Overview of Inline File Validation

If an executable file containing malicious code is uploaded to the server, the malicious code can subsequently be executed by an external product that integrates with an Aspera product.

Inline file validation is a feature that enables file content to be validated while the file is in transit, as well as when the transfer is complete. You can include or exclude files with certain characteristics; for example:

  • Accept only files of certain types (extensions)
  • Examine the .zip / archive files for unapproved file types
  • Disallow files greater that a certain size

The validation check is made with a Lua script.or with a RESTful call to an external URL. The mode of validation used (URL or Lua) is defined in the Enterprise Server GUI or aspera.conf.

Note: Inline file validation with Lua script is only available for Enterprise Server products that are v. 2.7.1 or above.

Defining Values for Inline File Validation Parameters

The following parameters for inline file validation set the method of file validation (uri, lua, or none). They can be set in the GUI (Global Configuration > Filehandling options) or manually (by editing the aspera.conf or running the asconfigurator command).
  • run at file start
  • run at file stop
  • run at session start
  • run at session stop
  • run when crossing file threshold
Two additional parameter values--specifically for inline validation with a Lua script--can be set either in the GUI or manually:
  • base64-encoded Lua action script
  • file path to Lua action script
The following parameters can only be set manually:
  • validation threshold_kb
  • validation threads
  • validation uri (for inline validation with URI, only)
For more detailed information about these parameters, see aspera.conf - Transfer.

Inline Validation with URI or Lua Script

For information on the process of validation with a URL or Lua script, see Inline File Validation with URI or Inline File Validation with Lua Script.