tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rj...@apache.org
Subject svn commit: r752691 - /tomcat/connectors/trunk/jk/xdocs/generic_howto/proxy.xml
Date Wed, 11 Mar 2009 23:28:42 GMT
Author: rjung
Date: Wed Mar 11 23:28:42 2009
New Revision: 752691

URL: http://svn.apache.org/viewvc?rev=752691&view=rev
Log:
Add a few tweaks to the new proxy docs page.

Modified:
    tomcat/connectors/trunk/jk/xdocs/generic_howto/proxy.xml

Modified: tomcat/connectors/trunk/jk/xdocs/generic_howto/proxy.xml
URL: http://svn.apache.org/viewvc/tomcat/connectors/trunk/jk/xdocs/generic_howto/proxy.xml?rev=752691&r1=752690&r2=752691&view=diff
==============================================================================
--- tomcat/connectors/trunk/jk/xdocs/generic_howto/proxy.xml (original)
+++ tomcat/connectors/trunk/jk/xdocs/generic_howto/proxy.xml Wed Mar 11 23:28:42 2009
@@ -92,9 +92,13 @@
 </li>
 <li>SSL cipher: <code>getAttribute(javax.servlet.request.cipher_suite)</code>
 </li>
-<li>SSL key size: <code>getAttribute(javax.servlet.request.key_size)</code>
+<li>SSL key size: <code>getAttribute(javax.servlet.request.key_size)</code>.
+Can be disabled using <code>JkOptions -ForwardKeySize</code>.
 </li>
-<li>SSL client certificate: <code>getAttribute(javax.servlet.request.X509Certificate)</code>
+<li>SSL client certificate: <code>getAttribute(javax.servlet.request.X509Certificate)</code>.
+If you want the whole certificate chain, then you need to also set <code>JkOptions
ForwardSSLCertChain</code>.
+It is likely, that in this case you also need to adjust the maximal AJP packet size
+using the worker attribute <a href="../reference/workers.html">max_packet_size</a>.
 </li>
 <li>SSL session ID: <code>getAttribute(javax.servlet.request.ssl_session)</code>.
 This is for Tomcat, it has not yet been standardized.
@@ -169,6 +173,11 @@
 </p>
 <p>All variables, that are not SSL-related have only been introduced in version 1.2.27.
 </p>
+<p>Finally there is a shortcut to forward the local IP of the web server as the remote
IP.
+This can be useful, e.g. when using the Tomcat remote address valve for allowing connections
+only from registered Apache web servers. This feature is activated by setting
+<code>JkOptions ForwardLocalAddress</code>.
+</p>
 </section>
 <section name="Tomcat AJP Connector Settings">
 <br/>



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message