[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[EP-tech] Configuring Azure Web Application Firewall (WAF) for eprints
- Subject: [EP-tech] Configuring Azure Web Application Firewall (WAF) for eprints
- From: drn at ecs.soton.ac.uk (David R Newman)
- Date: Sat, 12 Sep 2020 18:39:55 +0100
- In-reply-to: <EMEW3|65f88bf88e9a67f549da48e96adf1bc1w8BFNf14eprints-tech-bounces|ecs.soton.ac.uk|CAAVv=LQpiwNmnDNesayrk5NHw1wTRYB13c=Y2XiuhPO5yE_-xg@mail.gmail.com>
- References: <CAAVv=LQpiwNmnDNesayrk5NHw1wTRYB13c=Y2XiuhPO5yE_-xg@mail.gmail.com> <CAAVv=LQpiwNmnDNesayrk5NHw1wTRYB13c=Y2XiuhPO5yE_-xg@mail.gmail.com> <EMEW3|65f88bf88e9a67f549da48e96adf1bc1w8BFNf14eprints-tech-bounces|ecs.soton.ac.uk|CAAVv=LQpiwNmnDNesayrk5NHw1wTRYB13c=Y2XiuhPO5yE_-xg@mail.gmail.com> <5bb60ee8-0171-ab7d-e692-0dc871ab6267@ecs.soton.ac.uk>
Hi Francis,
I don't have any significant knowledge about Azure WAF but EPrints
should only require TCP ports 80 and 443 to be open to be fully
functional.? (In some configurations only port 443 or 80 need be open).?
You have tried turning off SELinux which rules out one potential issue.?
My suspicion is that the Azure WAF might cause the apparent IP address
of the connecting user to change between requests.? This would be
supported by you saying that you seem to get logged out.? EPrints can be
configured to not enforce the IP address being maintained during a
session with the following configuration option in a configuration file
in your archive's cfg/cfg.d/ directory:
$c->{ignore_login_ip} = 1;
and then reloading the Apache webserver.? If this does not help it is
worth checking the error logs in /var/log/httpd/ to see if there is any
obvious problem.? You want to check both error_log and ssl_error_log.?
It may also be worth checking access_log and ssl_access_log whilst you
are attempting to upload files to see if you can find any unexpected
HTTP codes in the responses to your requests.
Regards
David Newman
On 12/09/2020 15:23, Francis Jayakanth via Eprints-tech wrote:
> Hi, I would like to know if any of you have configured Azure WAF to
> run an eprints 3.4 instance? If so, please share your experience in
> resolving the issue we are having in configuring WAF for eprints.
>
> Our network support team has implemented WAF for eprints, After the
> WAF implementation, we are unable to upload files of any format into
> the repository, and eprints logs out automatically when the uploading
> fails.
>
> For the sake of testing, we even tried turning off SELinux, but it doesn' help.
>
> We are running eprints version 3.4.1 eps on Centos 7
>
> I would greatly appreciate it if someone guides me in resolving the issue.
>
> Thanks and regards, Francis
> *** Options: http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech
> *** Archive: https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.eprints.org%2Ftech.php%2F&data=01%7C01%7C%7C75828fc3039e461a28e808d85742dd79%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&sdata=l2%2BWdyHxSEfTzHdLXcJCfTvQE0dXGVqkCJSlvrmUzhU%3D&reserved=0
> *** EPrints community wiki: https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwiki.eprints.org%2F&data=01%7C01%7C%7C75828fc3039e461a28e808d85742dd79%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&sdata=fX2736N6tJH3VWkniMZELCnymLH%2BKcle43eilzvwi0s%3D&reserved=0
--
This email has been checked for viruses by AVG.
https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.avg.com%2F&data=01%7C01%7C%7C75828fc3039e461a28e808d85742dd79%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&sdata=ftFr8T%2BSCWIQKRZGNxi8WNC3UdlJMcYtfJ3ZDnWuitI%3D&reserved=0