Chapter 17. Security

Table of Contents

17.1. Denial of Service Filter
17.2. User Authentication
17.2.1. Login Passwords
17.2.2. PIN Codes
17.2.3. Authentication Tokens
17.2.4. One-time Authentication Tokens
17.2.5. User Dialog
17.3. Access over Internet
17.3.1. security.txt
17.4. Web Sessions
17.4.1. Web Session Timeout
17.4.2. Web Session Cookies
17.5. SSL Certificate and Password
17.6. Secured JMX Connection
17.7. Encrypted Secrets
17.8. Document Signature
17.9. User Client
17.10. Server Commands
17.11. Web Services
17.12. Log Files
17.13. Network Card Reader
17.14. Internal Services
17.15. External Services
17.16. Vouchers

This chapter discusses how SavaPage secures sensitive user and application data, and how it communicates with external Information Providers.

17.1. Denial of Service Filter

A Denial of Service Filter (DoSFilter) keeps track of the number of requests from a connection to the SavaPage server per second. If a limit is exceeded, the request is either delayed, throttled, rejected or aborted. A throttled request is placed in a queue and will only proceed when there is capacity. HTTP status code 429 is sent if there are too many requests.

Note

Details of the filtered requests are persisted in the rotating log file:

/opt/savapage/server/logs/security.log

This file has a tab separated value (TSV) format for easy import and manipulation into spreadsheet programs. See /opt/savapage/server/data/log4j.properties for more information.

If your log4j.properties does not contain the "Security Logger" section, copy it from:

/opt/savapage/server/examples/data/log4j.properties.template

Configuration propertyDescription

system.dosfilter.enable

Set to Y (default) or N, to enable the Denial of Service Filter (DoSFilter).

DoSFilter statistics are shown in the Admin Web App. See Section 4.3.7, “Filtered Requests”.

system.dosfilter.delay-msec

Delay (in milliseconds) that is applied to all requests over the rate limit system.dosfilter.max-requests-per-sec, before they are considered at all. -1 means just reject request, 0 means no delay (throttled), otherwise it is the delay. Default: 100.

system.dosfilter.max-idle-tracker-msec

Maximum amount of time (in milliseconds) to keep track of request rates for a connection, before deciding that the user has gone away, and discarding it. Default: 30000.

system.dosfilter.max-request-msec

Maximum amount of time (in milliseconds) to allow the request to process. Default: 30000.

system.dosfilter.max-requests-per-sec

Maximum number of requests from a connection per second. Requests in excess of this are first delayed, then throttled. Default: 75.

system.dosfilter.throttle-msec

Amount of time (in milliseconds) to async wait for semaphore. Default: 30000.

system.dosfilter.throttled-requests

Number of requests over the rate limit able to be considered at once. Default: 5.

system.dosfilter.too-many-code

HTTP status code to send if there are too many requests. Default: 429 (too many requests). 503 (service unavailable) is another option.

system.dosfilter.whitelist

Comma-separated list of host names or IP addresses, either in the form of a dotted decimal notation A.B.C.D or in the CIDR notation A.B.C.D/M, that will not be rate limited in DoSFilter. Note: localhost and 127.0.0.1 are implicitly whitelisted.

system.dosfilter.warn-interval.applog.mins

Interval (minutes) within which DoSFilter events are totaled and written as warning in the Application Log. The expiration of the interval is triggered by a DoSFilter event. Default: 5.

system.dosfilter.warn-interval.webapp.secs

Interval (seconds) within which DoSFilter events are totaled and send as Real-time Activity warning with popup message to the Admin Web App. Default: 60.

Table 17.1. DoSFilter Configuration Properties


See Section 4.11.14, “Config Editor” on how to set these properties.