Re: [ANN] New committer: Michael Osipov
Am 08.05.2017 um 10:08 schrieb Mark Thomas: On behalf of the Tomcat committers I am pleased to announce that Michael Osipov (michaelo) has been voted in as a new Tomcat committer. Please join me in welcoming him. Congrats and welcome! Rainer - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: tomcat management interface gives 403 forbidden error
On Fri, May 5, 2017 at 12:13 PM, Tim Dunphywrote: > I've had to configure two tomcat servers recently. I've setup one tomcat > server using using version 8.5.13 and that works fine. I can access Server > Status, Manager App and Host Manager web interfaces with no problem. > > But when I tried setting up a new tomcat server running tomcat version > 8.5.14 by copying the same configs from the from the 8.5.13 server I'd > built I get access denied 403 on the Server Status and Manager app. But > oddly only the Host Manager web interface works correctly. I can access > that. > > I need to figure out why the same configs that work on the first server, > give me 403 denied on the second server. > > This is what I have on each: > > Working server Java: > > java version "1.8.0_121" > Java(TM) SE Runtime Environment (build 1.8.0_121-b13) > Java HotSpot(TM) 64-Bit Server VM (build 25.121-b13, mixed mode) > > Non working server have a newer java: > > java version "1.8.0_131" > Java(TM) SE Runtime Environment (build 1.8.0_131-b11) > Java HotSpot(TM) 64-Bit Server VM (build 25.131-b11, mixed mode) > > Everything else is identical in terms of configuration. > > Both have java and tomcat variables setup in /etc/profile: > > JAVA_HOME='/usr/lib/jvm' > CATALINA_HOME='/usr/local/tomcat' > > export PATH USER LOGNAME MAIL HOSTNAME HISTSIZE HISTCONTROL JAVA_HOME > CATALINA_HOME > > Both servers have the same config files, copied from the 1st working server > to the 2nd non working server. > > Tomcat users config: > > cat /usr/local/tomcat/conf/tomcat-users.xml > > roles="manager-gui,admin-gui"/> > > > The context configuration file has this: > > cat /usr/local/tomcat/conf/context.xml > > > > > > > > > And the webapps context.xml config for both tomcats has this: > > cat /usr/local/tomcat/webapps/host-manager/META-INF/context.xml > > > > > > > Why is tomcat server 1 (version 8.5.13) working and the newer tomcat > version (8.5.14) on server 2 not working? > > Thanks in advance! I responded to your post on SO, http://stackoverflow.com/questions/43765049/tomcat-management-interface-gives-403-forbidden-error, a couple days ago. You can answer the questions here or there :) > -- > GPG me!! > > gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [ANN] New committer: Michael Osipov
On Mon, May 8, 2017 at 3:52 PM, Christopher Schultz < ch...@christopherschultz.net> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Michael, > > On 5/8/17 4:08 AM, Mark Thomas wrote: > > On behalf of the Tomcat committers I am pleased to announce that > > Michael Osipov (michaelo) has been voted in as a new Tomcat > > committer. > > > > Please join me in welcoming him. Congratulations!
Re: [ANN] New committer: Michael Osipov
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Michael, On 5/8/17 4:08 AM, Mark Thomas wrote: > On behalf of the Tomcat committers I am pleased to announce that > Michael Osipov (michaelo) has been voted in as a new Tomcat > committer. > > Please join me in welcoming him. Cheers! - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJZEHgrAAoJEBzwKT+lPKRYmOsP/1HL9k29rjD+aRjvoAAfnmM0 aAu9nLvZ1CErjZbQ8wf3hWFZZZoGmAoO3FpSbTAsW1ow0h66yhX4RCBPvOGp7q0d eMl2CFpXyEvAXmFoty97lnrFSHvKsJEtY7VlUyRgJ4jSrEOuKmA3zZHwbwWGGnOb FM2asnm43lOjnNbdDehY7lkt0uB6vo0W9fKOcvURMKZwlmIPQ2fBMBf/pW8iEZZw PSXFV1X5JETN6ozG+cl5E/bn5QbnXxvxb0HtvDisW4csr0VXQ3QXbFT7I70FG6HU 8l2hJUU0iDeNfaxMf/R96z6hEpBYoJaghyVsA4NFyGfYJNy1Ah9Tl9QM3aeGCP0V +SyJGi8nomOnrTSmdbLZ7lRA6uIzHJLaabrm41ttFEHU8I6lOQSE0hiZyLNasP1g 8VxRhHIPkNjgVLsAqrDfPtaVVV9mdfCCEfRsoCi6sHrfaIhRq4j6fdJ4qxwKjSHz X6WYTAqMHNoSU57NzLs3AcpmttGTu8iSXfXbDdycHGlUFG1jRpmUHGLz5NQ56oNn 0DcbF2mpEAx/y2kdfJE2NmyYmPLtoGBhcIhV5MKmgBdRzbGtIFV2puVG/AKgIFms kUL3CuHr4ISkt2Ay+PYaFxkqg/ye/dgRRRDrsQVjNSRhXcXzNBmxiwy0Nsji77lC XYM9mZeJrLLr8fEStYlg =aIg3 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: tomcat 8.5.14, gives 400 error when using a | in the request parameters
