tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier ...@ice-sa.com>
Subject Re: PROBLEM - APACHE HTTPD IS SERVING JSP SOURCE CODE
Date Sat, 17 Nov 2012 12:50:40 GMT
Pete Storey wrote:
> Yup, your mount point aren't quite right:
> 
> - They need to be in a virtual host if they are for that (or turn on
> inheritance)
> - You have to mount _either_ a path or an extension - not both - i.e.
> JkMount *.jsp or JkMount /myapp - not what you've got with JkMount /*.jsp

The exact syntax is given here : 
http://tomcat.apache.org/connectors-doc/reference/uriworkermap.html
under "URI patterns".

If you are familiar with the Apache httpd configuration syntax (and less with the JkMount

syntax per se), then use an Apache <Location> or <LocationMatch>
<LocationMatch "^/myapp/">
    JkMount worker1            <-- URI part dropped, because inside a Location already
    ...
</LocationMatch>

or

<LocationMatch "^/myapp/">
   setHandler jakarta-servlet
   SetEnv JK_WORKER_NAME worker1                       <-- replaces JkMount
   SetEnvIf REQUEST_URI "\.(jpg|gif|html|htm)$" no-jk  <-- replaces JkUnMount
   ...
</LocationMatch>

as explained here : http://tomcat.apache.org/connectors-doc/reference/apache.html
(at end, section "Using SetHandler and Environment Variables")

BUT

This all has nothing to do with the fundamental issue here, which needs to be resolved 
first : the httpd DocumentRoot and the Tomcat "appBase" overlap, and they should not.
Because as it is now, it allows Apache http to serve Tomcat jsp's (and other files) as 
source, "behind the back" of Tomcat.

Tomcat is interpreting somes files (like *.jsp) in a special way, or protecting them from

access (like the contents of /myapp/WEB-INF/*), but Apache httpd knows nothing about these

rules, and serves these files like any other *.html or *.jpg or *.txt.
So to avoid a whole lot of problems and security issues, you should not allow Apache httpd

to access these files, other than through mod_jk and Tomcat.




