System Configuration - Security Settings

AppDataFolder

string

null

System

The application uses the path for Project, Log, Default Index, Dictionaries, and All metadata.

AppData location is used for null and empty values.

In IIS, a common path for GEODI.exe and GEODI can be specified. %App% shows the application folder.

The System.Environment.SpecialFolder values can be used in the path definition in %%.

• To be compatible with GEODI.exe, the folder name should be retrieved by typing %appdata% in the address bar of the Windows explorer.

AppPort

int

3323

WebServer

It determines the port to be used by the Web Server started via GEODI.exe.

• If set to 80, there is no need to write ports on the client-side

• If the SSLCertificate setting is done and the 443 SSL port is used, there is no need to write ports on the client-side.

  "Port" key can be used as an exe parameter.

AppIP

string

null

WebServer

7.0.1.25977+

Used to specify the IP address to listen on by the WebServer initiated via the exe.

By default, the Server broadcasts on all IP addresses.

 "IP" key can be used as an exe parameter.

ModuleStoreFolder

string

null

System

When you need offline auto module update use this folder to store *.GeodiModuleX files. when not set GEODI will use DECE-STORE for update.

SocketReceiveTimeout

int

-1

WebServer

The default connection timeout for the application in milliseconds. The default value is -1.

SocketHeaderReceiveTimeout

int

-1

WebServer

The default timeout for the application to read headers in milliseconds. The default value is -1.

TrustedRefererSiteList

string[]

null

WebServerSecurity

Used to define  sites to be trusted for giving the link to the system, use Iframe and Rest API access. * Accepts.

It aims to prevent misleading requests from users through standard browsers.

By default, all sites are allowed.

TrustedOriginSiteList

string[]

null

WebServerSecurity

POST Data is used to determine which sites to trust for use of Iframe and Rest API access. * Accepts.

It aims to prevent misleading requests from users through standard browsers.

No sites are allowed by default.

TrustedOriginUICheck

bool

true

WebServerSecurity

7.0.1.26096+

If false, origin and token access control is performed only for rest api requests.

If true, no content other than the gui / public / folder will be served to sites that are not on the TrustedOriginSiteList list and do not access with tokens.

DisableCSRFSecurity

bool

false

WebServerSecurity

Used to disable custom additional security settings for the Webserver.

It aims to prevent misleading requests from users through standard browsers.

Its closure provides a relatively low-performance increase (0.01% <). It is recommended not to turn off the setting.

XSSSecurityMode

int

0

WebServerSecurity

8.0.0.27386+

It is used to set the behavior for the HTML content in the form and querystring values ​​in the incoming request. It does not add an HttpHeader. The HttpHeaders setting should be used to set headers.

• 0 : At 0 (Default), only required fields are preserved. It is a high performance usage. It is a safe option. Other options can be used temporarily until a solution is found in case of an unexpected detection.

• 1 : Only basic uses such as b,i,h1 .. are allowed for all incoming fields in requests with a value of 1 (ToSafeHTML). greatly reduces performance.

• 2 : All incoming html tags are cleared in requests with a value of 2 (ClearHTML). greatly reduces performance.
  GEODI 8.0.0.27658+ is required for options 3-6.

• 3: (ThrowErrorHasHTML) If there is HTML in the request, an error is thrown.

• 4: (SmartMode_ToSafeHtml) Safe html conversion is made only for the required fields. It works the same way as the Default option.

• 5: (SmartMode_ClearHTML) Clears html expressions only for required fields.

• 6: (SmartMode_ThrowErrorHasHTML) If HTML values ​​are sent in fields that require control, an error is thrown.

HttpHeaders

string[]

null

WebServerSecurity

HTTP_HEADER:VALUE format allows us to define the header information that will be sent to the client.

It can be used to configure browser-side security settings based on API usage.  (  https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers#Security )

Sample

ShowWebExceptionStackTrace

bool

false

WebServerSecurity

It allows displaying error details in case of Web request errors that will occur. Details are not displayed by default.

LogExceptionStackTrace

bool

false

System

Allows logging of additional details of Scan and System startup errors.

ServerNames

string[]

null

WebServerSecurity

This is the server name information for the WebServer that is started through GEODI.exe. Subdomain usage is blocked when the setting is defined. When servername is set to myserver, sub.myserver requests are not accepted.

EnableUrlSession

bool

false

WebServerSecurity

If the setting is on, Session transfer via Url is allowed. A configuration setting that is not recommended for use.

TileExpandPercent

double

20.0

WMSServer

The default tile enlargement ratio used for labels on WMS Serve.

VerisonExtenderText

string

null

System

It is used to change the version code specified for the content going to the browser. It can be used to reset the browser cache when preparing a theme.

UseDefaultCredential

bool

true

System

Force use of system proxy settings in remote connections such as Web site crawling.

ServerUri

string

null

Notification

It is used to determine the web address to be used in the links to be specified in background services such as e-mail sending.

AutoRecovery

bool

false

System

Automatically corrects faulty entries in case of power failure, disk failure without approval.

AutoIndexUpdate

bool

false

System

If necessary, the GEODI version updates Indexes without approval.

AutoIndexUpdateAndRecovery

bool

false

System

GEODI 7.0.1.26858+

^{This setting is not needed for use under Service or IIS.}

Automatically corrects faulty entries in case of power failure, disk failure without approval. If necessary, the GEODI version updates Indexes without approval.

IgnoreSystemAdminContentAccessPrivileges

bool

false

WebServerSecurity

8.0.027625+

If set to true, the privileges of viewing, opening and downloading content for the “System Administrator” authority are canceled. It is expected that these capabilities are authorized even if you are a "System Administrator". It can be managed on a project basis with Settings.SystemAdminMode on the GEODI application.