On 08/05/17 13:53, John Zanoni wrote: > Dear, > > After upgrading tomcat to version 8.5.14 the webserver returns a 400 > error when accessing any web page using a | (pipe) in one of the > request parameters. > > The | (pipe) is added when the URL is re-written using google > analytics _getLinkerUrl(), see javascript function below. > > var pageTracker = _gat._getTrackerByName(); var > uri=pageTracker._getLinkerUrl(“http://shop.bakkerijhaasnoot.nl”); > alert(uri); > > http://shop.bakkerijhaasnoot.nl?__utma=68893267.349269500.1493841017.1493841017.1493913856.2&__utmb=68893267.38.9.1493914656569&__utmc=68893267&__utmx=-&__utmz=68893267.1493841017.1.1.utmcsr=(direct) > | utmccn=(direct) | utmcmd=(none)&_utmv=-&_utmk=59369258 > > Previous to tomcat 8.5.14 this was never an issue. It is possible to > replace the | (pipe) for a %7C this prevents tomcat from returning a > 400 error but how can we tell tomcat not to response with a 400 when > a | (pipe) is used in the value of one of the parameters. We rolled > back to an older version (tomcat 8.5.4) to solve the issue but this > is actually a temporary solution. The various specifications (RFC 7230, RFC 3986) do not permit the use of an un-encoded '|' character anywhere in the request target. Due to CVE-2016-6816 all versions of Tomcat are now much stricter about enforcing the specifications in this area. The right solution is fixing the broken client that is sending an invalid request. In 8.5.x, 8.0.x and 7.0.x (you'll need a recent release) there is a system property you can use to bypass this validation in a strictly limited set of cases - currently '{', '|' and '}'. However, this should be viewed as a short-term hack around the broken client code. There are no plans to make this feature available in 9.0.x. You for tomcat.util.http.parser.HttpParser.requestTargetAllow in http://tomcat.apache.org/tomcat-8.5-doc/config/systemprops.html Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
tomcat 8.5.14, gives 400 error when using a | in the request parameters
Dear, After upgrading tomcat to version 8.5.14 the webserver returns a 400 error when accessing any web page using a | (pipe) in one of the request parameters. The | (pipe) is added when the URL is re-written using google analytics _getLinkerUrl(), see javascript function below. var pageTracker = _gat._getTrackerByName(); var uri=pageTracker._getLinkerUrl(“http://shop.bakkerijhaasnoot.nl”); alert(uri); http://shop.bakkerijhaasnoot.nl?__utma=68893267.349269500.1493841017.1493841017.1493913856.2&__utmb=68893267.38.9.1493914656569&__utmc=68893267&__utmx=-&__utmz=68893267.1493841017.1.1.utmcsr=(direct) | utmccn=(direct) | utmcmd=(none)&_utmv=-&_utmk=59369258 Previous to tomcat 8.5.14 this was never an issue. It is possible to replace the | (pipe) for a %7C this prevents tomcat from returning a 400 error but how can we tell tomcat not to response with a 400 when a | (pipe) is used in the value of one of the parameters. We rolled back to an older version (tomcat 8.5.4) to solve the issue but this is actually a temporary solution. Thanks in advance! John Zanoni - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [ANN] New committer: Michael Osipov
Good to hear this! We look forward to your excellent work here On 8 May 2017 at 11:58, Martin Grigorovwrote: > Welcome, Michael! > > Martin Grigorov > Wicket Training and Consulting > https://twitter.com/mtgrigorov > > On Mon, May 8, 2017 at 10:08 AM, Mark Thomas wrote: > > > On behalf of the Tomcat committers I am pleased to announce that > > Michael Osipov (michaelo) has been voted in as a new Tomcat committer. > > > > Please join me in welcoming him. > > > > Regards, > > > > Mark > > > > - > > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > > For additional commands, e-mail: dev-h...@tomcat.apache.org > > > > >
Re: [ANN] New committer: Michael Osipov
Welcome, Michael! Martin Grigorov Wicket Training and Consulting https://twitter.com/mtgrigorov On Mon, May 8, 2017 at 10:08 AM, Mark Thomaswrote: > On behalf of the Tomcat committers I am pleased to announce that > Michael Osipov (michaelo) has been voted in as a new Tomcat committer. > > Please join me in welcoming him. > > Regards, > > Mark > > - > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > >
Re: [ANN] New committer: Michael Osipov
2017-05-08 11:08 GMT+03:00 Mark Thomas: > > On behalf of the Tomcat committers I am pleased to announce that > Michael Osipov (michaelo) has been voted in as a new Tomcat committer. > > Please join me in welcoming him. Welcome! Regards, Violeta > Regards, > > Mark > > - > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org >
Re: [ANN] New committer: Michael Osipov
Congratulations! -- From:Mark ThomasTime:2017 May 8 (Mon) 16:08 To:Tomcat Users List Cc:Tomcat Developers List Subject:[ANN] New committer: Michael Osipov On behalf of the Tomcat committers I am pleased to announce that Michael Osipov (michaelo) has been voted in as a new Tomcat committer. Please join me in welcoming him. Regards, Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
[ANN] New committer: Michael Osipov
On behalf of the Tomcat committers I am pleased to announce that Michael Osipov (michaelo) has been voted in as a new Tomcat committer. Please join me in welcoming him. Regards, Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org