tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Terence M. Bandoian" <tere...@tmbsw.com>
Subject Re: Tomcat 8, Apache 2.4, Tomcat Connector 1.2.40, Windows 7 home basic issue
Date Sat, 03 Jan 2015 03:45:27 GMT
On 1/1/2015 9:20 AM, Sandip Gaikwad wrote:
> Hi,
>
> Following are entries in files. Please let me know what is going wrong.
>
> *workers.properties*
> worker.list=worker1
> # Set properties for worker1 (ajp13)
> worker.worker1.type=ajp13
> worker.worker1.host=localhost
> worker.worker1.port=8009
> worker.worker1.connection_pool_size=10
> worker.worker1.connection_pool_timeout=600
> worker.worker1.socket_keepalive=true
> worker.worker1.socket_timeout=300
>
>
> *httpd.conf*
> LoadModule jk_module "C:/Apache24/modules/mod_jk.so"
> JkWorkersFile "C:/tomcat-connectors-1.2.40-src/conf/workers.properties"
> JkLogFile "C:/Apache24/logs/mod_jk.log"
> JkLogLevel info
> JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
> JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories
> JkRequestLogFormat "%w %V %T"
> JkMount /jenkins/* worker1
>
> *server.xml*
> <?xml version='1.0' encoding='utf-8'?>
> <Server port="8005" shutdown="SHUTDOWN">
>   <Listener className="org.apache.jk.config.ApacheConfig" 
> modJk="C:/Apache24/modules/mod_jk.so"/>
>   <Listener 
> className="org.apache.catalina.startup.VersionLoggerListener" />
>   <Listener className="org.apache.catalina.core.AprLifecycleListener" 
> SSLEngine="on" />
>   <Listener 
> className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
>   <Listener 
> className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
>   <Listener 
> className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
>
>   <GlobalNamingResources>
>     <Resource name="UserDatabase" auth="Container"
>               type="org.apache.catalina.UserDatabase"
>               description="User database that can be updated and saved"
> factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
>               pathname="conf/tomcat-users.xml" />
>   </GlobalNamingResources>
>
>   <Service name="Catalina">
>
>     <Connector port="8080" protocol="HTTP/1.1"
>                connectionTimeout="20000"
>                redirectPort="8443" />


If you don't want to allow direct access to Tomcat, the Connector above 
should be removed.


>     <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />


The address attribute should probably be set on the Connector above.  
Setting it 127.0.0.1 (address="127.0.0.1") will limit access to the 
local host.

-Terence Bandoian


>     <Engine name="Catalina" defaultHost="localhost">
>       <Realm className="org.apache.catalina.realm.LockOutRealm">
>         <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
>                resourceName="UserDatabase"/>
>       </Realm>
>
>       <Host name="localhost"  appBase="webapps"
>             unpackWARs="true" autoDeploy="true">
>         <Listener className="org.apache.jk.config.ApacheConfig" 
> modJk="C:/Apache24/modules/mod_jk.so"/>
>         <Valve className="org.apache.catalina.valves.AccessLogValve" 
> directory="logs"
>                prefix="localhost_access_log" suffix=".txt"
>                pattern="%h %l %u %t &quot;%r&quot; %s %b" />
>       </Host>
>     </Engine>
>   </Service>
> </Server>
>
> Thanks,
> Sandip
>
>
> On Thu, Jan 1, 2015 at 7:45 PM, Christopher Schultz 
> <chris@christopherschultz.net <mailto:chris@christopherschultz.net>> 
> wrote:
>
>     -----BEGIN PGP SIGNED MESSAGE-----
>     Hash: SHA256
>
>     Sandip,
>
>     On 1/1/15 12:19 AM, Sandip Gaikwad wrote:
>     > Could you please let me know how to block direct access to tomcat
>     > and allow access through apache http server only?
>     >
>     > I used http://
>     >
>     http://www.slideshare.net/mohanraj_nagasamy/integrating-tomcat-and-apache-on-windows-presentation
>     >
>     >
>     for reference.
>
>     tl;dr
>
>     > What indicates that each request is coming from apache httpd only?
>
>     Nothing, really. There are ways to determine this, but you are better
>     off solving the root problem.
>
>     > Example: i have added following code in httpd.conf # Send
>     > everything for context /example1 to worker named worker1 (ajp13)
>     > JkMount /example1/* worker1
>     >
>     > in tomcat i have two apps example1 and example2
>     >
>     > I am expecting to access only http://localhost/example1 . But i can
>     > access http://localhost/example2 as well.
>     >
>     > How can i stop http://localhost/example2 from being accessed?
>
>     Only one process can bind to a single interface+port, so you need to
>     figure out whether Tomcat or httpd is using port 80.
>
>     If httpd is bound to port 80, then the only reasons why a request to
>     /example2 would hit your application are:
>
>        a) You have a JkMount somewhere for that
>        b) You have made your DocumentRoot = appbase
>
>     The first is easy to fix: just remove that JkMount.
>     The second is a horrible security problem that you'll need to fix
>     immediately.
>
>     - -chris
>     -----BEGIN PGP SIGNATURE-----
>     Version: GnuPG v1
>     Comment: GPGTools - http://gpgtools.org
>
>     iQIcBAEBCAAGBQJUpVaXAAoJEBzwKT+lPKRYY5AQAJ6+2NAhVtCWl1KMSQj2FGr8
>     TMh/cpFAUiFY8NYbxLhPLZnELf/PhoCZlBAHnUJN7j+ozr5YbjbBW7sVJ9kI3yu8
>     W1lB5zlxZKuVGBp3+GZsMdQcMDr/tg4Jkr8/TFKqUZOo5RPeTVoXxy+azdCNyMuy
>     BdogSIpqpxc1k6r1lQOGljiKzXiZJDdpkJwDau1mnzY8eO54pxZWHIJI63c4gu5y
>     akinaEncJDzI5dFwAQWiL/C+CtO8ujiUePH+FfpwfzoQozqIa+hpCaipwtOdc+0Z
>     V1qCSzLQDMAIKcuPWGnFrn9D8s24f8SasfAh83ca6oA8Ht4YoOEJILhCC81gRFhj
>     HGBLuVtAyfIKYza8Vn3QIoGDzqM/YqCdeOSrZKPkfnhma/lYy7JeuNfzXs8av3Eg
>     q0R8+4K1Bdl8I1J3rDZv/fuQMpWcYcuXpbdHJJ8Iwr7yeSVESrKT/HLtEZJIqBwI
>     F4FucgZUtkzgxodFqKrZBNgHNt0Bqnph04xVivqidhZvdE6SKap3/U5iSHXBNWcP
>     AGlWdWt2pqiWzCA0sHdQaw9AWlOB5RAGGebotnidu2V8PNiNwsjO5Llg0feagr9a
>     rikDkOpwChF3+u5z9yztCBgcNHBo1Nf4UW2eijqtsci+0OJ4cA75A4xjpd5AvrAj
>     Bz0SrueuRUKvwSEvJus7
>     =pJXZ
>     -----END PGP SIGNATURE-----
>
>     ---------------------------------------------------------------------
>     To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>     <mailto:users-unsubscribe@tomcat.apache.org>
>     For additional commands, e-mail: users-help@tomcat.apache.org
>     <mailto:users-help@tomcat.apache.org>
>
>
>
>
> -- 
> Sandip Gaikwad
> 9987626799


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message