2011/9/9 Christopher Schultz <ch...@christopherschultz.net>:
> On 9/8/2011 11:47 AM, Mark Thomas wrote:
>> On 08/09/2011 16:13, Christopher Schultz wrote:
>>> All, https://issues.apache.org/bugzilla/show_bug.cgi?id=51698
>>>
>>> Mark's official report to the users' list indicates that setting a
>>> "secret" for the AJP connection does the trick. (I tried this
>>> myself before digging-up his message and can confirm that the
>>> sample code fails when a "secret" is set).
>>>
>>> Should we mention this on the Security page directly for those who
>>> didn't read the announcement on the users' list?
>>
>> No reason why not. Go for it.
>
> Okay. Any idea if mod_proxy_ajp supports the shared secret? The
> documentation is so light on actually using mod_proxy_ajp that it might
> be supported ("ProxyPass /foo ajp://bar secret=changeit"?) but
> completely undocumented in the httpd documentation.
>
> This is all I could find:
>(..)
>
I understand that the sources for that module for the current HTTPD
branch are in the following place in ASF svn:
/httpd/httpd/branches/2.2.x/modules/proxy/
The only code that mentions "secret" is in ajp_header.c there (besides
a constant declared in ajp_header.h) and it is commented out
/* XXXX need to figure out how to do this
if (s->secret) {
There is no parameter or local variable named "s" in that method, so
it probably originates from mod_jk.
Best regards,
Konstantin Kolinko
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
