Contents

Install CIC Web Applications on Apache

To install CIC Web Applications on Apache

Create a folder in the document root of your web server for the CIC Web Applications. Verify that your web server software has the appropriate permissions for that newly created folder.

Note:
In this example, the folder is ININApps.
Download the CIC Web Applications zip file from https://my.inin.com/products/Pages/Downloads.aspx. All the web applications are contained in this single zip.
Unzip the CIC Web Applications folder.
Navigate to the web_files folder inside the unzipped CIC Web Applications folder.
Copy all of the folders inside of web_files. Each folder contains one CIC web application.
Paste the folders copied in the previous step into the directory you created in step 1. Doing so places the appropriate directory structure and files for all CIC Web Applications on your web server.

The following actions take place in the Apache server's /conf/httpd.conf file.

Set the following minimally required modules to be loaded:
- One or more auth* modules that are appropriate for your web server
- dir_module modules/mod_dir.so
- env_module modules/mod_env.so
- expires_module modules/mod_expires.so
- headers_module modules/mod_headers.so
- mime_module modules/mod_mime.so
- proxy_module modules/mod_proxy.so
- proxy_http_module modules/mod_proxy_http.so
- rewrite_module modules/mod_rewrite.so
- setenvif_module modules/mod_setenvif.so
Change the DocumentRoot as well as the single <Directory> section to point to the CIC Web Applications folder
Change the DirectoryIndex property to contain index.html and index.htm

If LimitRequestBody is set to something other than 0, ensure that you increase it to something greater than or equal to 20971520 (bytes).

Set up the proxy rewrite rules:

If Apache is set up for HTTP (possibly in addition to HTTPS), add the following URL rewrite rules at the bottom of httpd.conf:

RewriteEngine On
RewriteRule "^(/.*|)/api/([^/]+)(/.*)" "http://$2:8018$3" 
 
 
 [P,E=WEB_APP:$1,E=ICWS_HOST:$2,E=ICWS_PATH:$3,E=HTTP_HOST:%{HTTP_HOST},E=REQUEST_URI:%{REQUEST_URI},E=SCHEME:%{REQUEST_SCHEME}]
# If you are securing the ICWS host(s), use the following configuration 
 
 
 in place of the RewriteRule above:
# SSLProxyEngine on
# RewriteRule "^(/.*)/api/([^/]+)(/.*)" "https://$2:8019$3" 
 
 
 [P,E=WEB_APP:$1,E=ICWS_HOST:$2,E=ICWS_PATH:$3,E=HTTP_HOST:%{HTTP_HOST},E=REQUEST_URI:%{REQUEST_URI},E=SCHEME:%{REQUEST_SCHEME}]
Header edit Set-Cookie "(.*)Path=(/icws.*)" "$1Path=%{WEB_APP}e/api/%{ICWS_HOST}e$2"
Header edit Location "^(/icws.*)" "%{WEB_APP}e/api/%{ICWS_HOST}e$1"
SetEnvIf "ININ-ICWS-Original-URL" ".+" HAVE_ININICWSOriginalURL
RequestHeader set "ININ-ICWS-Original-URL" "%{SCHEME}e://%{HTTP_HOST}e%{REQUEST_URI}e" 
 
 
 env=!HAVE_ININICWSOriginalURL

If Apache is set up for HTTPS (possibly in addition to HTTP), add the following URL rewrite rules to the appropriate VirtualHost section(s) of httpd-ssl.conf or httpd-sni.conf:

RewriteEngine On
RewriteRule "^(/.*|)/api/([^/]+)(/.*)" "http://$2:8018$3" 
 
 
 [P,E=WEB_APP:$1,E=ICWS_HOST:$2,E=ICWS_PATH:$3,E=HTTP_HOST:%{HTTP_HOST},E=REQUEST_URI:%{REQUEST_URI},E=SCHEME:%{REQUEST_SCHEME}]
# If you are securing the ICWS host(s), use the following configuration 
 
 
 in place of the RewriteRule above:
# SSLProxyEngine on
# RewriteRule "^(/.*)/api/([^/]+)(/.*)" "https://$2:8019$3" 
 
 
 [P,E=WEB_APP:$1,E=ICWS_HOST:$2,E=ICWS_PATH:$3,E=HTTP_HOST:%{HTTP_HOST},E=REQUEST_URI:%{REQUEST_URI},E=SCHEME:%{REQUEST_SCHEME}]
Header edit Set-Cookie "(.*)Path=(/icws.*)" "$1Path=%{WEB_APP}e/api/%{ICWS_HOST}e$2"
Header edit Location "^(/icws.*)" "%{WEB_APP}e/api/%{ICWS_HOST}e$1"
SetEnvIf "ININ-ICWS-Original-URL" ".+" HAVE_ININICWSOriginalURL
RequestHeader set "ININ-ICWS-Original-URL" "%{SCHEME}e://%{HTTP_HOST}e%{REQUEST_URI}e" 
 
 
 env=!HAVE_ININICWSOriginalURL

Configure caching for Interaction Connect. Add the following to conf/httpd.conf:

<DirectoryMatch "/client/">
ExpiresActive On
<FilesMatch "index.html?$">
ExpiresDefault "access plus 15 minutes"
</FilesMatch>
<FilesMatch ".(?:js|css|jpe?g|ico|png|gif|svg|ttf|woff|otf|eot|mp3|wav|ogg)$">
ExpiresDefault "access plus 1 year"
</FilesMatch>
</DirectoryMatch>
<DirectoryMatch "/client/(?:addins|config)/">
<Files "*">
Header Set Cache-Control "no-cache"
</Files>
</DirectoryMatch>
<DirectoryMatch "/client/help/">
ExpiresActive Off
</DirectoryMatch>

To prevent cross-frame scripting or clickjacking, add the following line to conf/httpd.conf. Set the options to DENY, SAMEORIGIN, or ALLOW-FROM origin. For more information, see Security Considerations.
```
header always set X-Frame-Options "DENY"
```
First, identify the directories that should be blocked. Then to disable directory scanning, do both of these. For more information, see Security Considerations.

Note: In addition to the recommended configuration changes, you should also assign the appropriate ACLs (Access Control Lists) to the directories on the web server used by your organization.
- Add the following to conf/httpd.conf.
```
</DirectoryMatch>
Options FollowSymLinks;
<DirectoryMatch>
```
- Create a ..htaaccess file in the related application directory. In the .htaccess file write:
```
Options - Indexes
```
(Re)start the Apache process.
Verify that all applications work as expected