Configuring Inline File Validation in the GUI

If an executable file containing malicious code is uploaded to the server, the malicious code can subsequently be executed by an external product that integrates with an Aspera product. Inline file validation is a feature that enables file content to be validated while the file is in transit, as well as when the transfer is complete. The validation check is made with a Lua script or with a REST call to an external URL. The mode of validation used (URL or Lua) and the timing of the check are set in the Aspera server GUI oraspera.conf.

When inline file validation is enabled, the transfer is not reported as complete until the validation completes. An alternative to inline file validation, out-of-transfer file validation, completes the transfer and then validates the file, and can be substantially faster. For more information, see Out-of-Transfer File Validation.

Note: Inline file validation is not applied to transfers that fall back to HTTP. If all transfers require validation, use out-of-transfer validation.
  1. For Lua script validation, prepare your Lua script and specify the path to it.
    For information about preparing a Lua script, see Inline File Validation with Lua Script.

    Go to Configuration > File Handling for a specific user and set either Base64-Encoded Lua Action Script or File Path to Lua Action Script, depending on if your script is base64 encoded:

  2. For URI validation, configure the REST service and set the URL.
    Note: The code examples provided here are for an admin using a Java servlet deployed on an Apache web server, but this process is generalizable to other programming languages and other servers.
    1. Open web.xml and edit the <servlet> and <servlet_mapping> sections to provide the necessary information for validation.

      The <servlet-name> (URL handler) value is also configured in aspera.conf (in the next step) and any custom code (such as file filtering, see Inline File Validation with URI).

      <?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
         version="3.1">

    <servlet>
        <servlet-name>SimpleValidator</servlet-name>
        <servlet-class>aspera.validation.SimpleValidator</servlet-class>
    </servlet>

    <servlet-mapping>
        <servlet-name>SimpleValidator</servlet-name>
        <url-pattern>/SimpleValidator/validation/files</url-pattern>
    </servlet-mapping>
</web-app>
    2. Set the URL in aspera.conf. 
      # asconfigurator -x "set_user_data;user_name,username;validation_uri,url"

      Where url is the server's IP address and port, and the servlet name (URL handler) found in web.xml. This adds the path to the <transfer> section of aspera.conf. For example:

      <transfer>
<validation_uri>http://127.0.0.1:8080/SimpleValidator</validation_uri>
</transfer>
  3. Schedule the validation.
    Go to Configuration > File handling and select uri or lua_scriptto schedule that type of validation at the following events:
    • Run File Validation at File Start
    • Run File Validation at File Stop
    • Run File Validation at Session Start (URL validation is not supported)
    • Run File Validation at Session Stop (URL validation is not supported)
    • Run File Validation When Crossing File Threshold

    You can set a Lua script validation to run at one event and a URI validation to run at another, but you can define only one Lua script or URL. The default setting for all events is none.

  4. If you schedule validation at a file size threshold, set the threshold.
    This setting cannot be done in the GUI; run the following command:
    # asconfigurator -x "set_user_data;user_name,username;validation_threshold_kb,size"
  5. Configure multi-threaded validation.
    By default, inline validation is set to use 5 threads.

    If the number of validation threads is not set to 1, then multiple threads may perform different types of validations for different (or the same) files at the same time. In such a situation, the response of a validation_file_stop at the end of a file download might come before the response of a validation_threshold for the same file.

    To set the number of validation threads, run the following command:

    # asconfigurator -x "set_user_data;user_name,username;validation_threads,number"

For more information on the output of your inline validation, see Inline File Validation with URI or Inline File Validation with Lua Script.