Uw opmerkingen

That's good news. Now you need to set Origin header properly:

RequestHeader set Origin "http://yourdomain.com"
Unfortunately, it looks like this is not quite possible: http://serverfault.com/questions/290121/configurin...

However you might try adding similar proxypass statement for /ajenti:socket and Ajenti should fallback to XHR polling instead of websockets.
Does the Plugins section indicate that CSF plugin was properly loaded? I.e. no warning sign near the plugin name.
Oh, I thought that you used NGINX. The Apache code was contributed by a user, and I don't really have the Apache experience to tackle with it. Do you get to the login page when being redirected to /ajenti:auth? If the form doesn't work there, check whether the POST requests to /ajenti:auth actually reach Ajenti through Apache. 
Just add this option in GUI (as a custom option). You don't have to edit the raw file. Also you don't need to put "iptables" before the lines there.
The manual has been recently updated, double-check that you're using correct location ~ /ajenti.*
You can use src-range iptables option: http://www.cyberciti.biz/tips/linux-iptables-how-to-specify-a-range-of-ip-addresses-or-ports.html
Set up your webserver (e.g.: NGINX http://support.ajenti.org/topic/349870-ajenti-behind-nginx/) to forward requests on a subdomain/subpath to Ajenti.