summaryrefslogtreecommitdiffstats
path: root/archiva-docs/src/site
diff options
context:
space:
mode:
authorMartin Stockhammer <martin_s@apache.org>2017-03-18 18:33:14 +0100
committerMartin Stockhammer <martin_s@apache.org>2017-03-18 18:33:14 +0100
commit2cf09a7f51faf5310237d11bc354fe541f6e2e46 (patch)
tree502e74580ef79edb021e7ea758def89704f2ed54 /archiva-docs/src/site
parentf177ba8b7e5bbeed56ef4ace7e62de19a4011f52 (diff)
downloadarchiva-2cf09a7f51faf5310237d11bc354fe541f6e2e46.tar.gz
archiva-2cf09a7f51faf5310237d11bc354fe541f6e2e46.zip
Adding some information about redback configuration settings
Diffstat (limited to 'archiva-docs/src/site')
-rw-r--r--archiva-docs/src/site/apt/adminguide/customising-security.apt19
1 files changed, 19 insertions, 0 deletions
diff --git a/archiva-docs/src/site/apt/adminguide/customising-security.apt b/archiva-docs/src/site/apt/adminguide/customising-security.apt
index b7a99dd9d..d42c2275c 100644
--- a/archiva-docs/src/site/apt/adminguide/customising-security.apt
+++ b/archiva-docs/src/site/apt/adminguide/customising-security.apt
@@ -48,6 +48,7 @@ Archiva Security Configuration
+-----+
# Security Policies
+# -----------------
#security.policy.password.encoder=
security.policy.password.previous.count=6
security.policy.password.expiration.days=90
@@ -55,6 +56,7 @@ security.policy.password.expiration.enabled=true
security.policy.allowed.login.attempt=3
# Password Rules
+# --------------
security.policy.password.rule.alphanumeric.enabled=false
security.policy.password.rule.alphacount.enabled=true
security.policy.password.rule.alphacount.minimum=1
@@ -66,6 +68,23 @@ security.policy.password.rule.numericalcount.enabled=true
security.policy.password.rule.numericalcount.minimum=1
security.policy.password.rule.reuse.enabled=true
security.policy.password.rule.nowhitespace.enabled=true
+
+# Cross Site Request Forgery (CSRF) Prevention
+# --------------------------------------------
+# Enable/Disable CSRF filtering.
+# Possible values: true, false
+rest.csrffilter.enabled=true
+# Base URL used to verify the origin headers of the requests. If not set or empty
+# it tries to determine the base url automatically
+rest.baseUrl=
+# What to do, if the request contains no Origin or Referer header.
+# If true, requests without Origin or Referer Header are denied, otherwise accepted.
+# Possible values: true, false
+rest.csrffilter.absentorigin.deny=true
+# Enable/Disable the token validation only.
+# If true, the validation of the CSRF tokens will be disabled.
+# Possible values: true, false
+rest.csrffilter.disableTokenValidation=false
+-----+
<<Note:>> If installed standalone, Archiva's list of configuration files is <itself> configurable, and