EPrints Technical Mailing List Archive
See the EPrints wiki for instructions on how to join this mailing list and related information.
Message: #08326
< Previous (by date) | Next (by date) > | < Previous (in thread) | Next (in thread) > | Messages - Most Recent First | Threads - Most Recent First
Re: [EP-tech] Configuring Azure Web Application Firewall (WAF) for eprints
- To: eprints-tech@ecs.soton.ac.uk
- Subject: Re: [EP-tech] Configuring Azure Web Application Firewall (WAF) for eprints
- From: Francis Jayakanth <fjayakanth@gmail.com>
- Date: Fri, 18 Sep 2020 16:52:07 +0530
Hi< David, Thanks a lot for your valuable inputs. We were able to resolve both the issues - one concerning auto log out and the other not being able to upload files. The first issue was resolved after the inclusion of a configuration option, $c->{ignore_login_ip} = 1: in a configuration file in the archive's cfg/cfg.d/ directory. The file upload issue persisted because there are symbolic links in the /ARCHIVENAME/documents/ folder. After changing the SELinux contexts for the folders referred to by the symbolic links, the file upload issue was resolved. Thanks and regards, Francis On Mon, Sep 14, 2020 at 4:54 PM Francis Jayakanth via Eprints-tech <eprints-tech@ecs.soton.ac.uk> wrote: > > Hi David, Thanks a lot for the prompt reply and for the possible > solution as well. The solution is bang-on. I created a file, > ingnore_login_ip.pl, and inserted the statement, $c->{ignore_login_ip} > = 1; in that file, and restarted the httpd server. The action solved > the issue of auto log out, but I was still unable to upload a file. > Apache error log file was complaining about the permission issue: > > Failed to mkdir /documents/disk7/00/06/29/35/01: Permission denied > > I was quite sure that the above issue was related SELinux > configuration. I disabled SELinux, and I am now able to upload files. > > I followed the instructions related to changing directory permissions > and SELinux contexts available here, > https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwiki.eprints.org%2Fw%2FEPrints_and_SELinux&data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7Cdda9e65346f947a5652a08d85bc4e90e%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&sdata=8ZJWO18ekXi1UAasyga2LATY4S60zqhCdPJwu5dnci8%3D&reserved=0 , and enabled SELinux > by setting SELINUX=enforcing. Upon enabling SELinux, I'm again able to > upload file. The Apache error log reports, Unable to write to > /opt/eprints3/ > archives/iisceprints/documents/disk7/00/06/29/35/01/baccelli1989.pdf: > Permission denied > > Can you please let me know what else needs to be done. > > Btw, everything was working fine before moving Eprints behind the WAF. > > Thanks and regards, Francis > > On Sat, Sep 12, 2020 at 11:10 PM David R Newman <drn@ecs.soton.ac.uk> wrote: > > > > Hi Francis, > > > > I don't have any significant knowledge about Azure WAF but EPrints > > should only require TCP ports 80 and 443 to be open to be fully > > functional. (In some configurations only port 443 or 80 need be open). > > You have tried turning off SELinux which rules out one potential issue. > > My suspicion is that the Azure WAF might cause the apparent IP address > > of the connecting user to change between requests. This would be > > supported by you saying that you seem to get logged out. EPrints can be > > configured to not enforce the IP address being maintained during a > > session with the following configuration option in a configuration file > > in your archive's cfg/cfg.d/ directory: > > > > $c->{ignore_login_ip} = 1; > > > > and then reloading the Apache webserver. If this does not help it is > > worth checking the error logs in /var/log/httpd/ to see if there is any > > obvious problem. You want to check both error_log and ssl_error_log. > > It may also be worth checking access_log and ssl_access_log whilst you > > are attempting to upload files to see if you can find any unexpected > > HTTP codes in the responses to your requests. > > > > Regards > > > > David Newman > > > > On 12/09/2020 15:23, Francis Jayakanth via Eprints-tech wrote: > > > Hi, I would like to know if any of you have configured Azure WAF to > > > run an eprints 3.4 instance? If so, please share your experience in > > > resolving the issue we are having in configuring WAF for eprints. > > > > > > Our network support team has implemented WAF for eprints, After the > > > WAF implementation, we are unable to upload files of any format into > > > the repository, and eprints logs out automatically when the uploading > > > fails. > > > > > > For the sake of testing, we even tried turning off SELinux, but it doesn' help. > > > > > > We are running eprints version 3.4.1 eps on Centos 7 > > > > > > I would greatly appreciate it if someone guides me in resolving the issue. > > > > > > Thanks and regards, Francis > > > *** Options: http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech > > > *** Archive: https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.eprints.org%2Ftech.php%2F&data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7Cdda9e65346f947a5652a08d85bc4e90e%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&sdata=7L3EWcMpO1gqGn6CNIHvbMg0YRdqVlktDhObP0hkSd8%3D&reserved=0 > > > *** EPrints community wiki: https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwiki.eprints.org%2F&data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7Cdda9e65346f947a5652a08d85bc4e90e%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&sdata=cQanHF483jC68sOOt%2FQA9rXd6EoqI7VUo9sTkgoi%2B%2F8%3D&reserved=0 > > > > -- > > This email has been checked for viruses by AVG. > > https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.avg.com%2F&data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7Cdda9e65346f947a5652a08d85bc4e90e%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&sdata=a4ytma8l%2FVZUGga%2FLM1plIYer72EiG1MQygmZMYym8E%3D&reserved=0 > > > > *** Options: http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech > *** Archive: https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.eprints.org%2Ftech.php%2F&data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7Cdda9e65346f947a5652a08d85bc4e90e%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&sdata=7L3EWcMpO1gqGn6CNIHvbMg0YRdqVlktDhObP0hkSd8%3D&reserved=0 > *** EPrints community wiki: https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwiki.eprints.org%2F&data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7Cdda9e65346f947a5652a08d85bc4e90e%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&sdata=cQanHF483jC68sOOt%2FQA9rXd6EoqI7VUo9sTkgoi%2B%2F8%3D&reserved=0
- Follow-Ups:
- Re: [EP-tech] Configuring Azure Web Application Firewall (WAF) for eprints
- From: Francis Jayakanth <fjayakanth@gmail.com>
- Re: [EP-tech] Configuring Azure Web Application Firewall (WAF) for eprints
- References:
- [EP-tech] Configuring Azure Web Application Firewall (WAF) for eprints
- From: Francis Jayakanth <fjayakanth@gmail.com>
- Re: [EP-tech] Configuring Azure Web Application Firewall (WAF) for eprints
- From: Francis Jayakanth <fjayakanth@gmail.com>
- Re: [EP-tech] Configuring Azure Web Application Firewall (WAF) for eprints
- From: Francis Jayakanth <fjayakanth@gmail.com>
- [EP-tech] Configuring Azure Web Application Firewall (WAF) for eprints
- Prev by Date: Re: [EP-tech] TrendTerms in eprints 3.4 Screen::EPrint::Box
- Next by Date: Re: [EP-tech] TrendTerms in eprints 3.4 Screen::EPrint::Box
- Previous by thread: [EP-tech] EPrints/CRIS
- Next by thread: [EP-tech] DOI handling in orcid_support_advance
- Index(es):