In case of CSRF you should have the record in the logs CSRF was violated Is it the case?
On Thu, Sep 21, 2017 at 3:56 AM, Coscend@OM <[email protected]> wrote: > Dear OpenMeetings Users, > > > > We would appreciate any vectors to resolve the following issue: > > > > We successfully installed, configured, logged in OM 3.3.2 Snapshot > > 1. Internally, i.e., http://IP:port/openmeetings > > 2. Externally, i.e., http://<our.FQDN.name>:port/openmeetings > > OM logs have a line: > > DEBUG 09-20 14:45:14.219 221956 388 o.a.o.w.a.Application > [105-6083-exec-2] - Adding online client: > 63e8a860-65c6-4687-a7e0-ca435ca21ec6, > room: null > > > > ISSUE > > -------- > > However, we are unable to login to OM 3.3.2 Snapshot via Proxy server. > When we click on submit username/password, it reloads the login page. > > OM logs are MISSING this line: “Adding online client:…” > > > > > > QUESTIONS > > -------- > > > > 1. What has changed between OM 3.3.2 and 3.3.0 that does not POST > login credentials? Anything to do with Session variables and session > request handlers? > > 2. We have used the proxy server settings that are working perfectly > with OM 3.3.0 in which CSRF and CSP, XSS were introduced. > > Alteametasoft Demo server: What additional proxy settings needed to be > added to Apache Web server to enable OM 3.3.2? > > > > Source of proxy server settings: > > i) CSRF: http://markmail.org/message/o4szinpxt4e2tzch > > ii) Proxy logging: http://markmail.org/message/ > mft3m5bdjeqxwicw > > > > Thank you. > > > > Sincerely, > > > > Hemant K. Sabat > > > > Coscend Communications Solutions > > www.Coscend.com <http://www.coscend.com/> > > ------------------------------------------------------------------ > > *Real-time, Interactive Video Collaboration, Tele-healthcare, > Tele-education, Telepresence Services, on the fly…* > > ------------------------------------------------------------------ > > CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail > Messages from Coscend Communications Solutions' posted at: > http://www.Coscend.com/Terms_and_Conditions.html > <http://www.coscend.com/Terms_and_Conditions.html> > > > > > > > > > <http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient> > Virus-free. > www.avg.com > <http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient> > <#m_-3774582028157409911_DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2> > -- WBR Maxim aka solomax
