Apache Tomcat product release roadmap
Hi All, I want to know what is the frequency of product release cycle of Apache Tomcat, Is there any product roadmap list available anywhere ? *Thanks and Regards* *Akshat Tandon*
Re: 404 errors accessing webapp URLs using local IP address on fresh Tomcat 8.5.9 install
Thanks for the help Christopher, I resolved this by adding 192.168.0.2 to hostB's httpd.conf file as a VirtualHost, then including JkMount for mod_jk. - Original Message - From: "Christopher Schultz" To: "Tomcat Users List" Sent: Tuesday, January 10, 2017 11:50:27 AM Subject: Re: 404 errors accessing webapp URLs using local IP address on fresh Tomcat 8.5.9 install -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 To whom it may concern, On 1/9/17 12:57 AM, modjkl...@comcast.net wrote: > I have two Linux servers connected via a cross-connect cable with > internal IP addresses 192.168.0.1 (hostA) and 192.168.0.2 (hostB). > > > hostA runs CentOS 5, and hostB CentOS 7. > > hostB runs Apache 2.4.x, and Tomcat 8.5.9. All web traffic gets > routed to port 443 (e.g. HTTPS) of Apache web server hostB. All web > application traffic (e.g. > https://www.example.com/mywebapp/somepage) is then passed to Tomcat > via mod_jk version 1.2.42 on port 8009. Additionally, hostB Apache > web server is configured to listen on 192.168.0.2 port 8009 (hostA > Apache web server is not configured as such). > > If hostA attempts to access a webpage on hostB (via hostB external > IP address) from a browser or command line, such as: [root@hostA > ~]# curl -I http://www.example.com/mywebapp/somepage > > it returns status 200 (good). > > Now, if I modify the hostA /etc/hosts file hostA accesses to my > website (www.example.com) on hostB through the cross-connect cable > (e.g. 192.168.0.2 rather than the external IP address), the webpage > returns error 404. > > What can I change to get status 200? > > My web addresses are xxx.xxx.xxx.xxx (e.g. IPv4). I know Tomcat > configures IPv6 by default. So, I modified the setenv.sh as > follows: > > CATALINA_OPTS="-Xms512M -Xmx1024M -Djava.awt.headless=true > -Djava.net.preferIPv4Stack=true > -Djava.net.preferIPv4Addresses=true" > > This didn't change the result. > > As another clue, I observe that hostA always reports status 200 > (good) when accessing any hostB webpage in www.example.com that is > NOT part of /mywebapp, for both internal and external IP addresses. > > > Any ideas what I can try to resolve this? I'm new to Tomcat and > this is fresh install (previously used GlassFish) on a brand new > server. Thanks in advance for any advice. What does hostA say when you issue "host [hostB]" from the command-line? - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJYdTsDAAoJEBzwKT+lPKRYQY8QAL2d3o6cqoNJ4ENxOA9al6i+ VETnlJ5JjDsAC0hzbd0c8eRZj8NryptV9hbx7nmVeIRNs+Pgr56BxIsmih+QGT+p vDCdeJEfcYXPdStpPOmBu1u+FfCJDIUEFevxigqYsvav/1UUXdoV3aW8ThyQaddd 30ecS9NmTaijYZjHA/ufTOymuFgSnwAwkO7PbwV1hWG/JNqnXNLM+Dywkv/5CqH/ DpbquCyiDrvDZVCBsvOUIRGfXyH3czxOHycGfl8GarNoskuvrc9gxHkSwc3HvIau qlfd7g9SICwrLeVcm02SbTkkUJV/xIV6p5csPMKt5bID3+MciX+XjOoFlo6GWVGY 6UtZ0OFvznvgb2wgOMEmf9N1ORqj1a8765VDae2oTJhpNoygW55/WwJT/s24gohz xEGTw5Fqddo8s8IzTWbIOChWSwQ1V/1gtjJJgn/O/JUyAobFvMipWAGLztfo/w4V +shtlh/+rRAigFrgc7cYAfp4+SMbnDCD4MBJHBdrgjAQuH1bg4+CbdN6WkhNsi0+ rcPFUJUQPxmdN1HtYAUmeXXEfMPuMJNhP3Dsq6L7RpEmKAFdkwrPe2AXkP/TzbeH yy/4M1Ng1EBMZuWHnEylo3o0A4qtp139o3B/gJiwZ5CVnQXxCwv0MsjiY9Z6wPPm FuzFy8TTIECLskz4vn5C =LNg6 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Best way to find out how many DB connections that are open at any given time
As always, thank you Christopher, I'll take a look at the slides. And Thank you to the other for pointing me in some directions for this. -Joleen On Tue, Jan 10, 2017 at 3:19 PM, Christopher Schultz < ch...@christopherschultz.net> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Joleen, > > On 1/10/17 11:10 AM, Joleen Barker wrote: > > Hello All, > > > > Details: Tomcat Version: 7.0.64.0 Java Version: 1.8.0 OS: AIX 6.1 > > Database: Oracle 11 > > > > The web application installed on the server above makes data > > connections to run file transfers from point A to point B. The > > default Database connection setting that are set when the > > application server comes up are as follows: > > > > DataBasePoolingFlag - APACHE MaxActive - 400 MaxIdle - 20 MinIdle - > > 10 > > > > We had an incident where all these connections were actually used > > up due to a script someone had that looped. I need to determine at > > any given point in time how many DB connections exist from the web > > application to the DB. There may be more than one way to do this. I > > am sure there is a DB command that could be run against the schema > > but the schema is pointed to by many servers. I am wondering if > > there is a java command of some kind that I could run that may tell > > me how many connections are open at that time or possibly a tomcat > > or apache command. > > This may be helpful: > > http://people.apache.org/~schultz/ApacheCon%20NA%202016/Monitoring%20Apa > che%20Tomcat%20with%20JMX.pdf > > Slides 15-16 show you where you can find the DataSource information > via JMX, and then later on in the presentation there are slides to > show how you can get that information via HTTP instead of JMX. Scripts > are provided to fetch a value at intervals, track values over time, etc. > > - -chris > -BEGIN PGP SIGNATURE- > Comment: GPGTools - http://gpgtools.org > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ > > iQIcBAEBCAAGBQJYdUHCAAoJEBzwKT+lPKRY8lAP/0C6wfLboz4K2MxaHR/86moX > sKIev9jV+wQ17n0nf1Wj1UA7GDGALye485Z2XMgIjlOaXmufVClfa3MWY07z+bv2 > R67AmDQ797jlCwTAAhpaRtB0FJmX4cd0EnJkC9r03NCH+kPRIK8G91bkgn8ehw4L > x0jrgKO/N0UEpshNI/baPxRJRX7yr83g2ZHiKVoFAXM25rEcJNSPOkvlTkBxZ5Yv > RCQuobinJa9X64p8beYXSkO/9wbP+b5/wcUxpewfvByK9Hits+n33/Mbq5RpKlR7 > vIHpwDJKlTo2/8ivIDHngIPiRQetlXEgwSWwN+5Fsr+V4bFSh6XnzIBAiB8SNoua > A9m71pyOoyQhdAAQzNfWwtLPWg9jrDaIRB7bj+HnbrKnCUa4rDyWfUDm4IwanfLW > QcDUggAgD151UstbSAQafLKJb0TBCWqHpIAvsJwCziOb6LnvtIf5xoLe7s48JZE9 > 44YfDFI4qg0NSdP59vF/Z1Ho5sveScHrcgmB03BGWVunj9caclqKOWWnJOscAVLJ > UXQG0B6VvboLJRgKUU4/z0s1a2sOcTLRUz+H1Ib9giqLirI6NVYUSg0lEZdVm5BA > 0Ctwd6qD7G1j8e4ZiuChC3paCA0nYVhEea0dAVHXB+ZYER89yeoBzPkZnc/vWLEe > LO1AZaxZ2nDebk0ubBn9 > =JgPw > -END PGP SIGNATURE- > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Re: LogAbandoned Stack Trace?
