tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier>
Subject Re: Mod_jk returning source code of jsp files
Date Mon, 23 Apr 2012 15:28:00 GMT
ironclaw hand wrote:
> Thanks Christopher I will address the security issues if I am actually able to get mod_jk
to execute a jsp!

No.  You should do things right first, in a secure way.  And then, when it works, you can

start "optimising" carefully and step by step, and try not to introduce security holes 
while doing so.
I put "optimise" between quotes here, because what you are apparently trying is not much 
of an optimisation, while it IS creating security issues (and confusing things).  It would

be better to let Tomcat serve all your content, including the static pages that are inside

your webapp directory anyway.  This way, you will not compromise whatever access security

is implemented at the Tomcat side, and the overhead of having Tomcat serve those static 
pages is measured in microseconds at worst.

> I have now removed everything from mod_jk.conf except for the global directives and I
now have my httpd.conf looking like:
> #
> # JK for connections to Tomcat
> #
> LoadModule jk_module modules/
> Include /etc/httpd/conf/mod_jk.conf
> <IfModule jk_module>
> JkWorkersFile /etc/httpd/conf/
> JkLogFile     /var/log/httpd/mod_jk.log
> JkLogLevel info

remove from here

> Alias /sft "/var/webapps/sft"
> <Directory "/var/webapps/sft">
>  Options Indexes FollowSymLinks
> </Directory>
> <Location "/sft/WEB-INF/">
>    AllowOverride None
>    deny from all
> </Location>
until here

 > </IfModule>

> ##
> ## SSL Virtual Host Context
> <VirtualHost sfta.a.b.c:443>    

change this

> JkMount /sft/* loadbalancer
> JkUnMount /*.html loadbalancer

to this

JkMount /sft loadbalancer
JkMount /sft/* loadbalancer

> </VirtualHost>
> I still get the jsp file returned as text 

which means that Apache is serving them, not Tomcat.

so I obviously still have problems and initially I would just like to get apache to invoke

mod_jk and return me the dynamic content.

And let it first return the static content as well, since it is anyway located in your 
webapps directory.

One could also question why you are using the term (or name) "loadbalancer" above, since 
all your content seems to be on the same host anyway.  Do you really have one httpd and 
several Tomcat's ?

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message