Im trying to create a webchat using Jabber. I have installed Openfire and i can login to the admin panel at :9090 so the server is running.
Now when using strophe.js basic example, coming with strophe.js i get this error:
5XMLHttpRequest cannot load http://jabber.xxx.dk:7070/http-bind/. Origin http://jabber.xxx.dk is not allowed by Access-Control-Allow-Origin.
How can i allow the domain?
Thanks to #SamGoody for pointing this out. As of version 3.8.0, OpenFire now supports1 CORS[2], which is needed for your use case. To enable it, go to the OpenFire admin console, Server, Server Settings, HTTP Binding tab. Ensure that "Provides support for CORS (Cross-Origin Resource Sharing)" is Enabled, with a domain list of * (these are the defaults).
If it doesn't work even after enabling CORS in Openfire and changing the domain policy to accept all, then check your URL for Openfire. You may need to add '/' at the end (e.g. 'http://dimain:7070/http-bind/').
Without the slash it didn't work for me.
Another option is to setup your apache server to proxy port 7070 so you're not dealing with cross-domain issues per se. The code for that looks something like this inside of your httpd.conf file:
ProxyRequests Off
ProxyPass /http-bind http://127.0.0.1:7070/http-bind/
ProxyPassReverse /http-bind http://127.0.0.1:7070/http-bind/
If you log in to the admin panel, go to the Server Settings tab, then to HTTP Bindings, check both options (HTTP Binding and Script Syntax) are set to Enabled
I had faced same issue and come to know that port was not open for access.
Though it browser says it is CORS Access-Control-Allow-Origin issue.
This is sometimes open port issue. Please make sure http bind port is open and can be accessible over tcp on system your are testing.
Related
I configure my Alfresco instance to be in a sub-URI (www.example.com/prefix/alfresco , www.example.com/prefix/alfresco/share) and all looks to be fine except that I can't log in Shared. The Catalina.out log this error:
ERROR [alfresco.web.site] [http-apr-28080-exec-10]
javax.servlet.ServletException: Possible CSRF attack noted when
asserting referer header
'http://www.example.com/prefix/alfresco/share/page/'. Request: POST
/prefix/alfresco/share/page/dologin, FAILED TEST: Assert referer POST
/prefix/alfresco/share/page/dologin :: referer:
'http://www.example.com/prefix/alfresco/share/page/' vs server &
context: http://10.140.8.144/ (string) or (regexp)
Then the browser show me this page (www.example.com/prefix/alfresco/share/dologin):
Something's wrong with this page...
We may have hit an error or something might have been removed or
deleted, so check that the URL is correct.
Alternatively you might not have permission to view the page (it could
be on a private site) or there could have been an internal error. Try
checking with your Alfresco administrator.
If you're trying to get to your home page and it's no longer available
you should change it by clicking your name on the Alfresco toolbar.
I tried to deactivate the CSRF filter in share-config-custom.xml, but then I can't log and I don't have any message in the log, the login page show:
Your authentication details have not been recognized or Alfresco may
not be available at this time.
My apache conf:
ProxyPass /prefix/alfresco
http://10.140.8.144:28080/prefix/alfresco ProxyPassReverse
/prefix/alfresco http://10.140.8.144:28080/prefix/alfresco
ProxyPass /prefix/alfresco/share
http://10.140.8.144:28080/prefix/share ProxyPassReverse
/prefix/alfresco/share http://10.140.8.144:28080/prefix/share
I could log before configure Alfresco for work in the reverse proxy.
There is no need to deactivate the CSRF filter. If you changed the context path as described in the documentation you need to make sure that the tomcat connector "knows" the outside context (hostname, port, context).
Either
set proxyName and proxyPort
set RemoteIpValve in tomcat server.xml and set required proxy header
variables in apache (x-forwarded-for, x-forwarded-by,
x-forwarded-proto)
use proxy_ajp instead of proxy_http and define a ajp connector in
tomcat
I'm trying to create a proxy on my Apache2 web server. It's not really pertinent to the question, but I have a Raspberry Pi running a music player with an HTTP interface attached to an unrestricted internet connection. I want to be able to control the music from a work machine which is behind a content filter that blocks Spotify.
Client ---> Content Filter ----> My proxy ---> Unblocked target server
|
|
/
Blocked content
I want clients to be able to connect to my proxy server and view the pages on my unblocked target server. I am currently able to do this using the following code in my VirtualHost section:
<Location "/foo">
ProxyPass "http://targetserver/bar"
Order allow,deny
Allow from all
</Location>
This allows me to see the page when I visit http://myproxy/foo but it doesn't load completely. I know that this is from content that is being blocked by a content filter that I cannot influence.
