SecurityUpdated: 2022-11-30 09:24:35
Support antivirus after uploading files. Raysync mainly uses ClamAV (Clam AntiVirus) virus scanning tool to scan the uploaded files and will move the infected files to Isolation Zone.
Enter the directory to the Raysync Server’s clamdscan ,update of the virus library.
2. Access Restrictions
Used for foreground user login restrictions. Set a white list, the IP addresses in the white list are allowed to log in to the front desk; set a black list, the IP addresses in the black list cannot log in to the front desk. Click Security- Access Restriction, select whitelist or blacklist, enter ip or ip range (such as 10.80.90.1-100), and click Save to take effect.
3. Watermark Settings
Used to configure video online preview watermark configuration. ClickEnable watermark, upload the watermark image, select the location, and click Save.
4. Login Settings
It supports administrators to configure whether to allow users to modify passwords, account lockout rules, and weak password settings.
|Anti-brute force attacking||You can configure the user password to lock the account after X consecutive wrong input within X minutes, and the number of wrong input is 3~30 times. After the configuration is saved, it will take effect.|
|Allow users to change their passwords||If selected, the front-end users can change their passwords in the front-end, and the button to change the password is displayed in the foreground. If not selected, it will not be displayed.|
|Weak password settings||Passwords that users are not allowed to set, please use“ ; ”to separate multiple passwords, such as Raysync;raysync. After the configuration is saved, it will take effect.|
|Email validate||After enabling, you need both password and email validate code to log in. (only support Local users)|
5. Certificate Management
5.1 TLS certificates
Raysync provides encrypted certificate services that can be used for both HTTP encryption of the web and file transfer encryption. The default is to use Raysync's own encryption certificate, or you can use the user's own certificate for encryption. Fill in the correct certificate file and certificate private key, click Start Upload, and restart the server to take effect
If you select Prohibit non-SSL connections, the front-end user pages cannot be accessed using non-encrypted HTTP addresses. Note: The premise of configuring security settings is that the administrator needs to upload a valid TLS certificate.
5.2 Client Certificate
Raysync Client certificate is the certificate used by the client to connect with the browser. Available in two ways:
One is to obtain the latest certificate from the default Alibaba Cloud OSS. When the server can access the external network, Raysync will automatically download the latest client certificate from the oss storage when the oss certificate is updated.
The second is to download from the Raysync server. When the network cannot access the external network, please configure the certificate location as the Raysync server. Click to upload the latest certificate bundle. The certificate package is provided by Raysync staff. After uploading the certificate, click Save. Re-login to the client on the front-end page to download the client certificate.
5. Detective Sensitive words
During the transmission process, the content of the file name and text file can be detected. The content of the file contains sensitive words. The system will automatically allocate the file to the isolation area.
If you need to detect the sensitive word like "kill", the input box inputs the sensitive word "kill", click [Save] and then enable
Multiple sensitive words are separated by ;