As of version 2.6 of Aspera Enterprise Server, Connect Server and Point to Point, it is possible to allow or deny transfers based on the connecting client's IP address. This feature was implemented via the FASP™ external authorization facility, and can be configured in aspera.conf. In a future release users will be able to configure this in the GUI.
As with most Aspera configurations, you can enable the authorization based on client IP as a global, per group, or per user setting. As you are most likely setting an IP restriction per user, the user section of aspera.conf is most likely going to be used. The client IP based allow/deny restriction can be set separately for inbound and outbound transfers.
You configure authorization by IP address by editing aspera.conf, the configuration file which may be found at:
- Linux: /opt/aspera/etc
- Windows: C:\Program Files (x86)/Aspera/<product name>/etc (replace <product name> with your installed product)
- Mac: /Library/Aspera/etc
You can create an authorization rule with the value tag which takes on the peer_ip attribute:
The value itself can either be allow or deny based on whether you want to allow or deny transfers from this IP address. You can specify the IP address as the host IP or subnet IP via CIDR notation (like 10.0.0.0/16).
These tags are nested within an <in> section if they apply to client uploads, or within an <out> section if they apply to client downloads. Within each section you can list as many value tags as needed; they are interpreted in order and the first one that matches is used. Subsequent entries are ignored.
To configure the authorization on a global level, you would place your tags in the sections as shown below. In the following example client uploads are only allowed from the IP 10.3.200.8 or the subnet 10.0.0.0/16:
To configure the authorization for a particular user, follow the example below.
After making the changes to aspera.conf, ensure you have edited it correctly by running a validation command to check for errors, which is one of the following depending on your system:
Mac OS X
"C:\Program Files (x86)\Aspera\Enterprise Server\bin\asuserdata" -v