tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Terence M. Bandoian" <tere...@tmbsw.com>
Subject Re: Tomcat 8, Apache 2.4, Tomcat Connector 1.2.40, Windows 7 home basic issue
Date Thu, 08 Jan 2015 02:23:18 GMT
Please see inline comments from previous message.

-Terence Bandoian


On 1/2/2015 9:45 PM, Terence M. Bandoian wrote:
> On 1/1/2015 9:20 AM, Sandip Gaikwad wrote:
>> Hi,
>>
>> Following are entries in files. Please let me know what is going wrong.
>>
>> *workers.properties*
>> worker.list=worker1
>> # Set properties for worker1 (ajp13)
>> worker.worker1.type=ajp13
>> worker.worker1.host=localhost
>> worker.worker1.port=8009
>> worker.worker1.connection_pool_size=10
>> worker.worker1.connection_pool_timeout=600
>> worker.worker1.socket_keepalive=true
>> worker.worker1.socket_timeout=300
>>
>>
>> *httpd.conf*
>> LoadModule jk_module "C:/Apache24/modules/mod_jk.so"
>> JkWorkersFile "C:/tomcat-connectors-1.2.40-src/conf/workers.properties"
>> JkLogFile "C:/Apache24/logs/mod_jk.log"
>> JkLogLevel info
>> JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
>> JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories
>> JkRequestLogFormat "%w %V %T"
>> JkMount /jenkins/* worker1
>>
>> *server.xml*
>> <?xml version='1.0' encoding='utf-8'?>
>> <Server port="8005" shutdown="SHUTDOWN">
>>   <Listener className="org.apache.jk.config.ApacheConfig" 
>> modJk="C:/Apache24/modules/mod_jk.so"/>
>>   <Listener 
>> className="org.apache.catalina.startup.VersionLoggerListener" />
>>   <Listener className="org.apache.catalina.core.AprLifecycleListener" 
>> SSLEngine="on" />
>>   <Listener 
>> className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
>>   <Listener 
>> className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" 
>> />
>>   <Listener 
>> className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" /> 
>>
>>
>>   <GlobalNamingResources>
>>     <Resource name="UserDatabase" auth="Container"
>>               type="org.apache.catalina.UserDatabase"
>>               description="User database that can be updated and saved"
>> factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
>>               pathname="conf/tomcat-users.xml" />
>>   </GlobalNamingResources>
>>
>>   <Service name="Catalina">
>>
>>     <Connector port="8080" protocol="HTTP/1.1"
>>                connectionTimeout="20000"
>>                redirectPort="8443" />
>
>
> If you don't want to allow direct access to Tomcat, the Connector 
> above should be removed.
>
>
>>     <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
>
>
> The address attribute should probably be set on the Connector above.  
> Setting it 127.0.0.1 (address="127.0.0.1") will limit access to the 
> local host.
>
> -Terence Bandoian
>
>
>>     <Engine name="Catalina" defaultHost="localhost">
>>       <Realm className="org.apache.catalina.realm.LockOutRealm">
>>         <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
>>                resourceName="UserDatabase"/>
>>       </Realm>
>>
>>       <Host name="localhost"  appBase="webapps"
>>             unpackWARs="true" autoDeploy="true">
>>         <Listener className="org.apache.jk.config.ApacheConfig" 
>> modJk="C:/Apache24/modules/mod_jk.so"/>
>>         <Valve className="org.apache.catalina.valves.AccessLogValve" 
>> directory="logs"
>>                prefix="localhost_access_log" suffix=".txt"
>>                pattern="%h %l %u %t &quot;%r&quot; %s %b" />
>>       </Host>
>>     </Engine>
>>   </Service>
>> </Server>
>>
>> Thanks,
>> Sandip
>>
>>
>> On Thu, Jan 1, 2015 at 7:45 PM, Christopher Schultz 
>> <chris@christopherschultz.net <mailto:chris@christopherschultz.net>>