On 1/10/17 12:48 PM, Christopher Schultz wrote: > Phil, > > On 1/8/17 5:41 PM, Phil Steitz wrote: > > On 1/6/17 3:44 PM, Jerry Malcolm wrote: > >> On 1/6/2017 4:30 PM, Christopher Schultz wrote: > >>> -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 > >>> > >>> Jerry, > >>> > >>> On 1/6/17 10:35 AM, Jerry Malcolm wrote: > I'm getting "too many connections" errors. > >>> Where? > >>> > >>> Can you provide an exact error message and, better yet, a > >>> stack trace? > >>> > I'm pretty sure I am configured with enough connections that > I shouldn't run out. So I'm assuming I'm leaving some > connections open. > >>> That's a good assumption. > >>> > I have LogAbandoned="true" in my jdbc resource statements. > The doc says TC will log a stack trace of abandoned > connections. But I don't see any stack traces. Would they > be in stderr, stdout, catalina log? Or is it that I'm > actually not getting any abandoned? > >>> Which db connection pool are you using? Standard (DBCP-based) > >>> or tomcat-pool? A full (sanitized) configuration > >>> would help. > >>> > >>> - -chris > >>> > >> Chris, Stack trace follows. It looks like it may be mySQL > >> that's rejecting the connection. But even if that's the case, > >> it's probably because I'm not closing some connections, which > >> should still generate a logAbandoned stack trace, correct? I > >> believe I'm using dbcp. Not doing anything fancy... Just > >> defining data source resources in the context file: > >> > >> >> name="jdbc/cis" auth="Container" type="javax.sql.DataSource" > >> maxTotal="100" maxIdle="30" maxWaitMillis="1" > >> removeAbandoned="true" removeAbandonedTimeout="60" > >> logAbandoned="true" username="" password="xxx" > >> driverClassName="com.mysql.jdbc.Driver" > >> url="jdbc:mysql://localhost:3306/xx" /> > > In dbcp 2, the "removeAbandoned" config option was replaced by > > removedAbondonedOnBorrow and removeAbandonedOnMaintenance. You > > need to set one of these to true the get abandoned connection > > cleanup to work. See [1]. > > > |Phil > > > [1] > > http://commons.apache.org/proper/commons-dbcp/configuration.html > > +1 > > Jerry never said what version of Tomcat he was using... I was assuming > a DBCP 1.x-based version given his configuration. >From the stack trace, you can see dbcp2 in the package names. I am correct in assuming that tomcat does not kindly s/removeAbandoned/removeAbandonedOnBorrow, right? Phil > > -chris > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Vulnerability Issue with Apache Tomcat 8.0.15 with CSRF token
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Abhishek, On 1/10/17 8:03 AM, Kumar, Abhishek (IT Information Services ) wrote: > Hi Peter, > > Thank You! > > So, the solution would be to switch to the upgraded version for > this fix? You could also completely remove access to the manager application from untrusted IP addresses/ranges. IIRC CSRF tokens are only generated once the user has been allowed to access the application. So using e.g. RemoteAddressFilter before CSRF filter should protect against an unauthenticated attacker from gaining a CSRF token. But your version of Tomcat is quite old (more than 2 years out of date), so upgrading should be on your short list of things to do. http://tomcat.apache.org/security-8.html - -chris > -Original Message- From: Kreuser, Peter > [mailto:pkreu...@airplus.com] Sent: Tuesday, January 10, 2017 5:25 > PM To: Tomcat Users List Subject: AW: > Vulnerability Issue with Apache Tomcat 8.0.15 with CSRF token > > Hi Abishek, > >> -Ursprüngliche Nachricht- Von: Kumar, Abhishek (IT >> Information Services ) >> [mailto:abhishek.kum...@originenergy.com.au] Gesendet: Dienstag, >> 10. Januar 2017 12:17 An: users@tomcat.apache.org Betreff: >> Vulnerability Issue with Apache Tomcat 8.0.15 with CSRF token >> >> >> Hi, >> >> The Apache Tomcat web server running on the Load balancer is >> affected by an information disclosure vulnerability in the index >> page of the Manager and Host Manager applications. An >> unauthenticated attacker can exploit this vulnerability to obtain >> a valid cross-site request forgery (CSRF) token during the >> redirect issued when requesting /manager/ or /host-manager/. This >> token can be utilized by an attacker to construct a CSRF attack. >> >> This is a Vulnerability issue with Tomcat 8.0.15. >> >> We have this version of Tomcat installed in our Servers. >> >> As suggested by Tomcat, this has been addressed and fixed after >> 8.0.32 versions. >> >> Restrict access to the /manager URL from unauthorised IP >> addresses by implementing access control lists that only permit >> authorised management stations or subnets. For more information, >> see: >> >> https://urldefense.proofpoint.com/v2/url?u=http-3A__tomcat.apache.org _security-2D8.html-23Fixed-5Fin-5FApache-5FTomcat-5F8.0.32&d=DgIFAg&c=Zg VRmm3mf2P1-XDAyDsu4A&r=-JJsXOks_2Pd13691jEHA6PBSyPcGzblOMm00qdlxbs&m=54n d4qu7eMUZgW9FFIX2Q9G2FdQGJ69mCZu7VvFyN0s&s=y_OfZJOm3x6d8KgLtJS6flhRUDt_I 8Aqk6kymbu3u2k&e= >> >> >> >> But, We do not want to upgrade the Tomcat right now. >> >> Is there a way to implement this fix in our current Tomcat >> Version. >> >> >> Kind Regards, Abhishek Kumar >> >> Note: This email, including any attachments, is confidential. If >> you have received this email in error, please advise the sender >> and delete it and all copies of it from your system. If you are >> not the intended recipient of this email, you must not use, >> print, distribute, copy or disclose its content to anyone >> >> - >> >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> > > > from a security standpoint there is no way around updating. > > Specifically the CSRF attack is executed from the client, so > whoever is at one of the authorized management stations will be > executing the CSRF requests. > > Aside from this one vulnerability all versions up to the current > 8.0.40 fix a whole load of flaws. So whenever you restrict access > to the management console (via RemoteAddrValve), all other > vulnerabilities that are more than Info disclosures will still > persist. > > Best regards > > Peter > > > Peter Kreuser AirPlus International Security Officer - Application > Development > > - > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > > > - > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJYdUNLAAoJEBzwKT+lPKRYZ80P/3DNa4kW6z8cB1sdmm6GUK8O Y7f0uzEYIIlirTqy091taJI7eH3jXpURtA2gJMy7LXFfTLkLFGOiM4FqPZdSQyuO FcptphXkoYSejGdr0tFMA7LhefTkHvJWkpcIfZVELfeED+ZpWPKK1ttoXwOi/SRF Jg1pdhssRTTfve+aZMdiYW/+ARWgT1FG53Cl+7FXPETr64jvTxnAz77PGTHj5g0a GHZf98b05pmHuQdb1fYJg7GG1Jez2GhbVs5FU6+NWxNA+s3XgPp0nG1hKeNJTbAR wO97nZoKyABPlznEpcZZVreLU5T/AF4+fnpEIAAwD7OyvGrmVZKJI66foex1ctPg HCH4SrHMNgfeyhB0S5TjYEfWhlxTy7GsctKiFZOLbfKEH74VGe1zEesF3XdTmBAs OLBPjCgFQyvbOyr68RVv9Sk8uM+aYXFWJfpk18dMevr87LM1NEEscbZ4c+0y2WWP Tu2hN8Ig/SBw7amUn4qBIDbABnGO5RHcWmENa4HavlKwW+eGMZsPsl/Ktj43+f5E m/PIhVKnvYQIvAhGrpuJ
