Add new attachment

Only authorized users are allowed to upload new attachments.

List of attachments

Kind Attachment Name Size Version Date Modified Author Change note
png
headers.png 23.1 kB 1 05-Dec-2023 05:32 Ben Spink
png
reverse_proxy.png 86.2 kB 3 05-Dec-2023 05:32 Ben Spink

This page (revision-10) was last changed on 05-Dec-2023 05:32 by Ben Spink

This page was created on 05-Dec-2023 05:32 by Ben Spink

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Difference between version and

At line 3 changed one line
For [reverse proxy|reverse proxy apache], if Apache is doing HTTPS and CrushFTP is doing HTTP, those protocols are "opposite". Precede the reverse proxy path with a "!" as in the example screenshot for the reverse proxy path of "/crushftp/". This tells CrushFTP the user's protocol is the opposite of what CrushFTP's thinks it is.
[attachments|headers.png]
At line 5 added 17 lines
Trust Headers allow for trusting a front end identity management solution that inserts trust headers into the HTTP responses so CrushFTP doesn't need to validate authentication.\\
The trust headers work like this:\\
Say you have the header {{{X-Trusted-Username}}} then you would enter in a value in CrushFTP of:
{{{
X-Trusted-Username=user_name
}}}
You are mapping header values to CrushFTP values.\\
\\
So the trust of the server comes down to the identity management controlling headers and in no way allowing anyone access to the server who could spoof the header. CrushFTP is blindly trusting the header if present with whatever username as having been already authenticated. So any exposure of the CrushFTP server to the outside internet makes it insecure, or exposure on the LAN, etc. It must always be behind the identity management solution your using.\\
For [reverse proxy|Reverse Proxy Apache], if Apache is doing HTTPS and CrushFTP is doing HTTP, those protocols are "opposite". Precede the reverse proxy path with a "!" as in the example screenshot for the reverse proxy path of "/crushftp/". This tells CrushFTP the user's protocol is the opposite of what CrushFTP's thinks it is.
You can also make CrushFTP the reverse proxy server protecting a back end resource.
At line 7 changed one line
You can also make CrushFTP the [reverse proxy server|reverse proxy] protecting a back end resource.
HTTPS ports can have individual keystores mapped to the port as well, or use *[SNI]* to have multiple keystores mapped to the port.
Require valid client certificate will block all connections unless they have been previously configured to provide a SSL [client certificate].
Version Date Modified Size Author Changes ... Change note
10 05-Dec-2023 05:32 2.044 kB Ben Spink to previous
9 05-Dec-2023 05:32 2.035 kB Ben Spink to previous | to last
8 05-Dec-2023 05:32 1.857 kB Ben Spink to previous | to last
7 05-Dec-2023 05:32 1.828 kB Ben Spink to previous | to last
6 05-Dec-2023 05:32 0.944 kB Ben Spink to previous | to last
5 05-Dec-2023 05:32 0.944 kB Ben Spink to previous | to last
4 05-Dec-2023 05:32 0.866 kB Ben Spink to previous | to last
3 05-Dec-2023 05:32 0.756 kB Ben Spink to previous | to last
2 05-Dec-2023 05:32 0.443 kB Ben Spink to previous | to last
1 05-Dec-2023 05:32 0.408 kB Ben Spink to last
« This page (revision-10) was last changed on 05-Dec-2023 05:32 by Ben Spink
G’day (anonymous guest)
CrushFTP11 | What's New

Referenced by
LeftMenu

JSPWiki