DEVHIDE
Login Or Sign up

Alfresco Share login error behind reverse proxy

4.9k Views Asked by At

I configure my Alfresco instance to be in a sub-URI (www.example.com/prefix/alfresco , www.example.com/prefix/alfresco/share) and all looks to be fine except that I can't log in Shared. The Catalina.out log this error:

ERROR [alfresco.web.site] [http-apr-28080-exec-10] javax.servlet.ServletException: Possible CSRF attack noted when asserting referer header 'http://www.example.com/prefix/alfresco/share/page/'. Request: POST /prefix/alfresco/share/page/dologin, FAILED TEST: Assert referer POST /prefix/alfresco/share/page/dologin :: referer: 'http://www.example.com/prefix/alfresco/share/page/' vs server & context: http://10.140.8.144/ (string) or (regexp)

Then the browser show me this page (www.example.com/prefix/alfresco/share/dologin):

Something's wrong with this page...

We may have hit an error or something might have been removed or deleted, so check that the URL is correct.

Alternatively you might not have permission to view the page (it could be on a private site) or there could have been an internal error. Try checking with your Alfresco administrator.

If you're trying to get to your home page and it's no longer available you should change it by clicking your name on the Alfresco toolbar.

I tried to deactivate the CSRF filter in share-config-custom.xml, but then I can't log and I don't have any message in the log, the login page show:

Your authentication details have not been recognized or Alfresco may not be available at this time.

My apache conf:

ProxyPass /prefix/alfresco
http://10.140.8.144:28080/prefix/alfresco ProxyPassReverse
/prefix/alfresco http://10.140.8.144:28080/prefix/alfresco

ProxyPass /prefix/alfresco/share
http://10.140.8.144:28080/prefix/share ProxyPassReverse
/prefix/alfresco/share http://10.140.8.144:28080/prefix/share

I could log before configure Alfresco for work in the reverse proxy.

authentication apache2 alfresco reverse-proxy alfresco-share
Original Q&A
1

There are 1 best solutions below

0
On

There is no need to deactivate the CSRF filter. If you changed the context path as described in the documentation you need to make sure that the tomcat connector "knows" the outside context (hostname, port, context).

Either

  • set proxyName and proxyPort
  • set RemoteIpValve in tomcat server.xml and set required proxy header variables in apache (x-forwarded-for, x-forwarded-by, x-forwarded-proto)
  • use proxy_ajp instead of proxy_http and define a ajp connector in tomcat

Related Questions in AUTHENTICATION

Related Questions in APACHE2

Related Questions in ALFRESCO

Related Questions in REVERSE-PROXY

Related Questions in ALFRESCO-SHARE

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.