archiva-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Olivier Lamy <ol...@apache.org>
Subject Re: [VOTE] Apache Archiva 2.2.2
Date Tue, 25 Apr 2017 07:51:06 GMT
Hi
Yes it's behind a reverse proxy
logs says

2017-04-25 07:39:21,524 [qtp1564314458-63] WARN
org.apache.archiva.redback.rest.services.interceptors.RequestValidationInterceptor
[] - Referer Header Host does not match refererUrl=
https://archiva-repository.apache.org/archiva/index.html?request_lang=en,
targetUrl=http://archiva-repository.apache.org,
archiva-repository.apache.org

The security.properties contains

rest.baseUrl=https://archiva-repository.apache.org  (I tried with https as
well)

The referer header has value:
https://archiva-repository.apache.org/archiva/index.html?request_lang=en

Activating debug:

2017-04-25 07:49:00,570 [qtp749705282-29] DEBUG
org.apache.archiva.redback.rest.services.interceptors.RequestValidationInterceptor
[] - Referer Header URL found:
https://archiva-repository.apache.org/archiva/index.html?request_lang=en

2017-04-25 07:49:00,571 [qtp749705282-29] WARN
org.apache.archiva.redback.rest.services.interceptors.RequestValidationInterceptor
[] - Referer Header Host does not match refererUrl=
https://archiva-repository.apache.org/archiva/index.html?request_lang=en,
targetUrl=http://archiva-repository.apache.org,
archiva-repository.apache.org

2017-04-25 07:49:00,571 [qtp749705282-29] WARN
org.apache.archiva.redback.rest.services.interceptors.RequestValidationInterceptor
[] - HTTP Header check failed. Assuming CSRF attack.


Well I can disable that but I'd like to not have too many users complaining
:-)

On 25 April 2017 at 16:54, Martin Stockhammer <martin_s@apache.org> wrote:

> Hi,
>
> It's behind a reverse proxy or something similar?
> I think it's the request url. It is determined automatically. But you can
> set a redback configuration property.
> In security.properties set
> rest.baseUrl=http://archiva-repository.apache.org
>
> Cheers
>
> Martin
>
>
> Am 25. April 2017 01:59:29 MESZ schrieb Olivier Lamy <olamy@apache.org>:
>>
>> Hi Martin,
>> Thanks for your effort with the release!!
>> Works fine locally, all sigs are ok!
>> I installed the version for https://archiva-repository.apache.org/archiva/
>> but I have a problem as cannot log anymore because some REST resources are
>> marked as 403.
>> In this particular case:
>> https://archiva-repository.apache.org/archiva/restServices/archivaServices/commonServices/getAllI18nResources
>> Any idea?
>>
>> On 24 April 2017 at 05:01, Martin <martin_s@apache.org> wrote:
>>
>>  Hi,
>>>
>>>  I think I now have everything ready and I'd like to release Apache Archiva
>>>  2.2.2
>>>
>>>  Note this vote include some parent poms, and redback core.
>>>
>>>  We fixed these issues:
>>>  https://issues.apache.org/jira/secure/ReleaseNote.jspa?
>>>  projectId=12316920&version=12335832
>>>
>>>  The staging repository is available here:
>>>  https://archiva-repository.apache.org/archiva/repository/
>>>  archiva-releases-stage/
>>>
>>>  Dist artifacts here: https://dist.apache.org/repos/dist/dev/archiva/
>>>
>>>  Vote open for 72H
>>>  [+1]
>>>  [0]
>>>  [-1]
>>>
>>>  Greetings
>>>  --
>>>  Martin Stockhammer
>>
>>
>>
>>
>>
> --
> Diese Nachricht wurde von meinem Android-Gerät mit K-9 Mail gesendet.
>



-- 
Olivier Lamy
http://twitter.com/olamy | http://linkedin.com/in/olamy

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message