If an executable file containing malicious code is
uploaded to the server, the malicious code can subsequently be executed by an external
product that integrates with an Aspera product. Inline file validation is a feature that
enables file content to be validated while the file is in transit, as well as when the
transfer is complete. The validation check can be made with a Lua script, or with a REST
call to an external URL. The mode of validation used (URL or Lua) and the timing of the
check are set in the Aspera server GUI or
aspera.conf.
About this task
When URI inline file validation is enabled,
the transfer is not reported as complete until the validation completes. An
alternative to inline file validation, out-of-transfer file validation, completes
the transfer and then validates the file, and can be substantially faster. For more
information, see Out-of-Transfer File Validation.
Lua scripting is supported for many uses, including inline file
validation. For detailed information, see Automated Execution of Lua Scripts with Transfer Events.
Note: Inline file validation is not applied to
transfers that fall back to HTTP. If all transfers require validation, use
out-of-transfer validation.
Procedure
-
For URI validation, configure the REST service and set the URL.
Note: The code examples provided here are for an admin using a Java servlet
deployed on an Apache web server, but this process is generalizable to other
programming languages and other servers.
-
Open web.xml and edit the <servlet>
and <servlet_mapping> sections to provide the necessary
information for validation.
The <servlet-name> (URL handler) value is also configured
in aspera.conf (in the next step) and any
custom code (such as file filtering, see Inline File Validation with URI).
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
version="3.1">
<servlet>
<servlet-name>SimpleValidator</servlet-name>
<servlet-class>aspera.validation.SimpleValidator</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>SimpleValidator</servlet-name>
<url-pattern>/SimpleValidator/validation/files</url-pattern>
</servlet-mapping>
</web-app>
-
Set the URL in aspera.conf.
$ asconfigurator -x "set_user_data;user_name,username;validation_uri,url"
Where url is the server's IP address and port, and
the servlet name (URL handler) found in
web.xml. This adds the path to the
<transfer> section of
aspera.conf. For example:
<transfer>
<validation_uri>http://127.0.0.1:8080/SimpleValidator</validation_uri>
</transfer>
-
Schedule the validation.
To define URI validation from the command line, run this command:
$ asconfigurator -x "set_user_data;user_name,username;validation_threshold,{uri}"
(You can set a Lua script validation to run at one event and a URI validation
to run at another, but you can define only one Lua script or URL. The
default setting for all events is none.)
-
If you schedule validation at a file size threshold, set the threshold.
$ asconfigurator -x "set_user_data;user_name,username;validation_threshold_kb,size"
-
Configure multi-threaded validation.
By default, inline validation is set to use 5 threads.
If the number of validation threads is not set to 1, then multiple
threads may perform different types of validations for different (or the same) files at the same
time. In such a situation, the response of a validation_file_stop at the end of a file
download might come before the response of a validation_threshold for the same
file.
To set the number of
validation threads, run the following
command:
$ asconfigurator -x "set_user_data;user_name,username;validation_threads,number"