Explicitly stating that knocking_url needs to be customized

config/jail.conf

@@ -770,12 +770,14 @@ maxretry = 1
 
 [pass2allow-ftp]
 # this pass2allow example allows FTP traffic after successful HTTP authentication
-filter     = apache-pass
-blocktype  = RETURN
-returntype = DROP
+port         = ftp,ftp-data,ftps,ftps-data
+filter       = apache-pass
 # access log of the website with HTTP auth
-logpath    = %(apache_access_log)s
-port       = ftp,ftp-data,ftps,ftps-data
-bantime    = 3600
-maxretry   = 1
-findtime   = 1
+logpath      = %(apache_access_log)s
+# knocking URL needs to be customized per each deployment
+knocking_url = /secret-knocking-url
+blocktype    = RETURN
+returntype   = DROP
+bantime      = 3600
+maxretry     = 1
+findtime     = 1