Skip to main content

Antivirus

LogicalDOC can check if a submitted document is infected. It works with an Open Source antivirus software called ClamAV. This gives you full control over your documents base and will assure you to avoid the distribution of infected files through your document management system.

Enabled: If enabled, each new file will be inspected at upload time

ClamAV: Put here the path to the clamscan command in your system

Include: All files that match one of these inclusion filters will be checked

Exlude: All files that match one of these inclusion filters will not be checked

Timeout: Maximum time to check a file, 0 means no timeout at all

Security Settings

Into the Security panel, you fins some general settings related to the security of the system.

Security

Password rules

You may define a set of rules to enforce a minimum quality of the password for the users. Use the Generate button to generate a sample password compliant with all the configured rules.

Password expiration: duration of the password before being asked to change it

Enforce password history: number of old passwords remembered by the system for each user in order to prevent their re-usage

Other security settings

Max. inactivity: If a user does not have any interaction with the system within this number of days, it will be automatically disabled.

Save Login: if the users have the option to store their credentials in the browser

Alert login from new device: Alerts the user when logging in from a device not yet encountered

Ignore login case: if LogicalDOC must ignore the case of the username to authenticate the users

Allow sid in request: permits the sid attribute in the request in order to pass the session identifier. Activate this option only if really needed because it may compromise the security.

Cookies SameSite: determines when cookies are included in requests

Use secure cookies: enables the cookies only when using the HTTPS protocol

Force SSL: if active, LogicalDOC will redirect all HTTP requests to the HTTPS secure protocol (read this how-to for installing your Certificate)

Content Security Policy: the content to put in the HTTP response header Content-Security-Policy.

Check at login: checks the password compliance at login and if it does not comply, the user gets forced to change it.

Anonymous

By activating this option, you can grant access to the system by anonymous users without passing through the login page and the normal authorization chain.

When the option is enabled you can distribute the special URL as shown above, to people not registered in the system. Anyone accesses to that URL will be automatic logged in as he was the user selected in the User parameter.

The anonymous visitor can do inside the repository whatever thing that the assigned User can do on the basis of the security policies that you granted him. Please note that part of the anonymous URL is regulated by the Key parameter, so change it in case you need to invalidate already distributed URLs.

Use with care

Please enable this option just in cases where you really need it, and make sure to assign a user with limited access to your repository

Menus

In this panel, you can determine which entities (users and groups) can access a menu. After selecting a menu item, to add new security entities use Add Group and Add User list boxes, to drop an element right-click on the name and press Delete. If you want to make your changes persistent, you have to press the Apply Rights button.

Geolocation

LogicalDOC is able to geolocalize all the incoming requests, and this gives you the opportunity to track where your users are coming from. We use the GeoLite database, so you have to input your MaxMind License Key. You get your free license key by subscribing to GeoLite2 here: https://www.maxmind.com/en/geolite2/signup

It is important to maintain updated the GeoLite database, so from time to time click on Sync Geolocation Database

Precision

The geolocalization is possible only when the request comes from a public IP and in any case the precision totally relies on the used GeoLite database, so it is important to maintain it as updated as possible.

Firewall

Here you can optionally define a set of IPs, hostnames, or networks that are allowed or denied to access the system.

Brute Force Attack Prevention

In this panel, you can fine tune your strategy to protect the system from brute force attacks.

If a maximum number of login failures is detected for the same username, that username gets blocked for a given amount of minutes.

If a maximum number of login failures is detected from the same IP, that address gets blocked for a given amount of minutes.

In the panel, it is also available list of currently blocked usernames and/or IPs.

Groups

This panel shows the list of all groups currently existing into the system.

To add a new group, you have to click on Add Group button, and then it is sufficient to specify a name, a description and a parent group. The new group will inherit all the permissions already assigned to the parent group.

The administrators can delete a group by right-clicking the group item and then selecting the Delete context menu item.

By selecting a group item, you can see all the group's details under the list. Here you can edit the group's data.

group window
 

Inheriting security policies from another group

To inherit the security policies from another existing group, you can just select that group in the Inherit policies from group drop-down list and save. If you do so, all the current security policies of the selected groups against folders, documents and menus will be replicated in the currently edited group.

If you create a new group without inheriting the security from another one, then that group will initially have no permissions.

Warning

The group is a structural element that is used to assign access privileges. Use groups for the purpose of facilitating the configuration of privileges and not to carry out simple groupings of users. Introduce new groups only when it is truly necessary.

Default groups

Each LogicalDOC installation comes with the following default groups:

  • admin: the users in this group have access to everything in LogicalDOC. You cannot delete this group.
  • poweruser: a sample group with limited access to administration. You can delete this group.
  • author: a sample group with R/W permissions in the Default workspace. You can delete this group.
  • publisher: the users in this group can see the documents marked as unpublished. You cannot delete this group.
  • guest: a group with just read-only permissions in the Default workspace. The read-only users will also automatically assigned to this group. You cannot delete this group.