https://connect.hyland.com/t5/alfresco-forum/best-practize-to-configure-alfresco-behind-a-webproxy/m-p/114925#M31909 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P>can someone give me some hints how to configure Alfresco behind a webproxy (Watchguard)?</P><P></P><UL><LI>The communication between alfresco tomcat and webproxy should be non encrypted to improve performance.</LI><LI>The communication between client and webproxy is secured by SSL.</LI><LI>On the webproxy I have enabled TLS/SSL offload, port 80 and port 443 are redirected to port 8080 on the tomcat which is not encrypted.</LI></UL><P>Trying to change the filename or the description, when I use SSL in my broweser results in the following error log:</P><BLOCKQUOTE class="jive_macro_quote jive-quote jive_text_macro"><P>2019-09-05 09:16:18,089 INFO&nbsp; [org.springframework.extensions.webscripts.servlet.CSRFFilter] [http-nio-8080-exec-44] Possible CSRF attack noted when asserting referer header 'https://files.*/share/page/site/management/document-details?nodeRef=workspace://SpacesStore/03ee7d34-94d6-49d4-92c6-f15131398eea'. Request: POST /share/proxy/alfresco/slingshot/doclib/activity<BR />2019-09-05 09:16:18,089 ERROR [org.alfresco.web.site] [http-nio-8080-exec-44] javax.servlet.ServletException: Possible CSRF attack noted when asserting referer header 'https://files.*share/page/site/management/document-details?nodeRef=workspace://SpacesStore/03ee7d34-94d6-49d4-92c6-f15131398eea'. Request: POST /share/proxy/alfresco/slingshot/doclib/activity, FAILED TEST: Assert referer POST /share/proxy/alfresco/slingshot/doclib/activity :: referer: 'https://</P></BLOCKQUOTE><P>Performing the same operation if I do not use SSL in the browser succeeds. I understand the error message, but I do not know how to change the configuration that I do not need to use https on the tomcat if using ssl when connecting to the webproxy.</P><P></P><P>Thanks,</P><P>Florian</P></BODY></HTML> Thu, 05 Sep 2019 07:36:19 GMT nettania 2019-09-05T07:36:19Z https://connect.hyland.com/t5/alfresco-forum/best-practize-to-configure-alfresco-behind-a-webproxy/m-p/114925#M31909 Hi,can someone give me some hints how to configure Alfresco behind a webproxy (Watchguard)?The communication between alfresco tomcat and webproxy should be non encrypted to improve performance.The communication between client and webproxy is secured by SSL.On the webproxy I have enabled TLS/SSL offl Thu, 05 Sep 2019 07:36:19 GMT https://connect.hyland.com/t5/alfresco-forum/best-practize-to-configure-alfresco-behind-a-webproxy/m-p/114925#M31909 nettania 2019-09-05T07:36:19Z https://connect.hyland.com/t5/alfresco-forum/best-practize-to-configure-alfresco-behind-a-webproxy/m-p/114926#M31910 <HTML><HEAD></HEAD><BODY><P>Hi Florian,</P><P>I don't have experience with Watchguard but there are some points which are more or less generic:</P><UL><LI>tomcat needs to know the hostname (<CODE class="">proxyName</CODE>), port (<CODE class="">proxyPort</CODE>) and protocol the end user called you could<UL><LI>pass protocol and host in header variables to be mapped on tomcat in tomcat you could use RemoteIpValve to automatically map IP, host and protocol</LI><LI>hard code protocol, host, port by defining multiple tomcat connectors setting scheme, proxyPort in the connector attributes</LI></UL></LI><LI>in alfresco-global.properties the value of share.host will be whitelisted in the Alfresco Share "CSRF Token Filter". Please read <A class="link-titled" href="https://docs.alfresco.com/6.1/concepts/csrf-policy.html" title="https://docs.alfresco.com/6.1/concepts/csrf-policy.html" rel="nofollow noopener noreferrer">Cross-Site Request Forgery (CSRF) filters for Share | Alfresco Documentation</A> to understand how to configure/change the behavior of that filter.</LI></UL></BODY></HTML> Thu, 05 Sep 2019 08:26:48 GMT https://connect.hyland.com/t5/alfresco-forum/best-practize-to-configure-alfresco-behind-a-webproxy/m-p/114926#M31910 heiko_robert 2019-09-05T08:26:48Z