[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[EP-tech] Configuring Azure Web Application Firewall (WAF) for eprints



Hi Francis,

I don't have any significant knowledge about Azure WAF but EPrints 
should only require TCP ports 80 and 443 to be open to be fully 
functional.? (In some configurations only port 443 or 80 need be open).? 
You have tried turning off SELinux which rules out one potential issue.? 
My suspicion is that the Azure WAF might cause the apparent IP address 
of the connecting user to change between requests.? This would be 
supported by you saying that you seem to get logged out.? EPrints can be 
configured to not enforce the IP address being maintained during a 
session with the following configuration option in a configuration file 
in your archive's cfg/cfg.d/ directory:

$c->{ignore_login_ip} = 1;

and then reloading the Apache webserver.? If this does not help it is 
worth checking the error logs in /var/log/httpd/ to see if there is any 
obvious problem.? You want to check both error_log and ssl_error_log.? 
It may also be worth checking access_log and ssl_access_log whilst you 
are attempting to upload files to see if you can find any unexpected 
HTTP codes in the responses to your requests.

Regards

David Newman

On 12/09/2020 15:23, Francis Jayakanth via Eprints-tech wrote:
> Hi, I would like to know if any of you have configured Azure WAF to
> run an eprints 3.4 instance? If so, please share your experience in
> resolving the issue we are having in configuring WAF for eprints.
>
> Our network support team has implemented WAF for eprints, After the
> WAF implementation, we are unable to upload files of any format into
> the repository, and eprints logs out automatically when the uploading
> fails.
>
> For the sake of testing, we even tried turning off SELinux, but it doesn' help.
>
> We are running eprints version 3.4.1 eps on Centos 7
>
> I would greatly appreciate it if someone guides me in resolving the issue.
>
> Thanks and regards, Francis
> *** Options: http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech
> *** Archive: https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.eprints.org%2Ftech.php%2F&data=01%7C01%7C%7C75828fc3039e461a28e808d85742dd79%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&sdata=l2%2BWdyHxSEfTzHdLXcJCfTvQE0dXGVqkCJSlvrmUzhU%3D&reserved=0
> *** EPrints community wiki: https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwiki.eprints.org%2F&data=01%7C01%7C%7C75828fc3039e461a28e808d85742dd79%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&sdata=fX2736N6tJH3VWkniMZELCnymLH%2BKcle43eilzvwi0s%3D&reserved=0

-- 
This email has been checked for viruses by AVG.
https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.avg.com%2F&data=01%7C01%7C%7C75828fc3039e461a28e808d85742dd79%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&sdata=ftFr8T%2BSCWIQKRZGNxi8WNC3UdlJMcYtfJ3ZDnWuitI%3D&reserved=0