tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rhugga <tom...@echeeba.com>
Subject Connecter Disabled but Still Active on Port 8080
Date Sun, 28 Sep 2003 14:26:39 GMT

I am running Tomcat 4.1.27 using Sun's j2sdk 1.4.2 on Solaris 9 64-bit. 
I am only using Tomcat for a JSP/Servlet engine using mod_jk2 and apache 
2. I am using an AF_UNIX socket for communication.

The only connector I have defined in conf/server.xml is as follows:

<!-- Define a Coyote/JK2 AJP 1.3 Connector - LOCAL ONLY-->
<Connector className="org.apache.coyote.tomcat4.CoyoteConnector" 

   minProcessors="5" maxProcessors="75" enableLookups="true" 

   acceptCount="10" debug="5" connectionTimeout="0"
   useURIValidationHack="false"
   protocolHandlerClassName="org.apache.jk.server.JkCoyoteHandler">
</Connector>

I was told that removing the port="" parameter this would effectively be 
a local  only connector.

However, here is the catalina.out logfile  from tomcat initialization:
-------------------------------------------------------------------------
Sep 28, 2003 6:56:12 AM org.apache.commons.modeler.Registry loadRegistry
INFO: Loading registry information
Sep 28, 2003 6:56:12 AM org.apache.commons.modeler.Registry getRegistry
INFO: Creating new Registry instance
Sep 28, 2003 6:56:14 AM org.apache.commons.modeler.Registry getServer
INFO: Creating MBeanServer
Starting service Tomcat-Standalone
Apache Tomcat/4.1.27
Sep 28, 2003 6:56:21 AM org.apache.struts.util.PropertyMessageResources 
<init>
INFO: Initializing, config='org.apache.struts.util.LocalStrings', 
returnNull=true
Sep 28, 2003 6:56:21 AM org.apache.struts.util.PropertyMessageResources 
<init>
INFO: Initializing, config='org.apache.struts.action.ActionResources', 
returnNull=true
Sep 28, 2003 6:56:22 AM org.apache.struts.util.PropertyMessageResources 
<init>
INFO: Initializing, 
config='org.apache.webapp.admin.ApplicationResources', returnNull=true
[Sun Sep 28 06:56:29 2003] ( info ) [jk_config_file.c (320)] 
cfg.update() Updating config 
/usr/local/jakarta-tomcat-4.1.27/conf/workers2.properties 1864393060 
1064685328
[Sun Sep 28 06:56:30 2003] ( info ) [jk_config_file.c (331)] 
config.setConfig():  Reading properties 
/usr/local/jakarta-tomcat-4.1.27/conf/workers2.properties 1
[Sun Sep 28 06:56:30 2003] ( info ) [jk_logger_file.c (184)] 
Initializing log file stderr
[Sun Sep 28 06:56:30 2003] ( info ) [jk_workerEnv.c (403)] 
workerEnv.init() ok 
/usr/local/jakarta-tomcat-4.1.27/conf/workers2.properties
Sep 28, 2003 6:56:30 AM org.apache.jk.apr.AprImpl init
INFO: JK2: Initialized apr
Sep 28, 2003 6:56:30 AM org.apache.jk.common.ChannelUn init
INFO: JK: listening on unix socket: 
/usr/local/jakarta-tomcat-4.1.27/work/jk2.socket
Sep 28, 2003 6:56:30 AM org.apache.jk.common.ChannelSocket init
INFO: JK2: ajp13 listening on /0.0.0.0:8080
Sep 28, 2003 6:56:30 AM org.apache.jk.server.JkMain start
INFO: Jk running ID=0 time=3/264 
config=/usr/local/jakarta-tomcat-4.1.27/conf/jk2.properties
------------------------------------------------------------------------- 


 From this log you can see that ajp13 is listening on the loopback 
interface.

However, 'netstat -a' shows this:

*.8080    *.*    0    0 49152  0 LISTEN

The *.8080 means the process is listening for connections on all 
interfaces. On Solaris, if a service is ONLY listening on loopback, it 
should appear as so: (using the sshd server as an example)
localhost.ssh   *.*    0      0 49152      0 LISTEN

If a service is ONLY listening on a non-loopback interface it would 
appear as so:
hostname.mydomain.tld.ssh   *.*    0      0 49152      0 LISTEN

I can indeed telnet to the machine from a remote host and connect to 
port 8080. (however I do not know the protocol to test any commands but 
I do get a connection)

Have I misconfigured something or is this a bug or what? This box is on 
a very high profile network (due to the myriad of porn sites and 
anti-spam services running on the same subnet at this particuliar colo) 
and security is a major concern, and I currently have no firewall to put 
this box behind.

Thanks for any help,
Chuck


Mime
View raw message