You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@archiva.apache.org by ma...@apache.org on 2017/03/18 17:33:50 UTC

[2/2] archiva git commit: Adding some information about redback configuration settings

Adding some information about redback configuration settings


Project: http://git-wip-us.apache.org/repos/asf/archiva/repo
Commit: http://git-wip-us.apache.org/repos/asf/archiva/commit/2cf09a7f
Tree: http://git-wip-us.apache.org/repos/asf/archiva/tree/2cf09a7f
Diff: http://git-wip-us.apache.org/repos/asf/archiva/diff/2cf09a7f

Branch: refs/heads/master
Commit: 2cf09a7f51faf5310237d11bc354fe541f6e2e46
Parents: f177ba8
Author: Martin Stockhammer <ma...@apache.org>
Authored: Sat Mar 18 18:33:14 2017 +0100
Committer: Martin Stockhammer <ma...@apache.org>
Committed: Sat Mar 18 18:33:14 2017 +0100

----------------------------------------------------------------------
 .../site/apt/adminguide/customising-security.apt | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/archiva/blob/2cf09a7f/archiva-docs/src/site/apt/adminguide/customising-security.apt
----------------------------------------------------------------------
diff --git a/archiva-docs/src/site/apt/adminguide/customising-security.apt b/archiva-docs/src/site/apt/adminguide/customising-security.apt
index b7a99dd..d42c227 100644
--- a/archiva-docs/src/site/apt/adminguide/customising-security.apt
+++ b/archiva-docs/src/site/apt/adminguide/customising-security.apt
@@ -48,6 +48,7 @@ Archiva Security Configuration
 
 +-----+
 # Security Policies
+# -----------------
 #security.policy.password.encoder=
 security.policy.password.previous.count=6
 security.policy.password.expiration.days=90
@@ -55,6 +56,7 @@ security.policy.password.expiration.enabled=true
 security.policy.allowed.login.attempt=3
 
 # Password Rules
+# --------------
 security.policy.password.rule.alphanumeric.enabled=false
 security.policy.password.rule.alphacount.enabled=true
 security.policy.password.rule.alphacount.minimum=1
@@ -66,6 +68,23 @@ security.policy.password.rule.numericalcount.enabled=true
 security.policy.password.rule.numericalcount.minimum=1
 security.policy.password.rule.reuse.enabled=true
 security.policy.password.rule.nowhitespace.enabled=true
+
+# Cross Site Request Forgery (CSRF) Prevention
+# --------------------------------------------
+# Enable/Disable CSRF filtering.
+# Possible values: true, false
+rest.csrffilter.enabled=true
+# Base URL used to verify the origin headers of the requests. If not set or empty
+# it tries to determine the base url automatically
+rest.baseUrl=
+# What to do, if the request contains no Origin or Referer header.
+# If true, requests without Origin or Referer Header are denied, otherwise accepted.
+# Possible values: true, false
+rest.csrffilter.absentorigin.deny=true
+# Enable/Disable the token validation only.
+# If true, the validation of the CSRF tokens will be disabled.
+# Possible values: true, false
+rest.csrffilter.disableTokenValidation=false
 +-----+
  
   <<Note:>> If installed standalone, Archiva's list of configuration files is <itself> configurable, and