04-28-2015 10:39 AM
NameVirtualHost *
<VirtualHost *>
ServerName myserver.yyy.co.uk
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass / ajp://localhost:8009/
ProxyPassReverse / ajp://localhost:8009/
<Location />
Order allow,deny
Allow from all
</Location>
</VirtualHost>
JkMount /samples/* worker1
JkMount /alfresco/* worker1
JkMount /share/* worker1
# Tomcat Integration settings
JkWorkersFile conf/workers.properties
JkLogFile logs/mod_jk.log
JkShmFile logs/mod_jk.shm
JkLoglevel info
JkLogStampFormat "[%a %b %d %H:%M:%S %Y]"
04-28-2015 12:40 PM
04-29-2015 06:24 AM
05-01-2015 11:18 AM
05-08-2015 10:53 AM
<VirtualHost *:443>
ServerName collab2
SSLEngine on
SSLCertificateKeyFile /etc/httpd/ssl/collab2-private.key
SSLCertificateFile /etc/httpd/ssl/collab2.crt
SSLCACertificateFile /etc/httpd/ssl/certchain.crt
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
SSLProtocol all -SSLv2
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn
#ProxyPass /paste http://localhost/paste/
#ProxyPassReverse /paste http://localhost/paste/
RequestHeader set X-Forwarded-Proto "https"
ProxyPass / http://collab2:8080/
ProxyPassReverse / http://collab2:8080/
ProxyTimeout 300
SSLProxyEngine on
<Proxy *>
allow from all
</Proxy>
</VirtualHost>
05-08-2015 11:48 AM
<alfresco-config>
<!– Example config to turn off the CSRF filter
<config evaluator="string-compare" condition="CSRFPolicy" replace="true">
<filter/>
</config>–>
<!– Configuration for Apache reverse proxy on localhost:8089 –>
<config evaluator="string-compare" condition="CSRFPolicy" replace="true">
<!–
Will be used and exposed to the client side code in Alfresco.contants.CSRF_POLICY.
Use the Alfresco.util.CSRFPolicy.getHeader() or Alfresco.util.CSRFPolicy.getParameter() with Alfresco.util.CSRFPolicy.getToken()
to set the token in custom 3rd party code.
–>
<client>
<cookie>Alfresco-CSRFToken</cookie>
<header>Alfresco-CSRFToken</header>
<parameter>Alfresco-CSRFToken</parameter>
</client>
<!– The first rule with a matching request will get its action invoked, the remaining rules will be ignored. –>
<filter>
<!–
Certain Surf POST requests form the WebScript console must be allowed to pass without a token since
the Surf WebScript console code can't be dependent on a Share specific filter.
–>
<rule>
<request>
<method>POST</method>
<path>^\/page\/caches\/dependency\/clear|^\/page\/index|^\/page\/surfBugStatus|^\/page\/modules\/deploy|^\/page\/modules\/module|^\/page\/api\/javascript\/debugger</path>
</request>
<action name="assertReferer">
<param name="always">false</param>
<param name="referer">https://FQDN.ca/.*</param>
</action>
<action name="assertOrigin">
<param name="always">false</param>
<param name="origin">https://FQDN</param>
</action>
</rule>
<!– Certain Share POST requests does NOT require a token –>
<rule>
<request>
<method>POST</method>
<path>^/page/dologin.*|^\/page/site\/[^\/]+\/start-workflow|^\/page/start-workflow</path>
</request>
<action name="assertReferer">
<param name="always">false</param>
<param name="referer">https://FQDN/.*</param>
</action>
<action name="assertOrigin">
<param name="always">false</param>
<param name="origin">https://FQDN</param>
</action>
</rule>
<!– Clear the token when logging out –>
<rule>
<request>
<method>GET</method>
<path>^/page/dologout.*</path>
</request>
<action name="clearToken">
<param name="session">Alfresco-CSRFToken</param>
<param name="cookie">Alfresco-CSRFToken</param>
</action>
</rule>
<!– Make sure the first token is generated –>
<rule>
<request>
<session>
<attribute name="_alf_USER_ID">.*</attribute>
<attribute name="Alfresco-CSRFToken"/>
<!– empty attribute element indicates null –>
</session>
</request>
<action name="generateToken">
<param name="session">Alfresco-CSRFToken</param>
<param name="cookie">Alfresco-CSRFToken</param>
</action>
</rule>
<!– Refresh token on new "page" visit when a user is logged in –>
<rule>
<request>
<method>GET</method>
<path>^/page/.*</path>
<session>
<attribute name="_alf_USER_ID">.*</attribute>
<attribute name="Alfresco-CSRFToken">.*</attribute>
</session>
</request>
<action name="generateToken">
<param name="session">Alfresco-CSRFToken</param>
<param name="cookie">Alfresco-CSRFToken</param>
</action>
</rule>
<!– Verify multipart requests contains the token as a parameter and also correct referer & origin header if available –>
<rule>
<request>
<method>POST</method>
<header name="Content-Type">^multipart/.*</header>
<session>
<attribute name="_alf_USER_ID">.*</attribute>
</session>
</request>
<action name="assertToken">
<param name="session">Alfresco-CSRFToken</param>
<param name="parameter">Alfresco-CSRFToken</param>
</action>
<action name="assertReferer">
<param name="always">false</param>
<param name="referer">https://FQDN/.*</param>
</action>
<action name="assertOrigin">
<param name="always">false</param>
<param name="origin">https://FQDN</param>
</action>
</rule>
<!–
Verify there is a token in the header for remaining state changing requests and also correct
referer & origin headers if available. We "catch" all content types since just setting it to
"application/json.*" since a webscript that doesn't require a json request body otherwise would be
successfully executed using i.e. "text/plain".
–>
<rule>
<request>
<method>POST|PUT|DELETE</method>
<session>
<attribute name="_alf_USER_ID">.*</attribute>
</session>
</request>
<action name="assertToken">
<param name="session">Alfresco-CSRFToken</param>
<param name="header">Alfresco-CSRFToken</param>
</action>
<action name="assertReferer">
<param name="always">false</param>
<param name="referer">FQDN/.*</param>
</action>
<action name="assertOrigin">
<param name="always">false</param>
<param name="origin">https://FQDN.ca</param>
</action>
</rule>
</filter>
</config>
</alfresco-config>
Tags
Find what you came for
We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.