tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From groupalias v <>
Subject Re: Debugging tomcat<->apache(mod_jk) bridge
Date Wed, 02 Dec 2009 16:06:15 GMT
In response to Chris' question -   I have only one tomcat instance
running and it picks up the webapps in /srv/tomcat6/webapps/
and the URL works fine.  I tried
with the mod_jk.c and jk_module with the same result.

In response to André's question this is the first time I am hearing
about the SetHandler construct.  Is there documentation somewhere I
can read?
The issue about security is something I am concerned too and thought
its too error prone.

What is the workers.tomcat_home directive in used for?

If the communication is over the 8009 port why does apache care about
one of tomcat's directories?

I will re-create the with mo_jk.c and post them.

- Vas

On Wed, Dec 2, 2009 at 2:30 AM, André Warnier <> wrote:
> Christopher Schultz wrote:
>> Hash: SHA1
>> All,
>> On 12/1/2009 10:26 AM, André Warnier wrote:
>>> groupalias v wrote:
>>>> httpd.conf
>>>> -------------
>>>> LoadModule jk_module          modules/
>>>> <IfModule jk_module>
>>> What the h.. is this line for : ?
>> It's for conditional inclusion of Apache httpd directives when modules
>> may or may not be loaded.
> No. I was talking about the "Alias" which follows. Hence the trailing ":" in
> my question. Ok, following the colon by a question mark wasn't the clearest
> thing either...
>  The test I have in my httpd.conf is:
>> <IfModule mod_jk.c>
>> I can't find any references online to the use of jk_module in
>> <IfModule>, so the OP might want to change it.
>>>> Alias /test/ "/srv/tomcat6/webapps/A"
>>> It kind of contradicts these next lines :
>>>> JKMount        /test/ A
>>>> JkMount     /test/* A
>>> Because of the Alias line, I don't think that mod_jk even gets to see
>>> your /test/ URLs.
>> No, mod_jk gets higher priority than mod_alias. I'm not entirely sure
>> how the pecking order is decided, but I do know that mod_jk gets first
>> shot.
> Yes, +1 about the "not sure". That is why I prefer, rather than JkMount, the
> form with
> <Location /test>
>  SetHandler jakarta-servlet
>  ...
> </Location>
> At least in that case the precedences are clear, and I find that this syntax
> fits better with "the Apache way of things", and is much more flexible than
> JkMount/JkUnMount.
> My general gripe about that Alias line, is that it generally gives access
> for Apache, to the entire tomcat webapps directory, thus from the start
> bypassing anything configured at Tomcat level in terms of security.  Then
> later, one has to "patch" this hole by a series of conditional Deny rules,
> hoping not to forget one.
> And in 99% of the cases, one does forget something, such as also forbidding
> META-INF e.g.
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message