Hi Mark, thanks for your feedback. That may be true of the Red Hat packaging. Your distribution may be > different. Gentoo ships Tomcat with the AJP connector commented out. > yes, several distros disable AJP by default, like ubuntu and debian. So in these OSes if AJP was not manually enabled, they may be safe.
The fixed releases are not a drop-in fix. The fix is to secure the > AJP connection by default, but this requires coordination with the > proxy. If the connector's new 'secretRequired' property is set true > (and this is the default) then Tomcat and proxy must share a secret > which is configured with the connector's 'secret' property. > I tried this out and couldn't get Apache HTTPD to cooperate. I'm told > that the required proxy property was added in a version not yet > released. > Neither me. According to https://httpd.apache.org/docs/2.4/mod/mod_proxy_ajp.html "secret" parameters was added in apache 2.4.42, but I did not find any official packages with it, so "secret/secretRequired" workaround may not be available for some time. I suppose binding the AJP connector to localhost should be enough for most cases (where AJP is required). Regards -- //--------------- Lic. Ariel Jorge Lira SEDICI, Repositorio Institucional de la UNLP - http://sedici.unlp.edu.ar CIC-DIGITAL, Repositorio de la Comisión de Investigaciones CientÃficas - https://digital.cic.gba.gob.ar Calle 49 y 115 S/N Edificio ex-Liceo, Primer Piso (ver mapa <http://sedici.unlp.edu.ar/static/resources/mapa_grande.png>) Universidad Nacional de La Plata - Argentina -- All messages to this mailing list should adhere to the DuraSpace Code of Conduct: https://duraspace.org/about/policies/code-of-conduct/ --- You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/dspace-tech/CAHpnPXU8k%2B%3DABUR%2B%3DDSJoMYb_iB3%3DYAqr4VEyVAOBL9pUvRWhw%40mail.gmail.com.
