Configuring inline file validation

If an executable file that contains malicious code is uploaded to the server, the malicious code can later be run by an external product that integrates with an Aspera product. Inline file validation is a feature that enables file content to be validated while the file is in transit, and when the transfer is complete. The validation check can be made with a REST call to an external URL. The mode of validation used (URL) and the timing of the check are set in the Aspera server GUI or aspera.conf.

When URI inline file validation is enabled, the transfer is not reported as complete until the validation completes. An alternative to inline file validation, out-of-transfer file validation, completes the transfer and then validates the file, and can be substantially faster. For more information, see Out-of-transfer file validation.

Note: If all transfers require validation, use out-of-transfer validation.
Note: Lua scripting is supported for many uses. For detailed information, see Automated execution of Lua scripts with transfer Events.
  1. For URI validation, configure the REST service and set the URL.
    Note: The code examples that are provided here are for an admin that uses a Java servlet that is deployed on an Apache web server, but this process is generalizable to other programming languages and other servers.
    1. Open web.xml and edit the <servlet> and <servlet_mapping> sections to provide the necessary information for validation.

      The <servlet-name> (URL handler) value is also configured in aspera.conf and any custom code (such as file filtering, see Inline file validation with URI).

      <?xml version="1.0" encoding="UTF-8"?>
      <web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
               xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
               xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
               version="3.1">
      
          <servlet>
              <servlet-name>SimpleValidator</servlet-name>
              <servlet-class>aspera.validation.SimpleValidator</servlet-class>
          </servlet>
      
          <servlet-mapping>
              <servlet-name>SimpleValidator</servlet-name>
              <url-pattern>/SimpleValidator/validation/files</url-pattern>
          </servlet-mapping>
      </web-app>
    2. Set the URL in aspera.conf.
      $ asconfigurator -x "set_user_data;user_name,username;validation_uri,url"

      Where url is the server's IP address and port, and the servlet name (URL handler) found in web.xml. This adds the path to the <transfer> section of aspera.conf. For example:

      <transfer>
      <validation_uri>http://127.0.0.1:8080/SimpleValidator</validation_uri>
      </transfer>
  2. Schedule the validation.
    Go to Configuration > File handling and select URI to schedule that type of validation at the following events:
    • Run File Validation at File Start
    • Run File Validation at File Stop
    • Run File Validation at Session Start (URL validation is not supported)
    • Run File Validation at Session Stop (URL validation is not supported)
    • Run File Validation When Crossing File Threshold

    You can set and run a URI validation to one event. The default setting for all events is none.

  3. If you schedule validation at a file size threshold, set the threshold.
    This setting cannot be done in the GUI; run the following command:
    $ asconfigurator -x "set_user_data;user_name,username;validation_threshold_kb,size"
  4. Configure multi-threaded validation.
    By default, inline validation is set to use 5 threads.

    If the number of validation threads is not set to 1, then multiple threads might perform different types of validations for different or for the same files at the same time. In such a situation, the response of a validation_file_stop at the end of a file download might come before the response of a validation_threshold for the same file.

    To set the number of validation threads, run the following command:

    $ asconfigurator -x "set_user_data;user_name,username;validation_threads,number"

For more information about the configuration parameters, see File handling configuration (defining values in the UI) or aspera.conf - Transfer configuration (defining values in aspera.conf)

For more information on the output of your inline validation, see Inline file validation with URI.