026

FTP (File Transfer Protocol) URLs reference files on FTP servers. While FTP is legacy technology, understanding FTP URLs helps with older systems and migration.

FTP was the standard for file transfer for decades, and you'll still encounter it in legacy systems, older documentation, and some public file archives. Understanding FTP URLs helps you migrate these systems to modern alternatives and troubleshoot existing integrations.

Key Takeaways

  • 1FTP uses port 21 by default
  • 2FTP is unencrypted—prefer SFTP or HTTPS
  • 3Browser support for FTP is being removed
  • 4Use SFTP or HTTPS for secure file transfer
  • 5FTP URLs can include credentials (insecure)
Definition
FTP URI Scheme
A URI scheme for accessing files using the File Transfer Protocol. FTP URLs specify a file on a remote server, optionally including authentication credentials and port information. Note: FTP is a legacy protocol without encryption.Source: RFC 1738 - Uniform Resource Locators (URL)
"An FTP URL has the form ftp://user:password@host:port/path where user and password are optional. This scheme describes the location of a file on an FTP server."
— RFC 1738, Uniform Resource Locators

FTP URL Structure

FTP URLs follow a similar structure to HTTP URLs, with the addition of optional credentials embedded directly in the URL. This credential embedding is one reason FTP is considered insecure—credentials appear in logs and browser history.

# FTP URL components
ftp://user:password@ftp.example.com:21/path/to/file.txt

# Components:
ftp://           - Scheme
user:password@   - Credentials (insecure, avoid)
ftp.example.com  - Host
:21              - Port (21 is default, usually omitted)
/path/to/file    - Path to file or directory

# Examples
ftp://ftp.example.com/
ftp://ftp.example.com/pub/files/document.pdf
ftp://files.example.com:2121/uploads/

# Anonymous FTP (common for public servers)
ftp://ftp.example.com/pub/
# Implicitly uses anonymous:anonymous

Many public FTP servers accept "anonymous" logins for downloading files—you don't need credentials in the URL. The path component works like a filesystem path, pointing to files or directories on the server.

FTP isn't the only file transfer protocol. Let's compare it with modern alternatives to understand which to use for different scenarios.

FTP Protocols Comparison

The table below compares FTP with its successors. The key takeaway: SFTP (SSH File Transfer Protocol) and HTTPS are the recommended choices for new projects.

ProtocolPortSecurityUse Case
FTP21NoneLegacy (avoid)
FTPS990TLSSecure FTP
SFTP22SSHPreferred secure
HTTPS443TLSWeb download
SCP22SSHSimple copy

SFTP and FTPS both add encryption to file transfers, but SFTP is generally preferred because it runs over SSH (which you likely already have) rather than requiring a separate TLS setup. HTTPS works well for public downloads where you don't need upload capability.

One important change affecting FTP is that modern browsers have dropped support for the protocol entirely.

Browser Support

Major browsers removed built-in FTP support in 2021, citing security concerns and low usage. If your users encounter FTP URLs in their browsers, they'll see errors instead of file listings.

# Browser FTP support (deprecated)

# Chrome: Removed in version 95 (2021)
# Firefox: Removed in version 90 (2021)
# Safari: Limited support
# Edge: No support

# What happens now:
# - Browser opens FTP URL
# - Browser shows error or downloads file
# - May offer to open in external FTP client

# Alternatives for file downloads:
# - Use HTTPS for public files
# - Provide direct download links
# - Use cloud storage (S3, GCS, etc.)

# For FTP access:
# - Use dedicated FTP client (FileZilla, WinSCP)
# - Use command-line tools (curl, wget, lftp)

If you still need to access FTP servers, dedicated FTP clients like FileZilla provide a graphical interface, while command-line tools like curl and wget work well for scripts. For public file downloads, migrating to HTTPS is the recommended long-term solution.

Let's look at the secure protocols you should use instead of FTP for new projects.

Secure Alternatives

These alternatives provide the same file transfer functionality as FTP but with encryption. SFTP is best for authenticated transfers; HTTPS or signed URLs work well for public downloads.

# SFTP (SSH File Transfer Protocol)
# Not a URL scheme, accessed via SSH
sftp://user@host/path  # Some apps support this

# Command line
sftp user@host:/path/to/file.txt

# FTPS (FTP over TLS)
ftps://ftp.example.com/path/to/file.txt

# HTTPS (recommended for downloads)
https://example.com/downloads/file.pdf

# Signed URLs (cloud storage)
https://storage.example.com/file.pdf?token=abc123&expires=1234567890

Signed URLs (used by AWS S3, Google Cloud Storage, and Azure Blob) provide temporary, authenticated access to files over HTTPS. They're ideal for providing download links without exposing your storage credentials.

If you need to work with FTP servers from scripts or the command line, several tools can help.

Command Line FTP

These command-line examples show how to download, upload, and list files using curl, wget, and lftp. These tools are useful for automation scripts that need to interact with legacy FTP servers.

bash
# Download with curl
curl -O ftp://ftp.example.com/pub/file.txt

# With credentials
curl -u user:password -O ftp://ftp.example.com/file.txt

# List directory
curl ftp://ftp.example.com/pub/

# Upload file
curl -T localfile.txt ftp://ftp.example.com/uploads/

# Using wget
wget ftp://ftp.example.com/pub/file.txt

# SFTP with curl
curl -k sftp://user@host/path/file.txt

# Using lftp (feature-rich FTP client)
lftp -u user,password ftp://host
lftp> get file.txt
lftp> put localfile.txt

The -O flag in curl saves the file with its original name. The -T flag uploads files. For complex FTP operations like mirroring directories or resuming interrupted transfers, lftp provides the most features.

If you have existing FTP infrastructure, here's how to migrate to modern alternatives.

Migrating from FTP

Migration typically involves replacing FTP URLs with HTTPS equivalents and optionally setting up a proxy service to maintain backward compatibility. The code below shows both URL conversion and a server-side FTP proxy.

javascript
// Replace FTP links with HTTPS

// Old: FTP link
// ftp://ftp.example.com/pub/files/document.pdf

// New: HTTPS link
// https://downloads.example.com/files/document.pdf

// Migration script
function migrateFtpUrl(ftpUrl) {
  const url = new URL(ftpUrl);

  if (url.protocol !== 'ftp:') {
    return ftpUrl;
  }

  // Map to HTTPS endpoint
  return `https://${url.hostname.replace('ftp.', 'downloads.')}${url.pathname}`;
}

// Server-side: Proxy FTP to HTTPS
// Node.js example using basic-ftp
const ftp = require('basic-ftp');

async function downloadFromFtp(ftpUrl, res) {
  const client = new ftp.Client();

  await client.access({
    host: 'ftp.example.com',
    user: 'anonymous',
    password: 'anonymous'
  });

  const url = new URL(ftpUrl);
  await client.downloadTo(res, url.pathname);

  client.close();
}

The migrateFtpUrl function converts FTP URLs to HTTPS equivalents by changing the scheme and optionally transforming the hostname. The proxy function demonstrates how to serve FTP content over HTTPS—useful when you control the server but have clients expecting FTP URLs.

Frequently Asked Questions

Was this page helpful?
Share:

Related Guides

HTTP

Web protocol.

6 min read

File URLs

Local files.

5 min read

Try it yourself

Put this into practice with URL Editor

Open URL Editor