I have Grafana running under Microsoft Internet Information Services (IIS). IIS is configured with URL Rewrite as a Reverse Proxy. After upgrading Grafana from version 8 to version 9 this no longer works. The dashboards are visble but show no data, and there is a popup with the warning 'Origin not allowed'
Grafana was updated to prevent a CRSF vulnerability. As a result it now checks for the origin of the request which is supposed to be in the header, but by default this is not passed by the IIS proxy.
In the IIS manager, select Configuration Manager, go to section 'system.webServer.proxy', and set 'preserveHostHeader' to True.
Related
i need to enable https into sonarqube. I already have a keystore (JKS File), but i don't know how do this operation.
thanks!
You need to install a reverse proxy with proper TLS configuration.
Here are some information :
https://docs.sonarqube.org/display/SONAR/Securing+the+Server+Behind+a+Proxy
It might be possible for you to configure it according "Running SonarQube 5.2 Over HTTPS". Please take note for the know limitations:
Because Tomcat is embedded in SonarQube in a "black box" mode, only
few Tomcat parameters can be customised
Otherwise it will be necessary to "Secure the Server Behind a Proxy". In that case:
The reverse proxy must be configured to set the value
"X_FORWARDED_PROTO: https" in each HTTP request header. Without this
property, redirection initiated by the SonarQube server will fall back
on HTTP.
I´m running Microstrategy Desktop v. 10.5.0 on Windows 10 and I´m trying to build a few maps. I´m behind a HTTP proxy in the format
http_proxy=http://<user>:<password>#proxy.mycorp.com:8080
https_proxy=http://<user>:<password>#proxy.mycorp.com:8080
and every time I try to start a map I get the message
Unable to download the ESRI map. No Internet connection. You can configure an Internet proxy through you computer´s Settings.
The internet works for all other programs with the same proxy and the ESRI CDN links also work directly on the browser behind the proxy. If I connect to a network outside my work connection and disable the proxy the maps work. Is there a way to make Microstrategy Desktop work behind a proxy?
Can you please look into the following link, You have to check with your network admins and request them to unblock some websites and ports.
https://community.microstrategy.com/t5/Clients-Interfaces/Sporadic-issues-with-ESRI-maps-in-Desktop-10-with-proxy-setting/td-p/248444
We faced the same issue, and we requested our network admin team to do the following :
For simpicity, you could open below configuration in the firewall:
Ports 443 , 80 and 6080
*.arcgis.com, *.esri.com and *.arcgisonline.com
Starting with MicroStrategy Analytics Enterprise 9.4.1 Hotfix 6 and in MicroStrategy 10.X, users are able to configure MicroStrategy Web to send HTTP request to ESRI via internal proxy servers. The following provides the details
Un-authenticated proxy :
If the proxy server does not require authentication, user can go to Web Administration security page and configure the following settigs
Go to Web Administration --> Security Page.
Check "Enable HTTP proxy server"
Fill out the Server address and Server port
enter image description here
Authenticated proxy server
It the proxy server requires authentication , User will need to add in the esriconfig.xml file located under plugins\ConnectorForESRIMap\WEB-INF\xml\config (see sample below).
Note: Restart the web server after this change
<ec> <apps clientToken="true"> <key><![CDATA[------]]></key></apps></ec>
I'm in the process of configuring the WSO2 IS 5.0.0 Dashboard. I've followed this previous post to configure the gadgets: Cannot see any option in WSO2 Identity Server dashboard
since they weren't showing up/displaying properly.
In the config files though everything is HTTP. I plan on using a proxy and having everything behind HTTPS. Therefore, I'd like everything in the config files to be HTTPS.
I tried changing everything in the the config files mentioned in the above link to HTTPS and included port 9443, but when I go to the dashboard the gadgets are missing. I also tried leaving off the 9443 and just having https://ip-address/.... but it the gadgets and everything will not show up.
Are there additional files, other than the ones mentioned in the link, that need to be configured? Is it possible to have it set as https or can it only be http?
The issue you have mentioned in the previous post has been fixed in IS 5.1.0 and there are lot of improvements shipped with this version. Now you will be able to access all your gadgets via HTTPS without configuring in all the mentioned files. By default the dashboard and all the gadgets will be accessible through HTTPS protocol. But you can configure it by changing only in a single file now [1].
You can download the IS 5.1.0 from [2]
[1] {IS_HOME}/repository/conf/identity/sso-idp-config.xml
[2] http://wso2.com/products/identity-server/
I'm using the AJAX Test Server in Rational Application Developer. I'm posting a form to another host for authentication. That host takes a URL to redirect to after authentication. However, it insists on using HTTPS whenever it sends the 302 response. The low hanging fruit would be to just use HTTPS locally.
Looking at the launch configuration, the AJAX Test Server appears to be a custom Apache HttpCore server. I haven't spotted anything in the configuration guide.
Is there a way to access this test server via HTTPS?
This is for demo and local development purposes; not production.
Speaking from working with WAS (WebSphere Application Server) in RAD, I'm pretty sure the answer would be yes. The server (at least with WAS) has both secure and "unsecure" ports.
What I have noticed is that when the server is built with the install (at least with the newer versions of the products 7.5+), the ports used are different per install. This is to help with not conflicting with other applications that may use those ports.
So https is probably fine. You just may have to use it over port 302 or some other port.
If there is no admin console for viewing your ports, you could always try the Window | Preferences option under your menu items. Sometimes IBM hides server config stuff in there.
We have successfully deployed a LightSwitch app in a web server IIS 7. The app works perfectly when accessed via the internal IP (http://servername), but when it is done via the external IP (https://www.example.com), the queries don't work. It does fetch ALL data but if something is entered in search fields the query fails, it shows data
fields with a red X.
Fiddler shows the following info:
<LI id=L_defaultr_12>Error Code: 500 Internal Server Error. The request was rejected by the HTTP filter. Contact the server administrator. (12217)
And the screen looks like this:
Any suggestion on how to trace this problem would be greatly appreciated.
I found the problem was caused by the ISA server blocking high-bit characters. When you configure HTTP filtering to block high-bit characters, URLs that contain characters from a double-byte character set (DBCS) or URLs that contain Latin 1 characters are blocked
The solution:
Configure the Web publishing rule so that it does not block high-bit characters. To do this, follow these steps:
1. Start the ISA Server or Microsoft Forefront Threat Management Gateway, Medium Business Edition Management tool.
2. Expand ServerName, where ServerName is the name of your ISA Server or Microsoft Forefront Threat Management Gateway, Medium Business Edition computer.
3. Click Firewall Policy, click the Web publishing rule that you created to publish the Exchange Server computer for access by OWA users, and then click Edit Selected Rule.
4. Click the Traffic tab, click Filtering, and then click Configure HTTP.
5. Click to clear the Block high-bit characters check box, and then click OK two times.
6. Click Apply to update the firewall policy, and then click OK.