Author: kkolinko
Date: Wed Sep 21 21:54:34 2011
New Revision: 1173883
URL: http://svn.apache.org/viewvc?rev=1173883&view=rev
Log:
Clarify how AJP connector implementation is configured in Tomcat 5.5 and 6.0.
Modified:
tomcat/site/trunk/docs/security-5.html
tomcat/site/trunk/docs/security-6.html
tomcat/site/trunk/xdocs/security-5.xml
tomcat/site/trunk/xdocs/security-6.xml
Modified: tomcat/site/trunk/docs/security-5.html
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-5.html?rev=1173883&r1=1173882&r2=1173883&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-5.html (original)
+++ tomcat/site/trunk/docs/security-5.html Wed Sep 21 21:54:34 2011
@@ -474,18 +474,31 @@
<p>Affects: 5.5.0-5.5.33</p>
- <p>Mitigation options:</p>
+ <p>Mitigation options:</p>
<ul>
- <li>Upgrade to Tomcat 5.5.34</li>
- <li>Apply the appropriate <a href="
http://svn.apache.org/viewvc?rev=1162960&view=rev";>patch</a>
+ <li>Upgrade to Tomcat 5.5.34.</li>
+ <li>Apply the appropriate <a
href="http://svn.apache.org/viewvc?view=rev&rev=1162960";>patch</a>.</li>
+ <li>Configure both Tomcat and the reverse proxy to use a shared
secret.<br/>
+ (It is "<code>request.secret</code>" attribute in AJP
<Connector>,
+ "<code>worker.<i>workername</i>.secret</code>" directive for mod_jk.
+ The mod_proxy_ajp module currently does not support shared secrets).
+ </li>
+ <li>Use the org.apache.jk.server.JkCoyoteHandler (BIO) AJP connector
+ implementation.<br/>
+ (It is automatically selected if you do not have Tomcat-Native library
+ installed. It can be also selected explicitly:
+ <code><Connector
protocol="org.apache.jk.server.JkCoyoteHandler"></code>).
+ </li>
+ </ul>
+
+ <p>References:</p>
+ <ul>
+ <li>
+<a href="/tomcat-5.5-doc/config/ajp.html">AJP Connector documentation (Tomcat
5.5)</a>
+</li>
+ <li>
+<a href="/connectors-doc/reference/workers.html">workers.properties
configuration (mod_jk)</a>
</li>
- <li>Configure both Tomcat and the reverse proxy to use a shared secret
- ("request.secret" attribute in
- <a href="/tomcat-5.5-doc/config/ajp.html"><Connector></a>;
- "worker.<i>workername</i>.secret" directive for
- <a href="/connectors-doc/reference/workers.html">mod_jk</a>;
- mod_proxy_ajp currently does not support shared secrets)</li>
- <li>Use the org.apache.jk.server.JkCoyoteHandler (BIO) AJP connector</li>
</ul>
</blockquote>
</p>
Modified: tomcat/site/trunk/docs/security-6.html
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-6.html?rev=1173883&r1=1173882&r2=1173883&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-6.html (original)
+++ tomcat/site/trunk/docs/security-6.html Wed Sep 21 21:54:34 2011
@@ -367,16 +367,29 @@
<p>Mitigation options:</p>
<ul>
- <li>Upgrade to Tomcat 6.0.34</li>
- <li>Apply the appropriate <a
href="http://svn.apache.org/viewvc?rev=1162959&view=rev";>patch</a>
+ <li>Upgrade to Tomcat 6.0.34.</li>
+ <li>Apply the appropriate <a
href="http://svn.apache.org/viewvc?view=rev&rev=1162959";>patch</a>.</li>
+ <li>Configure both Tomcat and the reverse proxy to use a shared
secret.<br/>
+ (It is "<code>request.secret</code>" attribute in AJP
<Connector>,
+ "<code>worker.<i>workername</i>.secret</code>" directive for mod_jk.
+ The mod_proxy_ajp module currently does not support shared secrets).
+ </li>
+ <li>Use the org.apache.jk.server.JkCoyoteHandler (BIO) AJP connector
+ implementation.<br/>
+ (It is automatically selected if you do not have Tomcat-Native library
+ installed. It can be also selected explicitly:
+ <code><Connector
protocol="org.apache.jk.server.JkCoyoteHandler"></code>).
