HTTP 403 when logging into CData Arc outside of local network

  • 27 October 2023
  • 0 replies

Userlevel 5

In some configurations of CData Arc, such as when hosting CData Arc behind a reverse proxy or Nginx proxy, a login sequence that takes place outside of the local network is unsuccessful, resulting in a 403 Forbidden error. Direct authentication to CData Arc is possible locally. 


Arc performs a CSRF (cross-site request forgery) security check that matches the Host and Referer headers in the request to ensure that the user logging into the application is valid, and the login can fail if the host header in the authenticated request is changed.  


If you are hosting CData Arc on the embedded Jetty webserver provided with CData Arc, the application can include a special instruction in the file to ensure that requests forwarded by Arc include the originating Host header: 


cdata.http.proxyMode = true 


If you are using a webserver other than the embedded webserver provided with Arc, you will need to make sure that the proxy maintains the Host header when forwarding requests to the application if you wish to login from outside of the proxy.  

This topic has been closed for comments