How do I configure my Apache2 proxy server to also forward the content that the client would normally receive from external servers? I want my proxy server to provide all the content to the client for this web interface opaquely.
Thanks in advance for your time.
Solved it!
I needed to proxy the websockets as well. Adding the following lines worked:
ProxyPass /foo/ ws://targetserver/bar/
ProxyPassReverse /foo/ ws://targetserver/bar/
I've successfully configured Apache to listen over SSL/443 and proxy Tomcat listening on HTTP/8080. I have also set up basic authentication in Apache.
Once the user connects to my Tomcat servlet, will the HttpServletRequest.getRemoteUser() be populated or null. If null, how might I get the remote user?
The simplest solution may be to use mod_proxy_ajp, which in addition to proxying requests also transfers a variety of metadata to Tomcat, including authentication information such as REMOTE_USER.
These docs for Alfresco discuss this configuration, which includes changes on both the Tomcat side (so that it knows to trust the forwarded authentication) and the Apache side.
If you're using a generic http proxy like mod_proxy, you would need to arrange for Apache to add the value of REMOTE_USER to the request (possibly as an X- header), and then arrange for your Tomcat application to recognize and trust that header (and you would obviously need to arrange for your front-end proxy to strip that header from any incoming requests).
I don't know how you would do this on the tomcat side, but this post seems to have some suggestions.
I needed to add
<Location />
Order allow,deny
Allow from all
RequestHeader unset Authorization
</Location>
to the wrapping location, the RequestHeader being the specialty that fixed it.
I found this (again) via http://codeblow.com/questions/remove-fundamental-authentication-header-with-apache-mod-proxy/ - don't know where I originally found it last year, it was a last measure for some security issue.
so far I developed completey locally, having everything (Apache, Openfire, JSJaC application) on my laptop, running quite fine. Now I want to use remote server for Apache/Openfire. I did basically the same steps, incl. the whole http-bind stuff. I test the setting with simpleclient.html provided by JSJaC.
Now here's the deal, if I use the simpleclient directly on the remote server - e.g., http://here.domain.org/simpleclient.html - it works. If I use it locally - e.g., http://[local_machine]/simpleclient.html - and with the same settings I get an 503 (service unavailable). It seems to be more a network/Apache issue than Openfire/JSJaC one, but I'm not an expert.
My parameters for the simpleclient:
HTTP Base: http://here.domain.org/http-bind/
JabberServer: here.domain.org
So in my apache virtual host conf file I have the lines:
AddDefaultCharset UTF-8
ProxyReqests On
ProxyPass /http-bind/ http://127.0.0.1:7070/http-bind/
So basically the http bind works since I can connect when the simpleclient.html resides on the server. What I tried so far:
checked if 7070 open from extern: yes
checked etc/hosts - here the relevant lines
127.0.0.1 localhost
123.123.123.123 here.domain.org here
checked Apache conf for restrictions: can't find any, basically i have an "Allow from all" everywhere (but I'm not completely sure where to look at)
By the way, with,e.g., Pidgin I can connect from my laptop to the remote server. Just the JSJaC simpleclient won't do. So I assume it's the http-bind that causes the trouble. I would understand if port 7070 weren't open, but it is.
Any hints or help are much appreciated!
Christian
Ok, I got it. It was a cross-domain scripting issue. I started looking into the JSJaC library and noticed that it makes XmlHttpRequests which by default won't work across different domains. I therefore had to allow this with Apache on the Openfire-Server. I added the follwing entries in the VirtualHost conf file:
Header always set Access-Control-Allow-Origin "*"
Header always set Access-Control-Methods "POST, GET, OPTIIONS"
Header always set Access-Control-Allow-Credentials true
Header always set Access-Control-Allow-Headers "Content-Type, *"
Of course the mod_headers module must be loaded for this.
I'm not sure which entries are actually required, I didn't try every combinations. I think the always is needed since the request to the http-bind address is a proxy thingy.
I have installed apache HTTP server and after when i browse to localhost i am getting this error. Apache server is started. Port is configured to 80 and seems to be no one use it. I can't figure out what is the problem. Can someone?
Thanks.
The problem is that you're routing your localhost traffic through your upstream gateway proxy. The upstream gateway proxy refuses to send the traffic back, either because "localhost" has a different meaning to it, or because it's trying to prevent a security threat called "proxy bounceback." What URL are you using to access your site? Put that URL's hostname in your proxy exemption list.
Open the ISA server2006 and create a role and allow networks internal to allow internal and external .And restart the isa services .It will work fine
I tried this and it is working fine.