Security

Updated: 2022-05-06 08:40:38

1. Access restrictions

Used for foreground user login restrictions. Set a white list, the IP addresses in the white list are allowed to log in to the front desk; set a black list, the IP addresses in the black list cannot log in to the front desk. Click Security-Access Restriction, select whitelist or blacklist, enter ip or ip range (such as 10.80.90.1-100), and click Save to take effect.

访问限制英文

2. Watermark Settings

Used to configure video online preview watermark configuration. Click Enable watermark, upload the watermark image, select the location, and click Save.

水印设置英文

3. Login password setting

It supports administrators to configure whether to allow users to modify passwords, account lockout rules, and weak password settings.

登录密码设置英文

HeaderHeader
Anti-brute force attackingYou can configure the user password to lock the account after X consecutive wrong input within X minutes, and the number of wrong input is 3~30 times. After the configuration is saved, it will take effect.
Allow users to change their passwordsIf selected, the front-end users can change their passwords in the front-end, and the button to change the password is displayed in the foreground. If not selected, it will not be displayed.
Weak password settingsPasswords that users are not allowed to set, please use“ ; ”to separate multiple passwords, such as Raysync;raysync. After the configuration is saved, it will take effect.

4. Audit Policy

For user-created delivery tasks for approval. Supports approval of trigger conditions such as user, ip, file size, file type, and number of files.

Click Security - Audit Policy - Add Audit Policy. Enter the policy name and policy order (The system will execute the policies in the order of smallest to largest. The policy without setting the order will be executed in the order of creation time from newest to oldest by default, and priority will be given to the policy that has set the order value.) Set the trigger conditions, select the processing action, and select the administrator for approval.

审核策略英文

Editing, deleting, enabling and disabling audit policies are supported.

编辑策略英文

5. Certificate Management

5.1 TLS certificates

Raysync provides encrypted certificate services that can be used for both http encryption of the web and file transfer encryption. The default is to use Raysync' own encryption certificate, or you can use the user's own certificate for encryption. Fill in the correct certificate file and certificate private key, click Start Upload, and restart the server to take effect

TLS证书英文

If you select Prohibit non-SSL connections, the front-end user pages cannot be accessed using non-encrypted http addresses. Note: The premise of configuring security settings is that the administrator needs to upload a valid TLS certificate.

禁止非ssl

5.2 Client Certificate

Raysync client certificate is the certificate used by the client to connect with the browser. Available in two ways:

One is to obtain the latest certificate from the default Alibaba Cloud OSS. When the server can access the external network, Raysync will automatically download the latest client certificate from the oss storage when the oss certificate is updated.

客户端oss证书英文

The second is to download from the Raysync server. When the network cannot access the external network, please configure the certificate location as the Raysync server. Click to upload the latest certificate bundle. The certificate package is provided by Raysync staff. After uploading the certificate, click Save. Re-login to the client on the front-end page to download the client certificate.

客户端证书ray英文