09-09-2014 06:49 AM
09-10-2014 04:12 PM
09-12-2014 04:26 AM
09-12-2014 08:07 AM
09-30-2014 11:35 AM
alfresco.port=80
share.port=80
<!– Configuration for Apache reverse proxy on localhost:8089 –>
<config evaluator="string-compare" condition="CSRFPolicy" replace="true">
<!–
Will be used and exposed to the client side code in Alfresco.contants.CSRF_POLICY.
Use the Alfresco.util.CSRFPolicy.getHeader() or Alfresco.util.CSRFPolicy.getParameter() with Alfresco.util.CSRFPolicy.getToken()
to set the token in custom 3rd party code.
–>
<client>
<cookie>Alfresco-CSRFToken</cookie>
<header>Alfresco-CSRFToken</header>
<parameter>Alfresco-CSRFToken</parameter>
</client>
<!– The first rule with a matching request will get its action invoked, the remaining rules will be ignored. –>
<filter>
<!–
Certain Surf POST requests form the WebScript console must be allowed to pass without a token since
the Surf WebScript console code can't be dependent on a Share specific filter.
–>
<rule>
<request>
<method>POST</method>
<path>^\/page\/caches\/dependency\/clear|^\/page\/index|^\/page\/surfBugStatus|^\/page\/modules\/deploy|^\/page\/modules\/module|^\/page\/api\/javascript\/debugger</path>
</request>
<action name="assertReferer">
<param name="always">false</param>
<param name="referer">http://IP_SERVIDOR/.*</param>
</action>
<action name="assertOrigin">
<param name="always">false</param>
<param name="origin">http://IP_SERVIDOR</param>
</action>
</rule>
<!– Certain Share POST requests does NOT require a token –>
<rule>
<request>
<method>POST</method>
<path>^/page/dologin.*|^\/page/site\/[^\/]+\/start-workflow|^\/page/start-workflow</path>
</request>
<action name="assertReferer">
<param name="always">false</param>
<param name="referer">http://IP_SERVIDOR/.*</param>
</action>
<action name="assertOrigin">
<param name="always">false</param>
<param name="origin">http://IP_SERVIDOR</param>
</action>
</rule>
<!– Clear the token when logging out –>
<rule>
<request>
<method>GET</method>
<path>^/page/dologout.*</path>
</request>
<action name="clearToken">
<param name="session">Alfresco-CSRFToken</param>
<param name="cookie">Alfresco-CSRFToken</param>
</action>
</rule>
<!– Make sure the first token is generated –>
<rule>
<request>
<session>
<attribute name="_alf_USER_ID">.*</attribute>
<attribute name="Alfresco-CSRFToken"/>
<!– empty attribute element indicates null –>
</session>
</request>
<action name="generateToken">
<param name="session">Alfresco-CSRFToken</param>
<param name="cookie">Alfresco-CSRFToken</param>
</action>
</rule>
<!– Refresh token on new "page" visit when a user is logged in –>
<rule>
<request>
<method>GET</method>
<path>^/page/.*</path>
<session>
<attribute name="_alf_USER_ID">.*</attribute>
<attribute name="Alfresco-CSRFToken">.*</attribute>
</session>
</request>
<action name="generateToken">
<param name="session">Alfresco-CSRFToken</param>
<param name="cookie">Alfresco-CSRFToken</param>
</action>
</rule>
<!– Verify multipart requests contains the token as a parameter and also correct referer & origin header if available –>
<rule>
<request>
<method>POST</method>
<header name="Content-Type">^multipart/.*</header>
<session>
<attribute name="_alf_USER_ID">.*</attribute>
</session>
</request>
<action name="assertToken">
<param name="session">Alfresco-CSRFToken</param>
<param name="parameter">Alfresco-CSRFToken</param>
</action>
<action name="assertReferer">
<param name="always">false</param>
<param name="referer">http://IP_SERVIDOR/.*</param>
</action>
<action name="assertOrigin">
<param name="always">false</param>
<param name="origin">http://IP_SERVIDOR</param>
</action>
</rule>
<!–
Verify there is a token in the header for remaining state changing requests and also correct
referer & origin headers if available. We "catch" all content types since just setting it to
"application/json.*" since a webscript that doesn't require a json request body otherwise would be
successfully executed using i.e. "text/plain".
–>
<rule>
<request>
<method>POST|PUT|DELETE</method>
<session>
<attribute name="_alf_USER_ID">.*</attribute>
</session>
</request>
<action name="assertToken">
<param name="session">Alfresco-CSRFToken</param>
<param name="header">Alfresco-CSRFToken</param>
</action>
<action name="assertReferer">
<param name="always">false</param>
<param name="referer">http://IP_SERVIDOR/.*</param>
</action>
<action name="assertOrigin">
<param name="always">false</param>
<param name="origin">http://IP_SERVIDOR</param>
</action>
</rule>
</filter>
</config>
<VirtualHost *:80>
ServerAdmin root@U0177633.ehu.es
ServerName Alfresco
ServerAlias AAA.BBB.com
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass /share http://localhost:28080/share
ProxyPassReverse /share http://localhost:28080/share
ProxyPass /alfresco http://localhost:28080/alfresco
ProxyPassReverse /alfresco http://localhost:28080/alfresco
ProxyPassReverseCookiePath / /
</VirtualHost>
Tags
Find what you came for
We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.