Re: Best way to find out how many DB connections that are open at any given time
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Joleen, On 1/10/17 11:10 AM, Joleen Barker wrote: > Hello All, > > Details: Tomcat Version: 7.0.64.0 Java Version: 1.8.0 OS: AIX 6.1 > Database: Oracle 11 > > The web application installed on the server above makes data > connections to run file transfers from point A to point B. The > default Database connection setting that are set when the > application server comes up are as follows: > > DataBasePoolingFlag - APACHE MaxActive - 400 MaxIdle - 20 MinIdle - > 10 > > We had an incident where all these connections were actually used > up due to a script someone had that looped. I need to determine at > any given point in time how many DB connections exist from the web > application to the DB. There may be more than one way to do this. I > am sure there is a DB command that could be run against the schema > but the schema is pointed to by many servers. I am wondering if > there is a java command of some kind that I could run that may tell > me how many connections are open at that time or possibly a tomcat > or apache command. This may be helpful: http://people.apache.org/~schultz/ApacheCon%20NA%202016/Monitoring%20Apa che%20Tomcat%20with%20JMX.pdf Slides 15-16 show you where you can find the DataSource information via JMX, and then later on in the presentation there are slides to show how you can get that information via HTTP instead of JMX. Scripts are provided to fetch a value at intervals, track values over time, etc. - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJYdUHCAAoJEBzwKT+lPKRY8lAP/0C6wfLboz4K2MxaHR/86moX sKIev9jV+wQ17n0nf1Wj1UA7GDGALye485Z2XMgIjlOaXmufVClfa3MWY07z+bv2 R67AmDQ797jlCwTAAhpaRtB0FJmX4cd0EnJkC9r03NCH+kPRIK8G91bkgn8ehw4L x0jrgKO/N0UEpshNI/baPxRJRX7yr83g2ZHiKVoFAXM25rEcJNSPOkvlTkBxZ5Yv RCQuobinJa9X64p8beYXSkO/9wbP+b5/wcUxpewfvByK9Hits+n33/Mbq5RpKlR7 vIHpwDJKlTo2/8ivIDHngIPiRQetlXEgwSWwN+5Fsr+V4bFSh6XnzIBAiB8SNoua A9m71pyOoyQhdAAQzNfWwtLPWg9jrDaIRB7bj+HnbrKnCUa4rDyWfUDm4IwanfLW QcDUggAgD151UstbSAQafLKJb0TBCWqHpIAvsJwCziOb6LnvtIf5xoLe7s48JZE9 44YfDFI4qg0NSdP59vF/Z1Ho5sveScHrcgmB03BGWVunj9caclqKOWWnJOscAVLJ UXQG0B6VvboLJRgKUU4/z0s1a2sOcTLRUz+H1Ib9giqLirI6NVYUSg0lEZdVm5BA 0Ctwd6qD7G1j8e4ZiuChC3paCA0nYVhEea0dAVHXB+ZYER89yeoBzPkZnc/vWLEe LO1AZaxZ2nDebk0ubBn9 =JgPw -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: TomcatCon @ ApacheCon
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Coty, On 1/9/17 2:48 PM, Coty Sutherland wrote: > Would anyone be interested (and is it within the guidelines) to > talk about the differences in some tomcat distributions? Like the > difference in the Red Hat linux and Debian tomcat distributions, > for example. I know it isn't 100% ASF Tomcat, but I get a lot of > inquiries about where to find stuff on freenode so it might be a > helpful conversation for the community to have. On the other hand I > don't want to blur the lines between where responsibilities lie, > where people should ask questions, etc... +1 Perhaps we could have some representatives from the various distributions give a joint presentation. Coty, are you in any way involved with the RHEL package-management of Tomcat? Emmanuel Bourg appears to be involved with the Debian package-managed distributions of Tomcat. The speakers might want to come prepared to be hit with a few tomatoes, since distro-specific weirdness is something of a popular topic. Often "install the official ASF distribution" seems to fix many issues posted here. I think it would be a good idea to use some of that time to solicit feedback from the audience about what the distros could do to make things easier... and perhaps what Tomcat could to to make things easier for the distros. Package-managed versions of Tomcat always seem to be hideously out-of-date, for example. Perhaps that's due to our distribution style (new version) which is quite different from httpd's style (patches + occasional new versions). - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJYdUCIAAoJEBzwKT+lPKRYXDoP/01Pcii1MxSNh8+9SjNt39b2 1IT0L1oy/JThdnuidyxwSrgNfhb5hZCpWWbEaoXHBS2tS6UUTPeTcuCoPQUQ0klw 2+Ij9PsQ94PB1zAKmWFBc7kxlv1zePEJEJSquqMsz2MBt3XYSHRuATJSzmFucqDs 2DiSuTXV7TC9uQuOWVKDPj4052vQbAdsqHH32RqAPdqcQP67U9+YJqZkouigj5ng tTEI8ph6UfZDv/k0u5i/CUEbRN4T4U5LORSJBrWI7ubNjLWx+/lLQKdAXcLxFHDh uthvVYTawJwKxHY/U+542QbZ7uR2WKr6NQjbE5/t0Scun+vws1BCnIJ04VENePF4 i0jK9KrNeRnsWQLj2RAc7xOgEC26Rv8LXokRgUFR5QRSvaIOL/jTbP8VLO0O9ugh JeYTg7ERAaCvy2OGGaidxVrhcVFBRz1jAk/kyhe5EYJNutnYcN4m8xuLkIkndv2/ RT9czqsiuflNeI3W1zxihFsjoc9Dnh2Pzwi2ZMolQqgmz+YBdT6+4moFyooB9M5b XMumkAzPkc9pidABw7AJWzDRipxoCvf3v86EeXuXL5+vDAME1fzGMHDSp61PPvy9 MNu45qKyV2XPr7K0kAM6YnIpqGucWVVsm0qKTyUCtpvWWrmv9fYbpVHAnRNvlgiu HkFYQ5kfrULRSrJhYr/A =q9P5 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: TomcatCon @ ApacheCon
