Server performance and preferences
Set the log levels for ASP.NET functions and other functions (e.g. requests, host URL, etc.) (appsettings.json / appsettings.Development.json)
To set the console log levels, modify the field below accordingly within the server configuration file. These log levels are types of notifications to be displayed in the console window in relation with their level of urgency (e.g. Basic Information, Errors, etc.). The log level values for both the Microsoft.AspNetCore (ASP.NET functions) field and the Default (Default functions) field are: None, Information, Warning, and Critical. The Information level will log data that is basic information, warnings, and errors. The None level will not display any information. The Warning level will disregard basic information and it will log only warning and error data. The Critical level will log only error data. For the Production environment is recommended that the values for both the Microsoft.AspNetCore and Default fields is set to None in order for the app to not be able to divulge any sensitive data such as passwords and API keys to any potential attacker.
"Logging": {
"LogLevel": {
"Microsoft.AspNetCore": "Warning",
"Default": "Information"
}
}
To enable/disable the function which allows the server to encrypt sensitive information that will be stored in the user's browser such as session keys, modify the field below accordingly within the server configuration file.
"use_secure_local_storage": true,
To set up custom IP addresses and port numbers modify the fields below accordingly within the server configuration file. The Url field must contain the address and port number (if necessary), in the format [web_address]:[port] (e.g. https://localhost:8000). If the port number is not required, the Url field must be set in the format [web_address] (e.g. https://localhost).
"Kestrel": {
"Endpoints": {
"Address": {
"Url": "https://localhost:8000"
}
}
}
To set the domains that the server can use as its web address to process requests. For a single address use the value as the origin of the domain.
//Domain:https://localhost:8000
//Origin:localhost
"AllowedHosts": "localhost"
To set multiple hosts are used, you can set the value the name of the domain origins separated by ;, in the format [web_address_1][;][web_address_2]
//Domain 1:https://localhost:8000
//Domain 2: https://thetaftp.org
"AllowedHosts": "localhost;thetaftp.org"
The app comes pre-configured to allow the use of any host through the use of the * symbol.
"AllowedHosts": "*"
Set the number of data write operations per second (appsettings.json / appsettings.Development.json)
The server comes pre-configured to be able to read from the network and write on the disk 20.4 MB each second (102 KB * 200 times per second). To set the number of write operations each second modify the field below within the configuration file.
"WriteOperationsPerSecond": 200,
The server comes pre-set to time-out inactive connections after of period of 600 seconds. To set the maximum connection timeout period modify the field below within the configuration file.
"ConnectionTimeoutSeconds": 600,
Set the client to validate SSL certificates and SSL certificate chains (appsettings.json / appsettings.Development.json)
To make the clients making API requests within the server app, to check the validity of the SSL certificate and/or the validity of the SSL certificate chain associated with the server's modify the fields below within the configuration file.
"validate_ssl_certificates": false,
"validate_ssl_certificate_chain": false,
Make the server enforce HTTPS connections on client connections (appsettings.json / appsettings.Development.json)
To make the server enforce HTTPS connections on each client connection modify the field below within the configuration file.
"enforce_https": true,
Set the client to validate the SSL certificate domain name (appsettings.json / appsettings.Development.json)
To make the clients making API requests within the server app, to check if the domain name of the website matches the one within the SSL certificate modify the field below within the configuration file.
"ensure_host_name_and_certificate_domain_name_match": false,
Set Hyper Strict Transport Security (HSTS) header expiration date (appsettings.json / appsettings.Development.json)
To set the expiration date in days of the HSTS header modify the field below within the configuration file.
"hsts_max_age_days": 730,
Set the maximum number of concurrent (simultaneous) client connections (appsettings.json / appsettings.Development.json)
The default value is null and this means that the server will handle an unlimited number of concurrent connections. To set the maximum number of client connections that the server can handle modify the field below within the configuration file.
"max_concurent_connections": null,
The default value is null and if the value is either null or less than 10 MB, the value will be 10 MB. To set the maximum request buffer size modify the field below within the configuration file.
"max_request_buffer_size": null,
The default value is null, which defaults to a value of 64 KB. To set the maximum response buffer size modify the field below within the configuration file.
"max_response_buffer_size": null
To enable/disable reverse-proxy modify the field mentioned below within the server's configuration file
"is_reverse_proxy": false,
Forwarded headers are the HTTP headers used in a reverse-proxy configuration that contain information related to the source and the destination. A reverse-proxy is a type of server setup that allows clients to make requests to a set server IP address, which in turn will forward the requests to the destination server's IP address where the application is hosted. Reverse-proxy configurations are used in the micro-services architecture to delegate requests across multiple services (which are usually hosted on individual servers), as well as creating a barrier between the service and the client for increased protection and anonymity for both the user and the server as well as well as protecting the server against DDoS attacks. The ThetaFTP server app comes pre-configured with headers that are compatible with an Apache Server 2 reverse-proxy setup. To use custom Forwarded Headers modify the field in the configuration file displayed below:
"ForwardedHeaders": {
"ForwardedHeaders": "XForwardedFor, XForwardedProto"
},
X-Forwarded-For (XFF): Holds information about the client that initiated the request and subsequent proxies in a chain of proxies. This parameter may contain IP addresses and, optionally, port numbers. In a chain of proxy servers, the first parameter indicates the client where the request was first made. Subsequent proxy identifiers follow. The last proxy in the chain isn't in the list of parameters. The last proxy's IP address, and optionally a port number, are available as the remote IP address at the transport layer.
X-Forwarded-Proto (XPF): The value of the originating scheme, HTTP or HTTPS. The value may also be a list of schemes if the request has traversed multiple proxies.
X-Forwarded-Host (XFH): The original value of the Host header field. Usually, proxies don't modify the Host header. See Microsoft Security Advisory CVE-2018-0787 for information on an elevation-of-privileges vulnerability that affects systems where the proxy doesn't validate or restrict Host headers to known good values.
X-Forwarded-Prefix: The original base path requested by the client. This header can be useful for applications to correctly generate URLs, redirects, or links back to the client.