17.2. Access over Internet
Prev Chapter 17. Security Next

17.2. Access over Internet

Take extra care when SavaPage is accessible over public Internet, as a result of enabled Internet Print or explicit WAN to LAN routing, since authentication falls back to global defaults for User Authentication. At least make sure that access to the Admin Web App is solidly secured.

Internet access to each Web App can be restricted with configuration properties in the table below:

Configuration propertyDescription

webapp.internet.enable

Set to Y (default) or N to enable/disable Internet access for all Web Apps.

webapp.internet.*.enable

* = admin | jobtickets | mailtickets | payment | pos | printsite | user

Set to Y (default) or N to enable/disable Internet access for a specific Web App.

webapp.internet.*.auth-mode.enable

* = admin | jobtickets | mailtickets | payment | pos | printsite | user

Set to Y or N (default) to enable/disable webapp.internet.*.auth-modes for a specific Web App.

Note: if webapp.internet.admin.auth-mode.enable = Y, then user admin is not allowed to login to Admin WebApp via Internet.

webapp.internet.*.auth-modes

* = admin | jobtickets | mailtickets | payment | pos | printsite | user

A comma-separated list of authentication methods (name, email, id, nfc-local, yubikey, oauth) for a specific Web App. The first in the list is the default method.

Table 17.1. Web App Internet Access Configuration Properties


See Section 4.11.14, “Config Editor” on how to set these items.

Note

Exceptions to these generic restrictions can be configured by creating a Terminal Device for each trusted client IP address and configure Custom User Login methods.

17.2.1. security.txt

security.txt is a proposed standard which allows websites to define security policies. The file is available via https://your-savapage-server/.well-known/security.txt and its content is set with configuration properties as outlined in the table below:

Configuration propertyDescription

securitytxt.enable

Set to Y or N (default) to enable/disable security.txt for all Web Apps.

securitytxt.contact.mailto

E-mail address for people to contact you about security issues.

securitytxt.contact.tel

Phone number for people to contact you about security issues.

securitytxt.contact.url

URL for people to contact you about security issues. Must start with https://.

At least one securitytxt.contact.* property must be configured.

securitytxt.encryption.uri

URI to a key which security researchers should use to securely talk to you (optional).

securitytxt.acknowledgments.url

URL to a web page where you say thank you to security researchers who have helped you (optional). Must start with https://.

securitytxt.preferred-languages

A comma-separated list of language codes that your security team speaks (optional).

securitytxt.securitytxt.policy.url

URL to a policy detailing what security researchers should do when searching for or reporting security issues (optional). Must start with https://.

securitytxt.securitytxt.hiring.url

URL to any security-related job openings in your organisation (optional). Must start with https://.

Table 17.2. Configuration Properties for security.txt


See Section 4.11.14, “Config Editor” on how to set these items.

Note

The Expires: property in security.txt is generated by SavaPage and set one month in the future.

Prev Up Next
Chapter 17. Security Home 17.3. Web Sessions

SavaPage Open Print Portal Software © 2023 by Datraverse is OSI Certified Open Source Software licensed under AGPLv3, or any later version, in compliance with Third Party Software Licenses. SavaPage User Manual © 2023 by Rijk Ravestein is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.