Configuring Inline File Validation

If an executable file containing malicious code is uploaded to the server, the malicious code can subsequently be executed by an external product that integrates with an Aspera product.

Inline file validation is a feature that enables file content to be validated while the file is in transit, as well as when the transfer is complete. The validation check is made with a Lua script or with a RESTful call to an external URL. The mode of validation used (URL or Lua) and the timing of the check are set in the Aspera server GUI oraspera.conf.

For Lua script validation, prepare your Lua script and specify the path to it.
For information about preparing a Lua script, see Inline File Validation with Lua Script.
You can specify the path to the script in the Aspera server GUI (go to Configuration > Filehandling and set either Base64-Encoded Lua Action Script or File Path to Lua Action Script) or aspera.conf. Run one of the following commands, depending on if your script is base64 encoded:
```
# /opt/aspera/sbin/asconfigurator -x "set_node_data;validation_lua_script_base64,path"
# /opt/aspera/sbin/asconfigurator -x "set_node_data;validation_lua_script_path,path"
```
For URI validation, configure the REST service and set the URL.

Note: The code examples provided here are for an admin using a Java servlet deployed on an Apache web server, but this process is generalizable to other programming languages and other servers.
1. Open web.xml and edit the <servlet> and <servlet_mapping> sections to provide the necessary information for validation.
  The <servlet-name> (URL handler) value is also configured in aspera.conf (in the next step) and any custom code (see Inline File Validation with URI).
```
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
         version="3.1">

    <servlet>
        <servlet-name>SimpleValidator</servlet-name>
        <servlet-class>aspera.validation.SimpleValidator</servlet-class>
    </servlet>

    <servlet-mapping>
        <servlet-name>SimpleValidator</servlet-name>
        <url-pattern>/SimpleValidator/validation/files</url-pattern>
    </servlet-mapping>
</web-app>
```
2. Set the URL in aspera.conf.
```
# /opt/aspera/sbin/asconfigurator -x "set_node_data;validation_uri,url"
```
  Where url is the server's IP address and port, and the servlet name (URL handler) found in web.xml. This adds the path to the <transfer> section of aspera.conf. For example:
```
<transfer>
<validation_uri>http://127.0.0.1:8080/SimpleValidator</validation_uri>
</transfer>
```
Schedule the validation.
You can schedule validation to occur at the following events:
- run at file start
- run at file stop
- run at session start (URL validation is not supported)
- run at session stop (URL validation is not supported)
- run when crossing file threshold
You can set a Lua script validation to run at one event and a URI validation to run at another, but you can define only one Lua script or URL. The default setting for all events is none.

All settings but file threshold can be set in the Aspera server GUI; go to Configuration > File handling. To set them from the command line, run the applicable command:
```
# /opt/aspera/sbin/asconfigurator -x "set_node_data;validation_file_start,{lua_script|uri}"
# /opt/aspera/sbin/asconfigurator -x "set_node_data;validation_file_stop,{lua_script|uri}"
# /opt/aspera/sbin/asconfigurator -x "set_node_data;validation_session_start,lua_script"
# /opt/aspera/sbin/asconfigurator -x "set_node_data;validation_session_stop,lua_script"
# /opt/aspera/sbin/asconfigurator -x "set_node_data;validation_threshold,{lua_script|uri}"
```

If you schedule validation at a file size threshold, set the threshold.

# /opt/aspera/sbin/asconfigurator -x "set_node_data;validation_threshold_kb,size"

Configure multi-threaded validation.
By default, inline validation is set to use 5 threads.
If the number of validation threads is not set to 1, then multiple threads may perform different types of validations for different (or the same) files at the same time. In such a situation, the response of a validation_file_stop at the end of a file download might come before the response of a validation_threshold for the same file.

To set the number of validation threads, run the following command:
```
# /opt/aspera/sbin/asconfigurator -x "set_node_data;validation_threads,number"
```

For more information on the output of your inline validation, see Inline File Validation with URI or Inline File Validation with Lua Script.