-
Type:
Bug
-
Status: Closed
-
Resolution: Fixed
-
Affects Version/s: 7.0.X, 7.1.X, 7.2.X, Master
-
Fix Version/s: 7.1.10 DXP FP13, 7.1.X, 7.2.10 DXP FP1, 7.2.X, 7.2.1 CE GA2, 7.3.10 DXP GA1, Master
-
Component/s: Application Security > Auth Verifiers
-
Branch Version/s:7.2.x, 7.1.x
-
Backported to Branch:Committed
-
Fix Priority:3
-
Git Pull Request:
Description
When the portal property: main.servlet.https.required is set to true, X-Forwarded-* headers are not being honored, which may result in improper redirects.
Also, the portal property: portal.proxy.path is not being accounted for as well, for the resulting redirects.
Steps to Reproduce
- Setup a proxy server with SSL Offloading
- Sample httpd-vhosts.conf (Apache Httpd)
<VirtualHost *:443> ProxyPreserveHost On SSLEngine on SSLCertificateFile "/usr/local/apache2/conf/dummy-server.crt" SSLCertificateKeyFile "/usr/local/apache2/conf/dummy-server.key" RequestHeader set X-Forwarded-Proto https ProxyPass /liferay http://172.17.0.1:8080 ProxyPassReverse /liferay http://172.17.0.1:8080 </VirtualHost>
- Accommodate SSLCertificateFile and SSLCertificateKeyFile accordingly
- Reference: Here are links to the dummy cert I used for my testing, in case it's helpful:
- Replace 172.17.0.1 with the IP address to your Liferay instance
- Accommodate SSLCertificateFile and SSLCertificateKeyFile accordingly
- Sample httpd-vhosts.conf (Apache Httpd)
- Configure Liferay to work with the proxy server
- Sample portal-ext.properties:
web.server.https.port=443 web.server.protocol=https portal.proxy.path=/liferay web.server.forwarded.protocol.enabled=true
- Sample portal-ext.properties:
- Startup Liferay and Apache Httpd
- Navigate to https://[PROXY-SERVER-IP]/liferay
- Replace [PROXY-SERVER-IP] with your proxy server's IP
- Notice that Liferay loads as expected
- Modify portal-ext.properties to include main.servlet.https.required:
web.server.https.port=443 web.server.protocol=https portal.proxy.path=/liferay web.server.forwarded.protocol.enabled=true main.servlet.https.required=true
- Restart Liferay
- Navigate to https://[PROXY-SERVER-IP]/liferay
- Replace [PROXY-SERVER-IP] with your proxy server's IP
Expected Result: The redirect should occur successfully and the portal can be accessed.
Actual Result: Error message appears in the browser, due to improper redirects.