DisableBasicAuthentication

bool

false

WebServerSecurity

Turns off Basic Authentication support. All Authentication services on GEODI are protected against automated trial attacks.

SecurityProtocolForRequest

int

3120

System

GEODI 
7.0.1.26674+

MOBIDIOfis
5.0.0.13115+

^{It is used to set the security protocol to be used in http calls to different servers.}

• SSL 2 = 12

• SSL 3 = 48

• TLS 1.0 = 192

• TLS 1.1 = 768

• TLS 1.2 = 3072

• TLS 1.3 = 12288

3120= TLS1.2 + SSL 3

SecurityProtocolForResponse

int

16368

WebServerSecurity

GEODI 
7.0.1.26674+

MOBIDIOfis
5.0.0.13106+

^{If the SSL settings in this document are made, it is used to set which security protocols are supported.}

• SSL 2 = 12

• SSL 3 = 48

• TLS 1.0 = 192

• TLS 1.1 = 768

• TLS 1.2 = 3072

• TLS 1.3 = 12288

16368 = TLS 1.0 + TLS 1.1 + TLS1.2 + TLS 1.3 + SSL 3 ( Inclusive value that also supports legacy clients )

15408 = TLS1.2 + TLS 1.3 + SSL 3 ( Value compelling clients to secure communication )

SSLLocalCertificateSerial

string

null

WebServer

6.1.0.24659+

Used to activate SSL with a valid certificate installed under Computer Certificates / Personal. An alternative method is to specify a certificate file with SSLCertificate.

If there is no special case, this method should be preferred for ssl definition. With this method, there is no need to specify a password.
This value can be found in Details→Serial number in the window that opens when the certificate is double-clicked in the certificates section in Windows.
If there is a need for CSR for SSL certificate supply, https://csrgenerator.com or https://www.digicert.com/easy-csr/openssl.htm pages can be used. Or you can get it via IIS and then stop IIS. ( If Geodi is run over IIS, this setting is not used. Definitions on IIS are used. )

• If AppPort is set to 443, there is no need to write ports on the client-side.

SSLCertificate

string

null

WebServer

Used to specify the location of the SSL certificate file. If defined, GEODI.exe only returns https requests. cer, p7b and pfx extension files are supported.

^{If there is no special case, this method should not be used, the SSLLocalCertificateSerial setting should be preferred.}

• If AppPort is set to 443, there is no need to write ports on the client-side.

SSLCertificatePass

string

null

WebServer

If used, it is used to specify the password of the SSL Certificate file. Open text or non-portable crypto can be used with GEODI tools.

^{If there is no special case, this method should not be used, the SSLLocalCertificateSerial setting should be preferred.}

SSLErrorLog

bool

false

WebServer

6.1.0.24659+

If true, logs all SSL validation errors

NoSSLPort

int

0

WebServer

6.1.0.21550+

If SSL is set, if a port other than 0 is specified, the HTTP service will be provided from this protocol.

ForceHttpsRedirect

bool

false

WebServer

6.1.0.21550+

If NoSSLPort is set, all HTTP requests are forwarded to the https address.

AutoForwardedURL

string

null

WebServer

6.1.0.23511+

Used to specify the server address to use when a routing Header information is received that contains "X-Forwarded-For" information. Penetration safety measures will interfere with the operation of such orientations.  If a DMZ Proxy or IIS Rewrite Proxy is used for cross-network or port forwarding

• The TrustedRefererSiteList and TrustedOriginSiteList settings in SystemSettings.json must be edited to accept the address displayed in the browser.

•  The address shown in the browser should be written at the AutoForwardedURL.
  
  

Example:  

 "AutoForwardedURL"  key can be passed as an exe parameter.

SystemTray

bool

true

WindowsGUI

5.3.0.16891+

 If true, Geodi.exe will open as an icon in the Windows Notification Area instead of opening on the left. Windows will not offer form interfaces. It will allow you to manage the process by using menus offered by the right button.

If false, Geodi.exe is located on the left. The false setting requires IE9+.

Theme

string

Square

GUI

6.0.0.18338+

Default theme setting

Folder names under GUI/Theme can be used.

Language

string

Kurulum Dili

System

6.0.0.18398+

The default language setting. The language code must be written.

If not set, the installation language is used.

  "Language" key can be passed as an exe parameter.

LogMode

int

0

System

6.1.0.21152+

It is used to determine the information to be logged. Logging is not done by default. It's a flag. Logs are stored under Appdata / Logs / [APP] / DebugLog.

• 0 : No logs

• 1 : SQL ( Enables logging of all database queries run by the application)

• 2 : UserData ( Information of the user connected to the system is logged)

• 4: Request ( all HTTP requests are logged )

• 8 : Request Detail  ( all HTTP requests are logged with all detail )

• 16: CreateHttpRequest ( Requires 7.0.1.26660+. Logs web requests and addresses to external servers )

SessionTimeout

int

120

System

6.1.0.21152+

 Defines the maximum inactivity time allowed to a user before starting the automatic log out process

DefaultWS

string

My Computer

System

6.1.0.25423+

It is the default project name in the GEODI ES / DA interface. Used if the url does not contain a wsName or if there is no project remembered for the current user.

LoginProviders

string[]

null

System

7.0.0.25611

It is used to limit LoginProvider definitions that can be logged into the system. Login with all providers recognized by default. Example: If ["LDAP"] is written, it is not possible to login with Geodi users. Only login with LDAP users.

ClientProtectionKey1,ClientProtectionKey2

string

null

WebServerSecurity

6.1.0.25423+

User internal token crypto changes for each server. Entropy for encryption can be increased or decreased with the values to be written here.

MaxUrlSize

int

2048

WebServer

7.0.001.25764+

^{Used to determine the maximum URL size. There is no limit for requests made for POST.}