System Configuration - Security Settings

Configuration settings can be edited by creating a SystemSettings.json file next to GEODI.exe.


(!) GEODI by default does not allow REST API calls from other domains. To allow this you can define allowed domains at SystemSettings.json.

(!) JSON content should not include any comments

(!) The Settings file is read once. If a setting is changed GEODI.exe or Pool used at IIS should be restarted.

Settings

Setting NameTypeDefault valueCategoryVersionDescription
AppDataFolderstringnullSystem

The path that the application uses for Project, Log, Default Index, Dictionaries, and All metadata.

AppData location is used for null and empty values.

In IIS, a common path for GEODI.exe and GEODI can be specified. %App% shows the application folder.

The System.Environment.SpecialFolder values can be used in the path definition in %%.

  • In order to be compatible with GEODI.exe, the folder name should be retrieved by typing %appdata% in the address bar of the Windows explorer.
AppPortint3323WebServer

It is used to determine the port to be used by the Web Server started via GEODI.exe.

  • If set to 80, there is no need to write ports on the client-side
  • If the SSLCertificate setting is done and the 443 SSL port is used, there is no need to write ports on the client-side.

(info)  "Port" key can be used as an exe parameter.

AppIPstringnullWebServer7.0.1.25977+

Used to specify the IP address to listen on by the WebServer initiated via the exe.

By default, the Server broadcasts on all IP addresses.

(info) "IP" key can be used as an exe parameter.

SocketReceiveTimeoutint-1WebServer
The default connection timeout for the application in milliseconds. The default value is -1.
SocketHeaderReceiveTimeoutint-1WebServer
The default timeout for the application to read headers in milliseconds. The default value is -1.
TrustedRefererSiteListstring[]nullWebServerSecurity

Used to define  sites to be trusted for giving the link to the system, use Iframe and Rest API access. * Accepts.

It aims to prevent misleading requests from users through standard browsers.

By default, all sites are allowed.

TrustedOriginSiteListstring[]nullWebServerSecurity

POST Data is used to determine which sites to trust for use of Iframe and Rest API access. * Accepts.

It aims to prevent misleading requests from users through standard browsers.

No sites are allowed by default.

TrustedOriginUICheckbooltrueWebServerSecurity7.0.1.26096+


If false, origin and token access control is performed only for rest api requests.

If true, no content other than the gui / public / folder will be served to sites that are not on the TrustedOriginSiteList list and do not access with tokens.

DisableCSRFSecurityboolfalseWebServerSecurity

Used to disable custom additional security settings for the Webserver.

It aims to prevent misleading requests from users through standard browsers.

Its closure provides a relatively low-performance increase (0.01% <). It is recommended not to turn off the setting.

HttpHeadersstring[]nullWebServerSecurity

HTTP_HEADER:VALUE format allows us to define the header information that will be sent to the client.

It can be used to configure browser-side security settings based on API usage.  (  https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers#Security )


ShowWebExceptionStackTraceboolfalseWebServerSecurity
It allows displaying error details in case of Web request errors that will occur. Details are not displayed by default.
LogExceptionStackTraceboolfalseSystem
Allows logging of additional details of Scan and System startup errors.
ServerNamesstring[]nullWebServerSecurity
This is the server name information for the WebServer that is started through GEODI.exe. Subdomain usage is blocked when the setting is defined. When servername is set to myserver, sub.myserver requests are not accepted.
EnableUrlSessionboolfalseWebServerSecurity
If the setting is on, Session transfer via Url is allowed. A configuration setting that is not recommended for use.
TileExpandPercentdouble20.0WMSServer
The default tile enlargement ratio used for labels on WMS Serve.
VerisonExtenderTextstringnullSystem
It is used to change the version code specified for the content going to the browser. It can be used to reset the browser cache when preparing a theme.
UseDefaultCredentialbooltrueSystem

Force use of system proxy settings in remote connections such as Web site crawling.

ServerUristringnullNotification
It is used to determine the web address to be used in the links to be specified in background services such as e-mail sending.
AutoRecoveryboolfalseSystem
Automatically corrects faulty entries in case of power failure, disk failure without approval.
AutoIndexUpdateboolfalseSystem
If necessary, the GEODI version updates Indexes without approval.
DisableBasicAuthenticationboolfalseWebServerSecurity
Turns off Basic Authentication support. All Authentication services on GEODI are protected against automated trial attacks.
SSLLocalCertificateSerialstringnullWebServer6.1.0.24659+

Used to activate SSL with a valid certificate installed under Computer Certificates / Personal. An alternative method is to specify a certificate file with SSLCertificate.