>> wrote:
>>
>>     -----BEGIN PGP SIGNED MESSAGE-----
>>     Hash: SHA256
>>
>>     Sandip,
>>
>>     On 1/1/15 12:19 AM, Sandip Gaikwad wrote:
>>     > Could you please let me know how to block direct access to tomcat
>>     > and allow access through apache http server only?
>>     >
>>     > I used http://
>>     >
>> http://www.slideshare.net/mohanraj_nagasamy/integrating-tomcat-and-apache-on-windows-presentation
>>     >
>>     >
>>     for reference.
>>
>>     tl;dr
>>
>>     > What indicates that each request is coming from apache httpd only?
>>
>>     Nothing, really. There are ways to determine this, but you are 
>> better
>>     off solving the root problem.
>>
>>     > Example: i have added following code in httpd.conf # Send
>>     > everything for context /example1 to worker named worker1 (ajp13)
>>     > JkMount /example1/* worker1
>>     >
>>     > in tomcat i have two apps example1 and example2
>>     >
>>     > I am expecting to access only http://localhost/example1 . But i 
>> can
>>     > access http://localhost/example2 as well.
>>     >
>>     > How can i stop http://localhost/example2 from being accessed?
>>
>>     Only one process can bind to a single interface+port, so you need to
>>     figure out whether Tomcat or httpd is using port 80.
>>
>>     If httpd is bound to port 80, then the only reasons why a request to
>>     /example2 would hit your application are:
>>
>>        a) You have a JkMount somewhere for that
>>        b) You have made your DocumentRoot = appbase
>>
>>     The first is easy to fix: just remove that JkMount.
>>     The second is a horrible security problem that you'll need to fix
>>     immediately.
>>
>>     - -chris
>>     -----BEGIN PGP SIGNATURE-----
>>     Version: GnuPG v1
>>     Comment: GPGTools - http://gpgtools.org
>>
>> iQIcBAEBCAAGBQJUpVaXAAoJEBzwKT+lPKRYY5AQAJ6+2NAhVtCWl1KMSQj2FGr8
>> TMh/cpFAUiFY8NYbxLhPLZnELf/PhoCZlBAHnUJN7j+ozr5YbjbBW7sVJ9kI3yu8
>> W1lB5zlxZKuVGBp3+GZsMdQcMDr/tg4Jkr8/TFKqUZOo5RPeTVoXxy+azdCNyMuy
>> BdogSIpqpxc1k6r1lQOGljiKzXiZJDdpkJwDau1mnzY8eO54pxZWHIJI63c4gu5y
>> akinaEncJDzI5dFwAQWiL/C+CtO8ujiUePH+FfpwfzoQozqIa+hpCaipwtOdc+0Z
>> V1qCSzLQDMAIKcuPWGnFrn9D8s24f8SasfAh83ca6oA8Ht4YoOEJILhCC81gRFhj
>> HGBLuVtAyfIKYza8Vn3QIoGDzqM/YqCdeOSrZKPkfnhma/lYy7JeuNfzXs8av3Eg
>> q0R8+4K1Bdl8I1J3rDZv/fuQMpWcYcuXpbdHJJ8Iwr7yeSVESrKT/HLtEZJIqBwI
>> F4FucgZUtkzgxodFqKrZBNgHNt0Bqnph04xVivqidhZvdE6SKap3/U5iSHXBNWcP
>> AGlWdWt2pqiWzCA0sHdQaw9AWlOB5RAGGebotnidu2V8PNiNwsjO5Llg0feagr9a
>> rikDkOpwChF3+u5z9yztCBgcNHBo1Nf4UW2eijqtsci+0OJ4cA75A4xjpd5AvrAj
>>     Bz0SrueuRUKvwSEvJus7
>>     =pJXZ
>>     -----END PGP SIGNATURE-----
>>
>> ---------------------------------------------------------------------
>>     To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>     <mailto:users-unsubscribe@tomcat.apache.org>
>>     For additional commands, e-mail: users-help@tomcat.apache.org
>>     <mailto:users-help@tomcat.apache.org>
>>
>>
>>
>>
>> -- 
>> Sandip Gaikwad
>> 9987626799
>


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message