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Jean-Frederic, On 1/9/17 9:00 AM, jean-frederic clere wrote: > On 01/09/2017 12:57 PM, Mark Thomas wrote: >> All, >> >> There is the opportunity (if we can pull it together as a >> community) to run a dedicated Tomcat conference alongside >> ApacheCon NA 2017. The dates are May 16 to 18. >> >> The call for papers closes on Feb 11 so we have around a month to >> get organised. We'll also need to convince the conference >> organisers that a) there is a demand for this and b) we have a >> plan. >> >> Getting the right content is going to be critical to success. >> I've been thinking about this for a while and I think we can >> identify the right content if as many folks as possible on this >> list answer the following question: >> >> "What topic(s) need to be covered in a Tomcat conference to make >> it as easy as possible to get your employer to pay for you to >> attend?" >> >> We have up to three days and potentially multiple tracks so even >> if you think you have a niche requirement, please speak up. We >> typically have a number of Tomcat committers speaking at >> ApacheCon so finding someone to cover a particular topic >> shouldn't be too tricky. Equally, if you have a topic you could >> present on that you think others would find useful, speak up. >> >> Do feel free to add your +1 if someone else mentions a topic your >> are interested first. Having an idea of how popular the topics >> are would also be helpful. >> >> Also, we don't have to stick to the standard "Sit and listen to >> someone present for 40 mins" format. Discussions, workshops, >> hackathons are all possible. >> >> Some topic ideas to get the ball rolling. >> >> Hands-on workshop: Configuring TLS with Apache Tomcat Reverse >> Proxying to Apache Tomcat Load-balancing with Apache Tomcat >> Clustering with Apache Tomcat Tomcat Clinic (like the users list >> but with everyone in the same room) >> >> I look forward to hearing your topic ideas. > > The classical tomcat-next (presenting 8.5 and 9 + migration + > openssl) easily fill a room and an afternoon of workshop. Proxy and > Load-balancing are also often asked... > > What about tomcat in cloud? +1 even though this sounds silly. I for one would like to have a practical introduction to using Tomcat on auto-scaling clusters in e.g. Amazon EC2. - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJYdT8HAAoJEBzwKT+lPKRYvOMP/RJBTONuB75djeRyy0yYW6qi +OBkwRTl8Id3KG3t3bqKMg6gmW9UMGQRLUBkVhDNqp2Dguk5/s1Lgjocrk1caU/5 KZkH/7zYvD9b53LDe1mtf3lymDaihdyQVBsh9G5UmDztkl/SLIrk0C3+j9cTnQrS c/G55V6B3h6XnJQQY70atg2S1e8hxVoNT0mvo5AKQZJiDcgGia50qdVyxpVImmQ/ g5E0KVGrCbP3W+TBcyGZ05UWY/ZhsCS5L3rHXENCswsroZdabgXEdk0h+BbXiFFI M9vV0itGnTp51tA8jOXiw5ft1M86BgREgJgjtm6gSzoWGFr4zMeoen/jd2S/zmwu oBZ8+s450ozugi9G9TGhuPgYjBQuayI11ucv4a8jtDnM5eZuKJzB3JJlEKHmRLlE JaVVxqfiss2h2NjAimId2zI+jPcHP6ji8Zm6IQWEuOBtsS8hwMAuHQVgddettcBr MWwfeqwxB2Z3kmrIXzfxqPuICFlB2dsv8PhqTwqmtgworjiU8hydod7eaQ5DpaX5 i3ix6v8F2hEql7lJst/b2G8VldW8epTR/GQg6SXiN23qNQFYmpG+xjZw7pKGsyI5 dhK9Ydyly92zTgzcUjS6+UaHiUvYyWCP899+aCcjw/vIM2dKrrHJmCS02iYkrGZ+ 7aKKYWbEKjASHeVKfG7t =VdRJ -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: TomcatCon @ ApacheCon
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Mark, On 1/9/17 6:57 AM, Mark Thomas wrote: > There is the opportunity (if we can pull it together as a > community) to run a dedicated Tomcat conference alongside ApacheCon > NA 2017. The dates are May 16 to 18. Interesting. > The call for papers closes on Feb 11 so we have around a month to > get organised. We'll also need to convince the conference > organisers that a) there is a demand for this and b) we have a > plan. > > Getting the right content is going to be critical to success. I've > been thinking about this for a while and I think we can identify > the right content I have a single presentation submitted already for consideration. The topic is "Let's Encrypt Apache Tomcat" ;) I was also planning on reprising one of my previous presentations, either the "Monitoring" or "Load-balancing" one, or possibly the credential-handlers one. They have all been fairly well-attended in the past. If you wanted to really get a LOT of sessions going, I'd be willing to do all of them, though it *is* a lot of talking. > "What topic(s) need to be covered in a Tomcat conference to make it > as easy as possible to get your employer to pay for you to > attend?" > > We have up to three days and potentially multiple tracks so even if > you think you have a niche requirement, please speak up. We > typically have a number of Tomcat committers speaking at ApacheCon > so finding someone to cover a particular topic shouldn't be too > tricky. Equally, if you have a topic you could present on that you > think others would find useful, speak up. > > Do feel free to add your +1 if someone else mentions a topic your > are interested first. Having an idea of how popular the topics are > would also be helpful. > > Also, we don't have to stick to the standard "Sit and listen to > someone present for 40 mins" format. Discussions, workshops, > hackathons are all possible. > > Some topic ideas to get the ball rolling. > > Hands-on workshop: Configuring TLS with Apache Tomcat +0 > Reverse Proxying to Apache Tomcat Load-balancing with Apache > Tomcat Clustering with Apache Tomcat +1 to all 3 > Tomcat Clinic (like the users list but with everyone in the same > room) Evidently, Daniel Rugguri tried this a few years ago with a "Let's solve your mox_proxy problem" workshop, and literally nobody showed up. I'm skeptical about a workshop for a few reasons: 1. Attendees might not have a "problem to solve" and therefore see a workshop as a waste of their time. 2. Anyone with a problem to solve isn't going to wait-around for the conference to get it solved. Maybe we could instead have more like a live-demo of setting things up from scratch. So it's not an AMA (AUA?) with a topic of e.g. "custering" but instead have a session titled something like "Clustering A - Z" where we build a live cluster while the audience watches and asks questions in real time. Jean-Frederic and I were musing in Austin (?) about getting a small number of Raspberry Pi-type devices on the stage with activity/state lights on them, build a cluster, and then start unplugging things to show what actually happens when