Apache proxy and CSRF protection
Posted: Mon Nov 21, 2016 4:43 pm
Hi,
I am trying to configure an OMERO instance (5.2.5 / ice 35) to run behind an Apache Proxy. I am unable to login to the app via the web and see the error.
The setup is like this:
https://public.example.com - uses apache 2.4 & mod_proxy with
ProxyPass / https://private.example.com/
ProxyPassReverse / https://private.example.com/
https://private.example.com - uses apache 2.4 and wsgi to connect to OMERO.web
I am able to login to https://private.example.com
When I try to login to https://public.example.com, I see the CSRF error.
Other web apps we have on the same host operate, so I am happy that the proxing is operating correctly.
Relevant output from
./bin/omero config list
Any assistance in resolving this would be gratefully recieved.
Regards
Rob
I am trying to configure an OMERO instance (5.2.5 / ice 35) to run behind an Apache Proxy. I am unable to login to the app via the web and see the error.
- Code: Select all
Go back to OMERO.web
Forbidden (403)
CSRF Error. You don't have permission to access this page on this server.
The setup is like this:
https://public.example.com - uses apache 2.4 & mod_proxy with
ProxyPass / https://private.example.com/
ProxyPassReverse / https://private.example.com/
https://private.example.com - uses apache 2.4 and wsgi to connect to OMERO.web
I am able to login to https://private.example.com
When I try to login to https://public.example.com, I see the CSRF error.
Other web apps we have on the same host operate, so I am happy that the proxing is operating correctly.
Relevant output from
./bin/omero config list
- Code: Select all
jnlp.omero.host=myhostname.example.com
omero.web.application_server=wsgi
omero.web.application_server.host=public.example.com
omero.web.prefix=/omero
omero.web.static_url=/omero/static/
Any assistance in resolving this would be gratefully recieved.
Regards
Rob