Desktop Properties

This section describes the properties related to the Desktop that you can set in the STR.

A subset of the properties below are explicitly set in the file default.conf during installation. This file must not be updated. If you want to set or override properties, you should update client.conf instead.

Properties		SOC 1	Category	Reason
mz.httpd.security.redirect	Default value: `false` If TLS is enabled and this property is set to `true`, any attempt to access the webserver using HTTP will cause a redirect to HTTPS. The default behavior is just to return an error.	Yes	Confidentiality	Forces encrypted transport and prevents accidental plaintext access; reduces MITM risk.
mz.gui.udreditor.limit	Default value: `yes` This property can be used to support decoding of files that are larger than 3MB. When set to `yes` the UDR File Editor will only read up to 3MB and then stop, when set to `no` the UDR File Editor will continue to read until the end of the file is reached.	Yes	Availability	Guards UI memory/latency; prevents large-file reads from degrading service.
ui.webserver.port	Default value: `9001` This property can be used to set the port used by the webserver.	Yes	Availability	Correct port binding is required for service reachability; change control prevents outages.
ui.webserver.host	Default value: `0.0.0.0` This property can be used to control which host/IP that the server should bind on. For example if you have multiple network interfaces on the server, you can choose to just open the desktop on one of them.	Yes	Confidentiality	Scopes exposure surface (e.g., bind to localhost/internal only); incorrect scope can leak access or block users.
ui.webserver.strict.host.validation	Default value: `false` Add this property and set it to true if you want to enable string host validation in the desktop webserver. If this is enabled, all HTTP requests will be rejected if they have a Host header that does not match a known address of the desktop server. Ie a name or address resolving to the server or a name declared in the ui.webserver.valid.hosts property	Yes	Confidentiality	Mitigates Host-header attacks (cache poisoning, SSRF, link generation); ensures requests target the legitimate host.
ui.webserver.valid.hosts	This optional property is a comma-separated list of host names. If set, any hostname in the list will be considered valid when strict host validation has been enabled through the ui.webserver.strict.host.validation property.	Yes	Confidentiality	Allow-list of accepted hostnames when strict validation is enabled; limits Host-header spoofing and ensures the UI is only served on expected names.
ui.webserver.invalid.hosts	This optional property is a comma-separated list of host names. If set, any hostname specified will always fail validation when strict host validation has been enabled through the ui.webserver.strict.host.validation property.	Yes	Confidentiality	Rejects requests whose `Host` matches these names.