disaster strikes in your environment, and how the cluster reacts. I'm not sure that could be done in 1 hour, especially with all of the questions we are likely to get or scenarios we might like to demonstrate . - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJYdT6gAAoJEBzwKT+lPKRYpEYP/3/MmieTpAEdhTO6GNm4yj5P fPTQcCE3v2QeY+mGCNUIfoVs5iD+azrh62OHT9cIO3SFTbd+iMt3ZI2LRB4Pmsxy vrhlgfaiBvg/y8OCCQrh0fR0kgSqG2WLCvXg4b4zzTUYbyHAc7XlT5EPQMiuHz8W 9MXVCdHBn19/kOf0zJ8Kh5xGCmm1ONuir/idVgg9OSWMTFzVQf6rNHAmXvOTIy5E iUIeggk0F6Nu9yiI+x4U2hRVgsk7p+OYefAlo2btSjcQXBKvXFiKFi3mDWT6q3BM CCYWUO2+kbO6kQJVoNWuOBqYQFHZbLlwQDt8xMxCpmpZytldTJDUzZ2wgketLlPc FfcDnvHg779PLwG8M8GKskjOerPgf2BDtGkfB7wOcfC1NT+BT99eW7E8vXef3rWg +cmYQRUmi5o2PM/UdHQSSfZP/RklioD9cq+FTREL5iUVQlJ2ASR3CoiU7lBGtPLm SNKyPxjVQablIOlXKWCCMqFZSGjpxEqr6Mydbj2JKjAChQiO9CU5KwTAjjYbMaO0 PI77MgSZufSicbG3oFpKYKHN5cQBEI3sD+hPYG5C2BiDpYVrlDasXz5llLuw15IS kRjYWlTV5LC491zbwj1P6fz/LrKwQqoHz6GvrBn56YLRiLIO1YhQH07W0gvXATK9 q3qPhL22wc6PPv0THBh3 =vvsN -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: does Tomcat 8.5.9 have UTF-8 encoding throughout by default?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 To whom it may concern, On 1/7/17 5:57 PM, modjkl...@comcast.net wrote: > Anyone know if it has UTF-8 encoding throughout out-of-the-box, or > do I need to configure it to be so? > > I'm seeing some headers using iso-8859-1 and I'm not sure where > they're being generated. Tomcat 8.5 and higher is *mostly* configured for UTF-8 out of the box. If you give some more details, we might be able to help a little more. - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJYdTudAAoJEBzwKT+lPKRYNigP/1jiB4Pau/xFyZUAf/XfQNYG 6oFdhABAB+x4QHYshNfDk8yqi270r+N0oCom4QlE0IFKu6LlHq9bsuqJwlgkSm+c Vmi6B5/6Z4vkvSntTVkzSKeoVG2hv8FqCoh9AcRepFzpifPUNkHklyUMIuyRPYTE m0t3SU25HJS4ScDNlGR2id2tXy/DgYqfBxF2uE61YBsYh4bm5/+Y4+ElfgdskxBx XlJ4RICrv62hhnxPHXS1ugF/RJnSpcY5Iw6PS21Hrxpp7sIWTfGUxYklfqOIZ6u1 C9yeyvnl+iGshbAD24nqzazZzqyOjhVq49eyVLvhr9f5fA4DLwMlVh3p1NE6jEnE 3OUlEbSC9NlfQJkdubmEN2sfOA3TQ+QfhwWc6HALM9JdH6hIe88qvYBCEAq4+8ms 67Qwvr47PaxfLLHS5RPOGtcRrHcgDkjO+yEB9yc5o22+IJ5FqBEaeRaXcCPpOKKb R+NhOwTF+KOKuEJ2ZI+FBgHmI0aT9UCZCvtMgUIK/rtWITPvSu/72FeHlGsVM3k3 dCDE1RiNj4Tv1jo/khfHzP78zLDlcCHgsN7Q/zuPBEmVMB2tA502+wLSq0Ve0z43 B58andaX/TMDotoIH9XMNbGLjTLZPwixZlAv8Erxpi1TcvWrQG6ZQsYJMluWxgCK uMS8KFUFC3dQC5d9Gzvh =8o/K -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Spurious "Internal Server Errors" accessing "jkmanager" after upgrading Apache, "mod_jk" and OpenSSL
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Martin, On 1/9/17 9:01 AM, Martin Knoblauch wrote: > Hi everyone, > > just in case the "final" solution is of interest: the problem was > as usual in the configuration. We did not set the following > directive for the LDAP connection pool: > > LDAPConnectionPoolTTL #seconds > > If the directive is missing, a value of "-1" is implied, meaning > "keep connections open for ever". The LDAP server on the other side > sets an "idle connection timeout" of 600 seconds. As a result a > lookup would fail if it happened 600+ seconds after the first usage > of the connection. 600 seconds is exactly the lifetime of the LDAP > cache. Given the time of the year, usage of the test/integ/devel > environment is minimal and there were no "new" lookups during the > cache lifetime, leading to the repeated failures... > > Setting > > LDAPConnectionPoolTTL 60 > > > solved the problem for good. > > Happy New Year !!! Thanks for coming-back and explaining the problem. Looks like I was right about LDAP. It seems like mod_auth_ldap should be a little more chatty when problems like that happen. :( - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJYdTtkAAoJEBzwKT+lPKRYfV0P+QFGQO5dMSHuiyhwmOLH9i12 2LPnzrYRmqaFNekYiXoHfP1pEU2OCcGArUXz33jyaa3b+QijKljBzH6UZ8fiPDWU zqM9CaidqGk5ot/qmpUMtH4xHIyaL+VG4cvqxGR235cdz8x/iWazloduMWw0ZWzP mHXZMp7LXEMwgYG3/dGSrHTXeRsjtOyH3wtck8L5qsNg8PV2GyVi/iC9fP9ZwXRM 5/9MMVHr0LvttXDKyUA5ekRKZLHkZRucx4e6kBn79TR3CLdjYbJVH7ruCsZVRnDz cwU6dKQ5ehk3F27KZrG+RcKVXO9PudU6Wm4JySAh+d+FtfaWZda/wQAFIvqcgweP CawPgkp6E1tsDGQ4ju3gw/S95WMSHZhD3ga6NLto5Q56wGVM71bEXiNrBeK7MMQ9 HZRMzd5A6WkUOc7u7BqQYPM1BjIRcVVm1tgNBZjT8OqKR2+cH6LwqfLnotQbWpLM TO/h3LAF8KKnO4n/eGmM7azicObjQLIzvSog97ivK55m51euWfFKQs7goBFq8Ef7 y49O8toXesfRhHjUkXM6ltm3xBY19qXR2AWUzpAaLxYiZMETml0sUylTLEMUVwLT YuEU1VO+7dyiXfHBB829sWhC3I97cBc6UCoXg00TzQqrIvFsYy0/Ok5YQ2CCG6Qy THm9D9TDqX3dZ/Lc+AJe =rVs7 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: 404 errors accessing webapp URLs using local IP address on fresh Tomcat 8.5.9 install
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 To whom it may concern, On 1/9/17 12:57 AM, modjkl...@comcast.net wrote: > I have two Linux servers connected via a cross-connect cable with > internal IP addresses 192.168.0.1 (hostA) and 192.168.0.2 (hostB). > > > hostA runs CentOS 5, and hostB CentOS 7. > > hostB runs Apache 2.4.x, and Tomcat 8.5.9. All web traffic gets > routed to port 443 (e.g. HTTPS) of Apache web server hostB. All web > application traffic (e.g. > https://www.example.com/mywebapp/somepage) is then passed to Tomcat > via mod_jk version 1.2.42 on port 8009. Additionally, hostB Apache > web server is configured to listen on 192.168.0.2 port 8009 (hostA > Apache web server is not configured as such). > > If hostA attempts to access a webpage on hostB (via hostB external > IP address) from a browser or command line, such as: [root@hostA > ~]# curl -I http://www.example.com/mywebapp/somepage > > it returns status 200 (good). > > Now, if I modify the hostA /etc/hosts file hostA accesses to my > website (www.example.com) on hostB through the cross-connect cable > (e.g. 192.168.0.2 rather than the external IP address), the webpage > returns error 404. > > What can I change to get status 200? > > My web addresses are xxx.xxx.xxx.xxx (e.g. IPv4). I know Tomcat > configures IPv6 by default. So, I modified the setenv.sh as > follows: > > CATALINA_OPTS="-Xms512M -Xmx1024M -Djava.awt.headless=true > -Djava.net.preferIPv4Stack=true > -Djava.net.preferIPv4Addresses=true" > > This didn't change the result. > > As another clue, I observe that hostA always reports status 200 > (good) when accessing any hostB webpage in www.example.com that is > NOT part of /mywebapp, for both internal and external IP addresses. > > > Any ideas what I can try to resolve this? I'm new to Tomcat and > this is fresh install (previously used GlassFish) on a brand new > server. Thanks in advance for any advice. What does hostA say when you issue "host [hostB]" from the command-line? - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJYdTsDAAoJEBzwKT+lPKRYQY8QAL2d3o6cqoNJ4ENxOA9al6i+ VETnlJ5JjDsAC0hzbd0c8eRZj8NryptV9hbx7nmVeIRNs+Pgr56BxIsmih+QGT+p vDCdeJEfcYXPdStpPOmBu1u+FfCJDIUEFevxigqYsvav/1UUXdoV3aW8ThyQaddd 30ecS9NmTaijYZjHA/ufTOymuFgSnwAwkO7PbwV1hWG/JNqnXNLM+Dywkv/5CqH/ DpbquCyiDrvDZVCBsvOUIRGfXyH3czxOHycGfl8GarNoskuvrc9gxHkSwc3HvIau qlfd7g9SICwrLeVcm02SbTkkUJV/xIV6p5csPMKt5bID3+MciX+XjOoFlo6GWVGY 6UtZ0OFvznvgb2wgOMEmf9N1ORqj1a8765VDae2oTJhpNoygW55/WwJT/s24gohz xEGTw5Fqddo8s8IzTWbIOChWSwQ1V/1gtjJJgn/O/JUyAobFvMipWAGLztfo/w4V +shtlh/+rRAigFrgc7cYAfp4+SMbnDCD4MBJHBdrgjAQuH1bg4+CbdN6WkhNsi0+ rcPFUJUQPxmdN1HtYAUmeXXEfMPuMJNhP3Dsq6L7RpEmKAFdkwrPe2AXkP/TzbeH yy/4M1Ng1EBMZuWHnEylo3o0A4qtp139o3B/gJiwZ5CVnQXxCwv0MsjiY9Z6wPPm FuzFy8TTIECLskz4vn5C =LNg6 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: LogAbandoned Stack Trace?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Phil, On 1/8/17 5:41 PM, Phil Steitz wrote: > On 1/6/17 3:44 PM, Jerry Malcolm wrote: >> On 1/6/2017 4:30 PM, Christopher Schultz wrote: >>> -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 >>> >>> Jerry, >>> >>> On 1/6/17 10:35 AM, Jerry Malcolm wrote: I'm getting "too many connections" errors. >>> Where? >>> >>> Can you provide an exact error message and, better yet, a >>> stack trace? >>> I'm pretty sure I am configured with enough connections that I shouldn't run out. So I'm assuming I'm leaving some connections open. >>> That's a good assumption. >>> I have LogAbandoned="true" in my jdbc resource statements. The doc says TC will log a stack trace of abandoned connections. But I don't see any stack traces. Would they be in stderr, stdout, catalina log? Or is it that I'm actually not getting any abandoned? >>> Which db connection pool are you using? Standard (DBCP-based) >>> or tomcat-pool? A full (sanitized) configuration >>> would help. >>> >>> - -chris >>> >> Chris, Stack trace follows. It looks like it may be mySQL >> that's rejecting the connection. But even if that's the case, >> it's probably because I'm not closing some connections, which >> should still generate a logAbandoned stack trace, correct? I >> believe I'm using dbcp. Not doing anything fancy... Just >> defining data source resources in the context file: >> >> > name="jdbc/cis" auth="Container" type="javax.sql.DataSource" >> maxTotal="100" maxIdle="30" maxWaitMillis="1" >> removeAbandoned="true" removeAbandonedTimeout="60" >> logAbandoned="true" username="" password="xxx" >> driverClassName="com.mysql.jdbc.Driver" >> url="jdbc:mysql://localhost:3306/xx" /> > In dbcp 2, the "removeAbandoned" config option was replaced by > removedAbondonedOnBorrow and removeAbandonedOnMaintenance. You > need to set one of these to true the get abandoned connection > cleanup to work. See [1]. > > |Phil > > [1] > http://commons.apache.org/proper/commons-dbcp/configuration.html +1 Jerry never said what version of Tomcat he was using... I was assuming a DBCP 1.x-based version given his configuration. - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJYdTqkAAoJEBzwKT+lPKRYE3IP/27WYTjNJMy9zKO6/0EGKH7C SNhRRlz+uFWZsgVLlHHX1DVMnjBKRcfQBVqRPWflUe4LYWxVFxBAHuZ+luOBtZJp 4WgFBaroj/D8PQUKPkoetAN8iQU/BZ8Axn64bOp4WmaREyoS+vCkUiyRP6+a5Uve wEjYATrNBGe4ISQQ5rpqHHR4XHNvY0xSXWtopkgowp2Y3ykyae+6SPlufK4CYf7n m09YJszTc1sqCPQ1kCrbi0CVtF2RPOPqE2PGEA03t2Xk4aeAJROv17/FgvYVNS1G D3wzKmhCt3qlx1D/IsdM2giujHGA3nhojKzF1XaLUPjt8UauZBIN51JO2wDKOhJH FJJ6p+5pb4IRqOweEtYoDsoDzXUJr5nSd0AIxT43IFgXbNTH7t41j5hNdZ3dr1WE /hPrMa8sEGu5Yv6jfuf4Xlw9h/R9WCnSiACxlHFvGKBf1edsOHoJnR7gkYTZpC3H cdRW7q9zSU1qre96ODHmT9rXWq25hyKs0p7ig5cOKyG0f7zFrJRLgwvuW4oMgPvU 2piKjBrNIzEo/dOyjjkVMoqGr5Bj7LOr8q6vCEJO+lQ+RbQU76zLJ5Yg0vlUsO+A qlyAi2mDcBJpQEvt6OjNt1zhlQ7Wet7okp25ki+0jozJu33jBfn2NP0Uiqk4HYsL LqwPhvP8UM9rSkobr8ox =rO7t -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Best way to find out how many DB connections that are open at any given time
Thank you Andre and calder. On the AIX side this worked. I am limited also I think due to the shell. If I use the -p tcp option it gives me a long list of counts of TCP connections and bytes. This command gave me similar on AIX: netstat -a|grep 1526 tcp0 0 cpmfttapt21.51186 cpmfttdbt01-vip..1526 ESTABLISHED tcp0 0 cpmfttapt21.51198 cpmfttdbt01-vip..1526 ESTABLISHED tcp0 0 cpmfttapt21.51211 cpmfttdbt01-vip..1526 ESTABLISHED tcp0 0 cpmfttapt21.55213 cpmfttdbt01-vip..1526 ESTABLISHED tcp0 0 cpmfttapt21.55214 cpmfttdbt01-vip..1526 ESTABLISHED tcp0 0 cpmfttapt21.55215 cpmfttdbt01-vip..1526 ESTABLISHED tcp0 0 cpmfttapt21.57493 cpmfttdbt01-vip..1526 ESTABLISHED tcp0 0 cpmfttapt21.57495 cpmfttdbt01-vip..1526 ESTABLISHED tcp0 0 cpmfttapt21.35153 cpmfttdbt01-vip..1526 ESTABLISHED tcp0 0 cpmfttapt21.35154 cpmfttdbt01-vip..1526 ESTABLISHED tcp0 0 cpmfttapt21.35157 cpmfttdbt01-vip..1526 ESTABLISHED On Tue, Jan 10, 2017 at 12:40 PM, André Warnier (tomcat) wrote: > On 10.01.2017 18:06, Joleen Barker wrote: > >> Hi Andre - I played around a little more and ran the command netstat -a | >> grep 1526 which is the port number and received information that looks >> like >> 11 connections are open at this time. Do you know what the number is that >> follows the machine name in the forth column for example the 51186? >> > > I do not know AIX. Maybe try : > netstat -h > and/or > man netstat > > (and also try the command without the grep, to see the column headers) > > > >> netstat -a | grep 1526 >> >> tcp0 0 cpmfttapt21.51186 cpmfttdbt01-vip..1526 >> ESTABLISHED >> >> tcp0 0 cpmfttapt21.51198 cpmfttdbt01-vip..1526 >> ESTABLISHED >> >> tcp0 0 cpmfttapt21.51211 cpmfttdbt01-vip..1526 >> ESTABLISHED >> >> tcp0 0 cpmfttapt21.55213 cpmfttdbt01-vip..1526 >> ESTABLISHED >> >> tcp0 0 cpmfttapt21.55214 cpmfttdbt01-vip..1526 >> ESTABLISHED >> >> tcp0 0 cpmfttapt21.55215 cpmfttdbt01-vip..1526 >> ESTABLISHED >> >> tcp0 0 cpmfttapt21.57493 cpmfttdbt01-vip..1526 >> ESTABLISHED >> >> tcp0 0 cpmfttapt21.57495 cpmfttdbt01-vip..1526 >> ESTABLISHED >> >> tcp0 0 cpmfttapt21.35153 cpmfttdbt01-vip..1526 >> ESTABLISHED >> >> tcp0 0 cpmfttapt21.35154 cpmfttdbt01-vip..1526 >> ESTABLISHED >> >> tcp0 0 cpmfttapt21.35157 cpmfttdbt01-vip..1526 >> ESTABLISHED >> >> On Tue, Jan 10, 2017 at 11:59 AM, Joleen Barker >> wrote: >> >> Hello Filippo - I do not have JConsole available and the proposed idea is >>> past my knowledge level. >>> >>> Hello André - This was an interesting idea but it didn't work for me. I >>> only have the ksh available and could only use netstat -p tcp but the >>> output didn't make sense to me. >>> >>> On Tue, Jan 10, 2017 at 11:24 AM, André Warnier (tomcat) >>> wrote: >>> >>> On 10.01.2017 17:10, Joleen Barker wrote: Hello All, > > Details: > Tomcat Version: 7.0.64.0 > Java Version: 1.8.0 > OS: AIX 6.1 > Database: Oracle 11 > > The web application installed on the server above makes data > connections > to > run file transfers from point A to point B. The default Database > connection > setting that are set when the application server comes up are as > follows: > > DataBasePoolingFlag - APACHE > MaxActive - 400 > MaxIdle - 20 > MinIdle - 10 > > We had an incident where all these connections were actually used up > due > to > a script someone had that looped. I need to determine at any given > point > in > time how many DB connections exist from the web application to the DB. > There may be more than one way to do this. I am sure there is a DB > command > that could be run against the schema but the schema is pointed to by > many > servers. I am wondering if there is a java command of some kind that I > could run that may tell me how many connections are open at that time > or > possibly a tomcat or apache command. > > Thank you for the help in advance. > > > Hi. Maybe an "out of the box" answer, not using java. I don't know how the following commands fare under AIX, but on a Linux system, the OS-level command : ~# netstat -pan --tcp | grep ESTABLISHED will show you pretty much all TCP connections that are established between any process and any other, local or remote. Sample output : tcp6 0 0 127.0.0.1:45095 127.0.0.1:11002 ESTABLISHED 11096/java tcp6 0 0 127.0.0.1:8009 127.0.0.1:53564 ESTABLISHED 2677/java tcp6 0 0 127.0
Re: Best way to find out how many DB connections that are open at any given time
On 10.01.2017 18:06, Joleen Barker wrote: Hi Andre - I played around a little more and ran the command netstat -a | grep 1526 which is the port number and received information that looks like 11 connections are open at this time. Do you know what the number is that follows the machine name in the forth column for example the 51186? I do not know AIX. Maybe try : netstat -h and/or man netstat (and also try the command without the grep, to see the column headers) netstat -a | grep 1526 tcp0 0 cpmfttapt21.51186 cpmfttdbt01-vip..1526 ESTABLISHED tcp0 0 cpmfttapt21.51198 cpmfttdbt01-vip..1526 ESTABLISHED tcp0 0 cpmfttapt21.51211 cpmfttdbt01-vip..1526 ESTABLISHED tcp0 0 cpmfttapt21.55213 cpmfttdbt01-vip..1526 ESTABLISHED tcp0 0 cpmfttapt21.55214 cpmfttdbt01-vip..1526 ESTABLISHED tcp0 0 cpmfttapt21.55215 cpmfttdbt01-vip..1526 ESTABLISHED tcp0 0 cpmfttapt21.57493 cpmfttdbt01-vip..1526 ESTABLISHED tcp0 0 cpmfttapt21.57495 cpmfttdbt01-vip..1526 ESTABLISHED tcp0 0 cpmfttapt21.35153 cpmfttdbt01-vip..1526 ESTABLISHED tcp0 0 cpmfttapt21.35154 cpmfttdbt01-vip..1526 ESTABLISHED tcp0 0 cpmfttapt21.35157 cpmfttdbt01-vip..1526 ESTABLISHED On Tue, Jan 10, 2017 at 11:59 AM, Joleen Barker wrote: Hello Filippo - I do not have JConsole available and the proposed idea is past my knowledge level. Hello André - This was an interesting idea but it didn't work for me. I only have the ksh available and could only use netstat -p tcp but the output didn't make sense to me. On Tue, Jan 10, 2017 at 11:24 AM, André Warnier (tomcat) wrote: On 10.01.2017 17:10, Joleen Barker wrote: Hello All, Details: Tomcat Version: 7.0.64.0 Java Version: 1.8.0 OS: AIX 6.1 Database: Oracle 11 The web application installed on the server above makes data connections to run file transfers from point A to point B. The default Database connection setting that are set when the application server comes up are as follows: DataBasePoolingFlag - APACHE MaxActive - 400 MaxIdle - 20 MinIdle - 10 We had an incident where all these connections were actually used up due to a script someone had that looped. I need to determine at any given point in time how many DB connections exist from the web application to the DB. There may be more than one way to do this. I am sure there is a DB command that could be run against the schema but the schema is pointed to by many servers. I am wondering if there is a java command of some kind that I could run that may tell me how many connections are open at that time or possibly a tomcat or apache command. Thank you for the help in advance. Hi. Maybe an "out of the box" answer, not using java. I don't know how the following commands fare under AIX, but on a Linux system, the OS-level command : ~# netstat -pan --tcp | grep ESTABLISHED will show you pretty much all TCP connections that are established between any process and any other, local or remote. Sample output : tcp6 0 0 127.0.0.1:45095 127.0.0.1:11002 ESTABLISHED 11096/java tcp6 0 0 127.0.0.1:8009 127.0.0.1:53564 ESTABLISHED 2677/java tcp6 0 0 127.0.0.1:8009 127.0.0.1:53677 ESTABLISHED 2677/java tcp6 0 0 127.0.0.1:8009 127.0.0.1:53659 ESTABLISHED 2677/java tcp6 0 0 127.0.0.1:8009 127.0.0.1:53656 ESTABLISHED 2677/java tcp6 0 0 127.0.0.1:8009 127.0.0.1:53620 ESTABLISHED 2677/java tcp6 0 0 127.0.0.1:8009 127.0.0.1:53608 ESTABLISHED 2677/java tcp6 0 0 127.0.0.1:45142 127.0.0.1:11002 ESTABLISHED 11096/java tcp6 0 0 127.0.0.1:43558 127.0.0.1:11002 ESTABLISHED 11096/java tcp6 0 0 127.0.0.1:45128 127.0.0.1:11002 ESTABLISHED 11096/java tcp6 0 0 127.0.0.1:45069 127.0.0.1:11002 ESTABLISHED 11096/java I presume that you could easily find out the process-id of your Tomcat, and the port number under which the database is accessed. It would be a simple matter to "grep" the above and count the lines, to get the answer you seem to want. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Best way to find out how many DB connections that are open at any given time
