If an executable file that contains malicious code is
uploaded to the server, the malicious code can later be run by an external product that integrates
with an Aspera product. Inline file validation is a feature that enables file content to be
validated while the file is in transit, and when the transfer is complete. The validation check can
be made with a REST call to an external URL. The mode of validation used (URL) and the timing of the
check are set in the Aspera server GUI or
aspera.conf.
When URI inline file validation is enabled, the transfer is not reported as
complete until the validation completes. An alternative to inline file validation, out-of-transfer
file validation, completes the transfer and then validates the file, and can be substantially
faster. For more information, see Out-of-transfer file validation.
Note: If all transfers require validation, use out-of-transfer
validation.
-
For URI validation, configure the REST service and set the URL.
Note: The code examples that are provided here are for an admin that uses a Java servlet that is
deployed on an Apache web server, but this process is generalizable to other programming languages
and other servers.
-
Open web.xml and edit the
<servlet>
and
<servlet_mapping>
sections to provide the necessary information for
validation.
The <servlet-name>
(URL handler) value is also configured in
aspera.conf and any custom code (such as file filtering, see Inline file validation with URI).
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
version="3.1">
<servlet>
<servlet-name>SimpleValidator</servlet-name>
<servlet-class>aspera.validation.SimpleValidator</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>SimpleValidator</servlet-name>
<url-pattern>/SimpleValidator/validation/files</url-pattern>
</servlet-mapping>
</web-app>
-
Set the URL in aspera.conf.
$ asconfigurator -x "set_user_data;user_name,username;validation_uri,url"
Where url is the server's IP address and port, and the servlet name (URL
handler) found in web.xml. This adds the path to the
<transfer>
section of aspera.conf. For example:
<transfer>
<validation_uri>http://127.0.0.1:8080/SimpleValidator</validation_uri>
</transfer>
-
Schedule the validation.
Go to
Configuration > File handling and select
URI to schedule that type of validation at the following events:
- Run File Validation at File Start
- Run File Validation at File Stop
- Run File Validation at Session Start (URL validation is not
supported)
- Run File Validation at Session Stop (URL validation is not
supported)
- Run File Validation When Crossing File Threshold
You can set and run a URI validation to one event. The default setting for all events is
none.
-
If you schedule validation at a file size threshold, set the threshold.
This setting cannot be done in the GUI; run the following
command:
$ asconfigurator -x "set_user_data;user_name,username;validation_threshold_kb,size"
-
Configure multi-threaded validation.
By default, inline validation is set to use
5
threads.
If the number of validation threads is not set to 1
, then
multiple threads might perform different types of validations for different or for the same files at
the same time. In such a situation, the response of a validation_file_stop at the
end of a file download might come before the response of a validation_threshold
for the same file.
To set the number of validation threads, run
the following
command:
$ asconfigurator -x "set_user_data;user_name,username;validation_threads,number"