I’m running into problems trying to get RT5 running behind a reverse proxy. I’m running into problems with http requests being generated when they should be https requests. I read through the posts I could find here relating to this problem but still can’t get this working properly.
I connect to RT using an https connection to the rproxy server (apache mod_proxy iirc) that is then redirected to my rt5 server using an http connection. This works for most of the site, but some actions result in an error like this:
Possible cross-site request forgery
RT has detected a possible cross-site request forgery for this request, because the Referrer header supplied by your browser (helpdesk.example.ca:443) is not allowed by RT’s configured hostname (helpdesk.example.ca:80). A malicious attacker may be trying to modify or access a search on your behalf. If you did not initiate this request, then you should alert your security team.
My web config entries in RT_Config.pm look like this:
My rproxy config looks like this:
# Added for rt4 server <Location /rt5/> Order allow,deny Allow from all ProxyPass http://10.90.8.152/rt5/ flushpackets=on ProxyPassReverse http://10.90.8.152/rt5/ </Location>
Can anyone see my mistake?