In case of CSRF you should have the record in the logs CSRF was violated
Is it the case?

On Thu, Sep 21, 2017 at 3:56 AM, Coscend@OM <[email protected]> wrote:

> Dear OpenMeetings Users,
>
>
>
> We would appreciate any vectors to resolve the following issue:
>
>
>
> We successfully installed, configured, logged in OM 3.3.2 Snapshot
>
> 1.     Internally, i.e., http://IP:port/openmeetings
>
> 2.     Externally, i.e., http://<our.FQDN.name>:port/openmeetings
>
> OM logs have a line:
>
> DEBUG 09-20 14:45:14.219 221956 388 o.a.o.w.a.Application
> [105-6083-exec-2] - Adding online client: 
> 63e8a860-65c6-4687-a7e0-ca435ca21ec6,
> room: null
>
>
>
> ISSUE
>
> --------
>
> However, we are unable to login to OM 3.3.2 Snapshot via Proxy server.
>   When we click on submit username/password, it reloads the login page.
>
> OM logs are MISSING this line:  “Adding online client:…”
>
>
>
>
>
> QUESTIONS
>
> --------
>
>
>
> 1.     What has changed between OM 3.3.2 and 3.3.0 that does not POST
> login credentials?  Anything to do with Session variables and session
> request handlers?
>
> 2.     We have used the proxy server settings that are working perfectly
> with OM 3.3.0 in which CSRF and CSP, XSS were introduced.
>
> Alteametasoft Demo server:  What additional proxy settings needed to be
> added to Apache Web server to enable OM 3.3.2?
>
>
>
> Source of proxy server settings:
>
> i)              CSRF:  http://markmail.org/message/o4szinpxt4e2tzch
>
> ii)             Proxy logging:  http://markmail.org/message/
> mft3m5bdjeqxwicw
>
>
>
> Thank you.
>
>
>
> Sincerely,
>
>
>
> Hemant K. Sabat
>
>
>
> Coscend Communications Solutions
>
> www.Coscend.com <http://www.coscend.com/>
>
> ------------------------------------------------------------------
>
> *Real-time, Interactive Video Collaboration, Tele-healthcare,
> Tele-education, Telepresence Services, on the fly…*
>
> ------------------------------------------------------------------
>
> CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail
> Messages from Coscend Communications Solutions' posted at:
> http://www.Coscend.com/Terms_and_Conditions.html
> <http://www.coscend.com/Terms_and_Conditions.html>
>
>
>
>
>
>
>
>
> <http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient>
>  Virus-free.
> www.avg.com
> <http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient>
> <#m_-3774582028157409911_DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
>



-- 
WBR
Maxim aka solomax

Reply via email to