You are viewing limited content. For full access, please sign in.

Question

Question

CloudFlare with Laserfiche

Web Client WebLink Mobile Forms
Updated February 21, 2022
asked on February 17, 2022

Does Laserfiche have an official position on CloudFlare in front of Laserfiche Web Applications?  While CloudFlare's proxying services do provide a CDN type service, it's the DDOS protection that we're finding clients seeking.  

 

Based on our own testing, we've found:

  • No issues with the standard web applications like Forms, Mobile, Web Client, WebLink.
  • CloudFlare cannot be used for applications that connect directly to the Laserfiche Repository Server in spite of it being http/https based communication, i.e.: Windows Client, QuickFields, Import Agent, etc. 

 

But again, we're looking for any official position. 

0 0

Replies

replied on February 17, 2022

I wouldn't say that we have an official position with regards to traditional reverse proxies, much less CloudFlare in particular. But, reverse proxies are part of the modern web, and we expect our web applications to work with them. If a web application doesn't work properly behind a reverse proxy that is something we would be interested in hearing about.

It should be possible to reverse proxy traffic for LFS, but it could be a challenge and you are definitely getting into the territory of "not officially supported". The main things that would be a challenge are all of the http verbs that LFS uses (since it's webdav) and I believe it relies on a number of headers to communicate things like repository name. These headers aren't part of normal http traffic, and a proxy might not forward them.

1 0
replied on February 21, 2022

Seconding all of the above. You can generally use Layer 4 (TCP) reverse proxies directly to LFS without issue because they don't touch anything in the HTTP/WebDAV protocol layer (L7). Note that Windows Authentication does not work through Layer 4 proxies unless they have specific support for NTLM (most do not, especially out of the box).

One other thing you'll want to be careful with is caching of static assets, especially .js files. Laserfiche software patches often contain updates to applications' JavaScript files, and we've had plenty of cases where end users were still experiencing an issue post-patch because an upstream proxy was still serving the old version of the file(s).

That's not a compatibility issue per-se, more of a "be sure you know what your proxy cache controls are set to and how to manually flush the proxy cache after deploying a Laserfiche web app upgrade, as well as making doing so part of your upgrade/patch deployment procedure if proxy caching is enabled".

@████████, there are usually issues using the LF desktop Office Integration with load balanced Web Client instances because the Office integration can't use cookie-based session affinity (the only option many Layer 7 proxies/load balancers support) so it's a dice roll on whether or not the Office integration traffic gets sent to the Web Client instance where you have your existing session. Source IP-based session affinity, available on most Layer 4 proxies and a few Layer 7 ones doesn't have this problem. Only a problem when load balancing though. If there's only one backend Web Client server in the target group, all /laserfiche traffic ends up there regardless of session cookies.

 

0 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Related Posts
Loading ...