If there is no special case, this method should be preferred for ssl definition. With this method, there is no need to specify a password.
This value can be found in Details→Serial number in the window that opens when the certificate is double-clicked in the certificates section in Windows.
If there is a need for CSR for SSL certificate supply, https://csrgenerator.com or https://www.digicert.com/easy-csr/openssl.htm pages can be used. Or you can get it via IIS and then stop IIS. ( If Geodi is run over IIS, this setting is not used. Definitions on IIS are used. )

  • If AppPort is set to 443, there is no need to write ports on the client-side.
SSLCertificatestringnullWebServer

Used to specify the location of the SSL certificate file. If defined, GEODI.exe only returns https requests. cer, p7b and pfx extension files are supported.

If there is no special case, this method should not be used, the SSLLocalCertificateSerial setting should be preferred.
  • If AppPort is set to 443, there is no need to write ports on the client-side.
SSLCertificatePassstringnullWebServer

If used, it is used to specify the password of the SSL Certificate file. Open text or non-portable crypto can be used with GEODI tools.

If there is no special case, this method should not be used, the SSLLocalCertificateSerial setting should be preferred.
SSLErrorLogboolfalseWebServer6.1.0.24659+If true, logs all SSL validation errors
NoSSLPortint0WebServer6.1.0.21550+If SSL is set, if a port other than 0 is specified, the HTTP service will be provided from this protocol.
ForceHttpsRedirectboolfalseWebServer6.1.0.21550+
If NoSSLPort is set, all HTTP requests are forwarded to the https address.
AutoForwardedURLstringnullWebServer6.1.0.23511+

Used to specify the server address to use when a routing Header information is received that contains "X-Forwarded-For" information. Penetration safety measures will interfere with the operation of such orientations.  If a DMZ Proxy or IIS Rewrite Proxy is used for cross-network or port forwarding

  • The TrustedRefererSiteList and TrustedOriginSiteList settings in SystemSettings.json must be edited to accept the address displayed in the browser.
  •  The address shown in the browser should be written at the AutoForwardedURL.

Example:  

{
	TrustedRefererSiteList:["*.mypublicwebsite.com*"],
	TrustedOriginSiteList:["*.mypublicwebsite.com*"],
	AutoForwardedURL:"http://www.mypublicwebsite.com"
}

(info) "AutoForwardedURL"  key can be passed as an exe parameter.

SystemTraybool

true

WindowsGUI5.3.0.16891+

 If true, Geodi.exe will open as an icon in the Windows Notification Area instead of opening on the left. Windows will not offer form interfaces. It will allow you to manage the process by using menus offered by the right button.

If false, Geodi.exe is located on the left. The false setting requires IE9+.


ThemestringSquareGUI6.0.0.18338+

Default theme setting

Folder names under GUI/Theme can be used.

LanguagestringKurulum DiliSystem6.0.0.18398+

The default language setting. The language code must be written.

If not set, the installation language is used.

(info)  "Language" key can be passed as an exe parameter.

LogModeint0System6.1.0.21152+

It is used to determine the information to be logged. Logging is not done by default. It's a flag. Logs are stored under Appdata / Logs / [APP] / DebugLog.

  • 0 : No logs
  • 1 : SQL ( Enables logging of all database queries run by the application)
  • 2 : UserData ( Information of the user connected to the system is logged)
  • 4: Request ( all HTTP requests are logged )
  • 8 : Request Detail  ( all HTTP requests are logged with all detail )
  • 16: CreateHttpRequest ( Requires 7.0.1.26660+. Logs web requests and addresses to external servers )
SessionTimeoutint120System6.1.0.21152+ Defines the maximum inactivity time allowed to a user before starting the automatic log out process
DefaultWSstringMy ComputerSystem6.1.0.25423+It is the default project name in the GEODI ES / DA interface. Used if the url does not contain a wsName or if there is no project remembered for the current user.
LoginProvidersstring[]nullSystem7.0.0.25611

It is used to limit LoginProvider definitions that can be logged into the system. Login with all providers recognized by default. Example: If ["LDAP"] is written, it is not possible to login with Geodi users. Only login with LDAP users.

ClientProtectionKey1,ClientProtectionKey2stringnullWebServerSecurity6.1.0.25423+User internal token crypto changes for each server. Entropy for encryption can be increased or decreased with the values to be written here.
MaxUrlSizeint2048WebServer7.0.001.25764+
Used to determine the maximum URL size. There is no limit for requests made for POST.

* In the case of using an IIS-like Web server instead of GEODI.exe, the properties in the WebServer category are not used. The WebServerSecurity settings continue to be used.

Examples


Index Folder
{
  "AppDataFolder":"C:\\GeodiDataFolder"
}
TrustedSites , ServerName
{
  "TrustedOriginSiteList":["*"]
  "ServerNames": ["localhost","127.0.0.1","www.myserver.com","myserver.com"]
}