We're Hiring!

Apache proxy and CSRF protection

Having a problem deploying OMERO? Please ask new questions at https://forum.image.sc/tags/omero
Please note:
Historical discussions about OMERO. Please look for and ask new questions at https://forum.image.sc/tags/omero

The OMERO.server installation documentation begins here and you can find OMERO.web deployment documentation here.

Apache proxy and CSRF protection

Postby rob.pumphrey » Mon Nov 21, 2016 4:43 pm

Hi,

I am trying to configure an OMERO instance (5.2.5 / ice 35) to run behind an Apache Proxy. I am unable to login to the app via the web and see the error.

Code: Select all
Go back to OMERO.web
Forbidden (403)
CSRF Error. You don't have permission to access this page on this server.


The setup is like this:

https://public.example.com - uses apache 2.4 & mod_proxy with
ProxyPass / https://private.example.com/
ProxyPassReverse / https://private.example.com/

https://private.example.com - uses apache 2.4 and wsgi to connect to OMERO.web

I am able to login to https://private.example.com
When I try to login to https://public.example.com, I see the CSRF error.

Other web apps we have on the same host operate, so I am happy that the proxing is operating correctly.

Relevant output from
./bin/omero config list
Code: Select all
jnlp.omero.host=myhostname.example.com
omero.web.application_server=wsgi
omero.web.application_server.host=public.example.com
omero.web.prefix=/omero
omero.web.static_url=/omero/static/


Any assistance in resolving this would be gratefully recieved.

Regards

Rob
rob.pumphrey
 
Posts: 7
Joined: Fri Mar 14, 2014 3:23 pm

Re: Apache proxy and CSRF protection

Postby atarkowska » Mon Nov 21, 2016 5:00 pm

Hi Rob,

I think it is missing https://www.openmicroscopy.org/site/sup ... arded-host, and remember about https://www.openmicroscopy.org/site/sup ... ssl-header

Here is entire Django chapter https://docs.djangoproject.com/en/1.8/r ... ssl-header if you need more background

Ola
atarkowska
 
Posts: 327
Joined: Mon May 18, 2009 12:44 pm

Re: Apache proxy and CSRF protection

Postby rob.pumphrey » Thu Nov 24, 2016 11:50 am

Perfect, thank you.

setting
Code: Select all
omero.web.use_x_forwarded_host=true

has fixed the problem.
rob.pumphrey
 
Posts: 7
Joined: Fri Mar 14, 2014 3:23 pm


Return to Installation and Deployment

Who is online

Users browsing this forum: No registered users and 1 guest

cron