Securing Incoming and Outgoing Transfers

This section describes how to configure IBM Aspera Faspex on Demand to deny all transfers except for ones initiated by or sent to permitted users. This is accomplished by updating the global authorization settings for your installation of IBM Aspera Enterprise Server or IBM Aspera Connect Server.
  1. Modify Incoming Transfers and Outgoing Transfers settings within the aspera.conf file, which is located at: /opt/aspera/etc/aspera.conf
    <default>
    ...
    <authorization>
       <transfer>
          <in>
             <value>deny</value>       <!-- Incoming Transfer -->
          </in>
          <out>
             <value>deny</value>       <!-- Outgoing Transfer -->
          </out>
       </transfer>
    ...  
    </authorization>
    ...
    </default>
    You can then set transfer permissions on an individual user basis using their sections in the aspera.conf file.
  2. (Complete this step if your system is a dedicated Faspex Server and is not performing transfers with IBM Aspera Enterprise Server or Connect Server) Only allow user "faspex" within Enterprise Server

    You can verify the faspex user and corresponding settings within the aspera.conf file, which is located at /opt/aspera/etc/aspera.conf.

    <aaa>
    <realms>
    <realm>
    <users>
       <user>
          <name>faspex</name>
    	     <authorization>
    		    <transfer>
                   <in>
                      <value>token</value>
                   </in>
                   <out>
                      <value>token</value>
                   </out>
                </transfer>
                <token>
                   <encryption_key>CRYPTOGRAPHIC_STRONG_RANDOM_STRING</encryption_key>   			
                </token>
             <authorization>			
             <file_system>
                <access>
                   <paths>
                      <path>
                         <absolute>E:\faspex_packages</absolute>
                         <read_allowed>false</read_allowed>
                         <dir_allowed>false</dir_allowed>
                         <write_allowed>false</write_allowed>
                      </path>
                   </paths>
                </access>
             </file_system>
       </user>
    </realm>
    </realms>
    </aaa>