> 
> cheers
> Pete
> 
> 
> On 17 November 2012 08:12, André Warnier <aw@ice-sa.com> wrote:
> 
>> Casper Wandahl Schmidt wrote:
>>
>>> Den 16-11-2012 21:26, Farid Haider skrev:
>>>
>>>> Hi.
>>>>
>>>> I have Fedora 17 (Kernel Linux 3.6.6-1.fc17.i686) installed in an ASUS
>>>> laptop (A6Jseries).
>>>>
>>>> I have Apache/2.2.22 installed that came with the Fedora 17.
>>>>
>>>> I have the following Java:
>>>> java version "1.7.0_09-icedtea"
>>>> OpenJDK Runtime Environment (fedora-2.3.3.fc17.1-i386)
>>>> OpenJDK Client VM (build 23.2-b09, mixed mode)
>>>> and is installed in /usr/lib/jvm/java-1.7.0-**openjdk-1.7.0.9/
>>>>
>>>> I have downloaded Tomcat 7 and installed in /usr/local/tomcat7 (tar
>>>> -zxvf apache-tomcat-7.0.27.tar.gz)
>>>>
>>>> After starting Tomcat (/usr/local/tomcat7/bin/**startup.sh) it works
>>>> fine.
>>>> When openning the browser http://localhost:8080 the “Apache
>>>> Tomcat/7.0.32” page opens without problems.
>>>>
>>>> To integrate Apache with Tomcat I have installed Tomcat Connectors JK
>>>> 1.2 (mod_jk module) as follows:
>>>> su -
>>>> [root@asuslaptop ~]# cd /etc/httpd/modules
>>>> [root@asuslaptop modules]#wget
>>>> http://archive.apache.org/**dist/tomcat/tomcat-connectors/**
>>>> jk/binaries/linux/jk-1.2.31/**i386/mod_jk-1.2.31-httpd-2.2.**x.so<http://archive.apache.org/dist/tomcat/tomcat-connectors/jk/binaries/linux/jk-1.2.31/i386/mod_jk-1.2.31-httpd-2.2.x.so>
>>>> [root@asuslaptop modules]# mv mod_jk-1.2.31-httpd-2.2.x.so mod_jk.so
>>>> [root@asuslaptop modules]# chmod 755 mod_jk.so
>>>>
>>>> I have created file workers.properties in /etc/httpd/conf.d/ (as
>>>> follows)
>>>> [root@asuslaptop modules]# cd /etc/httpd/conf.d/
>>>> [root@asuslaptop conf.d]# cat > /etc/httpd/conf.d/workers.**properties
>>>> workers.tomcat_home=/usr/**local/tomcat7/
>>>> workers.java_home=/usr/lib/**jvm/java-1.7.0-openjdk-1.7.0.**9/
>>>> ps=/
>>>> worker.list=worker1
>>>> worker.worker1.type=ajp13
>>>> worker.worker1.host=localhost
>>>> worker.worker1.port=8009
>>>> worker.worker1.lbfactor=50
>>>>
>>>> I have created file mod_jk.conf in /etc/httpd/conf.d/ (as follows)
>>>> [root@asuslaptop conf.d]#cat > /etc/httpd/conf.d/mod_jk.conf
>>>> JkWorkersFile "/etc/httpd/conf.d/workers.**properties"
>>>> JkLogFile "logs/mod_jk.log"
>>>> JkLogLevel info
>>>> JkMount /*.jsp worker1
>>>> JkMount /servlet/* worker1
>>>> JkMount /*.do worker1
>>>> JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
>>>>
>>>> I have edited httpd.conf as follows:
>>>> [root@asuslaptop conf.d]# cd /etc/httpd/conf/
>>>> [root@asuslaptop conf]# vi httpd.conf
>>>> - added the line:
>>>> LoadModule jk_module modules/mod_jk.so
>>>> - Edited the following line to be:
>>>> DirectoryIndex index.htm default.htm default.jsp
>>>> - I have added the following virtual host:
>>>> <VirtualHost *:80>
>>>>      ServerAdmin fhaider@odline.com
>>>>      DocumentRoot /var/www/html/lofttreasures
>>>>      ServerName www.lofttreasures.com
>>>>      ErrorLog logs/lofttreasures.com-error_**log
>>>>      CustomLog logs/lofttreasures.com-access_**log common
>>>> </VirtualHost>
>>>> - At the end if the file I have inserted:
>>>> Include conf.d/*.conf
>>>>
>>>> I have edited the file server.xml:
>>>> [root@asuslaptop conf]# cd /usr/local/tomcat7/conf/
>>>> [root@asuslaptop conf]# vi server.xml
>>>> Before “</Engine>” tag I have inserted the following:
>>>> <Host name="www.lofttreasures.com" debug="0" appBase="/var/www/html"
>>>>          unpackWARs="true" autoDeploy="true" xmlValidation="false"
>>>> xmlNamespaceAware="false">
>>>> </Host>
>>>>
>>>> In Catalina directory I have created the following:
>>>> [root@asuslaptop conf]# cd /usr/local/tomcat7/conf/**Catalina/
>>>> [root@asuslaptop Catalina]# mkdir  www.lofttreasures.com
>>>> [root@asuslaptop Catalina]# cd www.lofttreasures.com/
>>>> Created the file context.xml and edit as follows:
>>>> [root@asuslaptop www.lofttreasures.com]# vi context.xml
>>>> <Context path="" docBase="lofttreasures" debug="0" reloadable="false"
>>>> crossContext="false">
>>>> </Context>
>>>>
>>>> I have restarted the Tomcat with:
>>>> [root@asuslaptop ~]# /usr/local/tomcat7/bin/**shutdown.sh
>>>> [root@asuslaptop ~]# /usr/local/tomcat7/bin/**startup.sh
>>>>
>>>> I have started Apache with:
>>>> [root@asuslaptop ~]# service httpd start
>>>>
>>>> I have checked if the Tomcat and Apache started with:
>>>> [root@asuslaptop ~]# ps -U root -u root u
>>>> The result is:
>>>> //bin/java
>>>> -Djava.util.logging.config.**file=/usr/local/tomcat7/conf/**logging ...
>>>> /usr/sbin/httpd -k start
>>>>
>>>> Tomcat seems to work fine when I test in a browser with
>>>> http://localhost:8080/ it opens  the “Apache Tomcat/7.0.32” page.
>>>>
>>>> If I test the Apache only by trying in the browser
>>>> www.lofttreasures.com it open the test HTML page without problems.
>>>>
>>>> The problem is when I try to open a JSP page with
>>>> www.lofttreasures.com/index.**jsp<http://www.lofttreasures.com/index.jsp>I
get the page with the JSP source code.
>>>>
>>>> I would appreciate it very much if I could get help to solve this
>>>> problem.
>>>>
>>> Try reading this:
>>> http://tomcat.apache.org/**connectors-doc/webserver_**howto/apache.html<http://tomcat.apache.org/connectors-doc/webserver_howto/apache.html>
>>> Especially the warning in the beginning of the page.
>>>
>> +1
>>
>> If you are seeing the jsp source code, it is almost certainly because it
>> is Apache httpd that is serving the page, not Tomcat. (It should be easy to
>> check : leave Apache httpd on, but turn off Tomcat, and request the same
>> page again).
>>
>> That seems to be because of what you've done here :
>>>>      DocumentRoot /var/www/html/lofttreasures
>> and here
>>
>>>> <Host name="www.lofttreasures.com" debug="0" appBase="/var/www/html"
>>
>>> I'm by no means an expert, but I seem to remember that you need the
>>> jkMount statements to be inside the VirtualHost, they are not inherited
>>> unless you use some other statement that I can't remember. It should be
>>> possible to find in the docs though.
>>>
>>>
>> +1 also.
>> The other directive mentioned is "JkMountCopy", and it is found here :
>>
>> http://tomcat.apache.org/**connectors-doc/reference/**apache.html<http://tomcat.apache.org/connectors-doc/reference/apache.html>
>>
>> (which page has the same warning about allowing Apache httpd to "see" your
>> Tomcat application directories directly)
>>
>> But the JkMount/JkMountCopy is not your main problem right now.  Your main
>> problem is the other one; resolve that one first.
>>
>>
>> ------------------------------**------------------------------**---------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.**apache.org<users-unsubscribe@tomcat.apache.org>
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message