+ </li>
+ </ul>
+
+ <p>References:</p>
+ <ul>
+ <li>
+<a href="/tomcat-6.0-doc/config/ajp.html">AJP Connector documentation (Tomcat
6.0)</a>
+</li>
+ <li>
+<a href="/connectors-doc/reference/workers.html">workers.properties
configuration (mod_jk)</a>
</li>
- <li>Configure both Tomcat and the reverse proxy to use a shared secret
- ("request.secret" attribute in
- <a href="/tomcat-6.0-doc/config/ajp.html"><Connector></a>;
- "worker.<i>workername</i>.secret" directive for
- <a href="/connectors-doc/reference/workers.html">mod_jk</a>;
- mod_proxy_ajp currently does not support shared secrets)</li>
- <li>Use the org.apache.jk.server.JkCoyoteHandler (BIO) AJP connector</li>
</ul>
</blockquote>
</p>
Modified: tomcat/site/trunk/xdocs/security-5.xml
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-5.xml?rev=1173883&r1=1173882&r2=1173883&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-5.xml (original)
+++ tomcat/site/trunk/xdocs/security-5.xml Wed Sep 21 21:54:34 2011
@@ -164,17 +164,27 @@
<p>Affects: 5.5.0-5.5.33</p>
- <p>Mitigation options:</p>
+ <p>Mitigation options:</p>
<ul>
- <li>Upgrade to Tomcat 5.5.34</li>
- <li>Apply the appropriate <a href="
http://svn.apache.org/viewvc?rev=1162960&view=rev";>patch</a></li>
- <li>Configure both Tomcat and the reverse proxy to use a shared secret
- ("request.secret" attribute in
- <a href="/tomcat-5.5-doc/config/ajp.html"><Connector></a>;
- "worker.<i>workername</i>.secret" directive for
- <a href="/connectors-doc/reference/workers.html">mod_jk</a>;
- mod_proxy_ajp currently does not support shared secrets)</li>
- <li>Use the org.apache.jk.server.JkCoyoteHandler (BIO) AJP connector</li>
+ <li>Upgrade to Tomcat 5.5.34.</li>
+ <li>Apply the appropriate <revlink rev="1162960">patch</revlink>.</li>
+ <li>Configure both Tomcat and the reverse proxy to use a shared
secret.<br />
+ (It is "<code>request.secret</code>" attribute in AJP
<Connector>,
+ "<code>worker.<i>workername</i>.secret</code>" directive for mod_jk.
+ The mod_proxy_ajp module currently does not support shared secrets).
+ </li>
+ <li>Use the org.apache.jk.server.JkCoyoteHandler (BIO) AJP connector
+ implementation.<br />
+ (It is automatically selected if you do not have Tomcat-Native library
+ installed. It can be also selected explicitly:
+ <code><Connector
protocol="org.apache.jk.server.JkCoyoteHandler"></code>).
+ </li>
+ </ul>
+
+ <p>References:</p>
+ <ul>
+ <li><a href="/tomcat-5.5-doc/config/ajp.html">AJP Connector
documentation (Tomcat 5.5)</a></li>
+ <li><a href="/connectors-doc/reference/workers.html">workers.properties
configuration (mod_jk)</a></li>
</ul>
</section>
Modified: tomcat/site/trunk/xdocs/security-6.xml
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-6.xml?rev=1173883&r1=1173882&r2=1173883&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-6.xml (original)
+++ tomcat/site/trunk/xdocs/security-6.xml Wed Sep 21 21:54:34 2011
@@ -66,15 +66,25 @@
<p>Mitigation options:</p>
<ul>
- <li>Upgrade to Tomcat 6.0.34</li>
- <li>Apply the appropriate <a
href="http://svn.apache.org/viewvc?rev=1162959&view=rev";>patch</a></li>
- <li>Configure both Tomcat and the reverse proxy to use a shared secret
- ("request.secret" attribute in
- <a href="/tomcat-6.0-doc/config/ajp.html"><Connector></a>;
- "worker.<i>workername</i>.secret" directive for
- <a href="/connectors-doc/reference/workers.html">mod_jk</a>;
- mod_proxy_ajp currently does not support shared secrets)</li>
- <li>Use the org.apache.jk.server.JkCoyoteHandler (BIO) AJP connector</li>
+ <li>Upgrade to Tomcat 6.0.34.</li>
+ <li>Apply the appropriate <revlink rev="1162959">patch</revlink>.</li>
+ <li>Configure both Tomcat and the reverse proxy to use a shared
secret.<br />
+ (It is "<code>request.secret</code>" attribute in AJP
<Connector>,
+ "<code>worker.<i>workername</i>.secret</code>" directive for mod_jk.
+ The mod_proxy_ajp module currently does not support shared secrets).
+ </li>
+ <li>Use the org.apache.jk.server.JkCoyoteHandler (BIO) AJP connector
+ implementation.<br />
+ (It is automatically selected if you do not have Tomcat-Native library
+ installed. It can be also selected explicitly:
+ <code><Connector
protocol="org.apache.jk.server.JkCoyoteHandler"></code>).
+ </li>
+ </ul>
+
+ <p>References:</p>
+ <ul>
+ <li><a href="/tomcat-6.0-doc/config/ajp.html">AJP Connector
documentation (Tomcat 6.0)</a></li>
+ <li><a href="/connectors-doc/reference/workers.html">workers.properties
configuration (mod_jk)</a></li>
</ul>
</section>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
