This section describes how to configure IBM Aspera Faspex on Demand to deny
all transfers except for ones initiated by or sent to permitted users. This is
accomplished by updating the global authorization settings for your installation of
IBM Aspera Enterprise Server or IBM Aspera Connect Server.
-
Modify Incoming Transfers and Outgoing Transfers settings within
the aspera.conf file, which is located at:
/opt/aspera/etc/aspera.conf
<default>
...
<authorization>
<transfer>
<in>
<value>deny</value> <!-- Incoming Transfer -->
</in>
<out>
<value>deny</value> <!-- Outgoing Transfer -->
</out>
</transfer>
...
</authorization>
...
</default>
You can then set transfer permissions on an individual user basis using their
sections in the
aspera.conf file.
-
(Complete this step if your system is a dedicated Faspex Server and is not performing transfers
with IBM Aspera Enterprise Server or Connect Server) Only allow user "faspex" within
Enterprise Server
You can verify the faspex user and corresponding settings within the
aspera.conf file, which is located at
/opt/aspera/etc/aspera.conf.
<aaa>
<realms>
<realm>
<users>
<user>
<name>faspex</name>
<authorization>
<transfer>
<in>
<value>token</value>
</in>
<out>
<value>token</value>
</out>
</transfer>
<token>
<encryption_key>CRYPTOGRAPHIC_STRONG_RANDOM_STRING</encryption_key>
</token>
<authorization>
<file_system>
<access>
<paths>
<path>
<absolute>E:\faspex_packages</absolute>
<read_allowed>false</read_allowed>
<dir_allowed>false</dir_allowed>
<write_allowed>false</write_allowed>
</path>
</paths>
</access>
</file_system>
</user>
</realm>
</realms>
</aaa>