The fourth column is the "Local Address" (local machine) - in the case, a machine-name (vs IP address) and the port value (such as 51186) the machine is listening on. Of course, the machine-name will resolve to an IP address, so in some netstat output, you might see tcp 0 0 10.240.100.20:51186 10.240.100.55:1526 ESTABLISHED - or possibly - tcp 0 0 0.0.0.0:51186 10.240.100.55:1526 ESTABLISHED - or possibly - tcp 0 0 127.0.0.1:51186 10.240.100.55:1526 ESTABLISHED This Local Address is the address to which the socket in question is bound to and which it receives connections on. The fifth column is the "Foreign Address" (destination machine), sometimes shown with its port# (as is the case here) and a connection is established. On Tue, Jan 10, 2017 at 5:06 PM, Joleen Barker wrote: > Hi Andre - I played around a little more and ran the command netstat -a | > grep 1526 which is the port number and received information that looks like > 11 connections are open at this time. Do you know what the number is that > follows the machine name in the forth column for example the 51186? > > netstat -a | grep 1526 > > tcp0 0 cpmfttapt21.51186 cpmfttdbt01-vip..1526 > ESTABLISHED > > tcp0 0 cpmfttapt21.51198 cpmfttdbt01-vip..1526 > ESTABLISHED > > tcp0 0 cpmfttapt21.51211 cpmfttdbt01-vip..1526 > ESTABLISHED > > tcp0 0 cpmfttapt21.55213 cpmfttdbt01-vip..1526 > ESTABLISHED > > tcp0 0 cpmfttapt21.55214 cpmfttdbt01-vip..1526 > ESTABLISHED > > tcp0 0 cpmfttapt21.55215 cpmfttdbt01-vip..1526 > ESTABLISHED > > tcp0 0 cpmfttapt21.57493 cpmfttdbt01-vip..1526 > ESTABLISHED > > tcp0 0 cpmfttapt21.57495 cpmfttdbt01-vip..1526 > ESTABLISHED > > tcp0 0 cpmfttapt21.35153 cpmfttdbt01-vip..1526 > ESTABLISHED > > tcp0 0 cpmfttapt21.35154 cpmfttdbt01-vip..1526 > ESTABLISHED > > tcp0 0 cpmfttapt21.35157 cpmfttdbt01-vip..1526 > ESTABLISHED > > On Tue, Jan 10, 2017 at 11:59 AM, Joleen Barker > wrote: > > > Hello Filippo - I do not have JConsole available and the proposed idea is > > past my knowledge level. > > > > Hello André - This was an interesting idea but it didn't work for me. I > > only have the ksh available and could only use netstat -p tcp but the > > output didn't make sense to me. > > > > On Tue, Jan 10, 2017 at 11:24 AM, André Warnier (tomcat) > > wrote: > > > >> On 10.01.2017 17:10, Joleen Barker wrote: > >> > >>> Hello All, > >>> > >>> Details: > >>> Tomcat Version: 7.0.64.0 > >>> Java Version: 1.8.0 > >>> OS: AIX 6.1 > >>> Database: Oracle 11 > >>> > >>> The web application installed on the server above makes data > connections > >>> to > >>> run file transfers from point A to point B. The default Database > >>> connection > >>> setting that are set when the application server comes up are as > follows: > >>> > >>> DataBasePoolingFlag - APACHE > >>> MaxActive - 400 > >>> MaxIdle - 20 > >>> MinIdle - 10 > >>> > >>> We had an incident where all these connections were actually used up > due > >>> to > >>> a script someone had that looped. I need to determine at any given > point > >>> in > >>> time how many DB connections exist from the web application to the DB. > >>> There may be more than one way to do this. I am sure there is a DB > >>> command > >>> that could be run against the schema but the schema is pointed to by > many > >>> servers. I am wondering if there is a java command of some kind that I > >>> could run that may tell me how many connections are open at that time > or > >>> possibly a tomcat or apache command. > >>> > >>> Thank you for the help in advance. > >>> > >>> > >> Hi. > >> Maybe an "out of the box" answer, not using java. > >> I don't know how the following commands fare under AIX, but on a Linux > >> system, the OS-level command : > >> ~# netstat -pan --tcp | grep ESTABLISHED > >> will show you pretty much all TCP connections that are established > >> between any process and any other, local or remote. > >> > >> Sample output : > >> > >> tcp6 0 0 127.0.0.1:45095 127.0.0.1:11002 > >> ESTABLISHED 11096/java > >> tcp6 0 0 127.0.0.1:8009 127.0.0.1:53564 > >> ESTABLISHED 2677/java > >> tcp6 0 0 127.0.0.1:8009 127.0.0.1:53677 > >> ESTABLISHED 2677/java > >> tcp6 0 0 127.0.0.1:8009 127.0.0.1:53659 > >> ESTABLISHED 2677/java > >> tcp6 0 0 127.0.0.1:8009 127.0.0.1:53656 > >> ESTABLISHED 2677/java > >> tcp6 0 0 127.0.0.1:8009 127.0.0.1:53620 > >> ESTABLISHED 2677/java > >> tcp6 0 0 127.0.0.1:8009 127.0.0.1:53608 > >> ESTABLISHED 2677/java > >> tcp6 0 0 127.0.0.1:45142 127.0.0.1:11002 > >> ESTABLISHED 11096/java > >> tcp6 0 0 127.0.0.1:43558 127.0.0.1:11002 > >> ESTABLISHED 11096/java > >> tcp6 0 0
Re: Best way to find out how many DB connections that are open at any given time
Hi Andre - I played around a little more and ran the command netstat -a | grep 1526 which is the port number and received information that looks like 11 connections are open at this time. Do you know what the number is that follows the machine name in the forth column for example the 51186? netstat -a | grep 1526 tcp0 0 cpmfttapt21.51186 cpmfttdbt01-vip..1526 ESTABLISHED tcp0 0 cpmfttapt21.51198 cpmfttdbt01-vip..1526 ESTABLISHED tcp0 0 cpmfttapt21.51211 cpmfttdbt01-vip..1526 ESTABLISHED tcp0 0 cpmfttapt21.55213 cpmfttdbt01-vip..1526 ESTABLISHED tcp0 0 cpmfttapt21.55214 cpmfttdbt01-vip..1526 ESTABLISHED tcp0 0 cpmfttapt21.55215 cpmfttdbt01-vip..1526 ESTABLISHED tcp0 0 cpmfttapt21.57493 cpmfttdbt01-vip..1526 ESTABLISHED tcp0 0 cpmfttapt21.57495 cpmfttdbt01-vip..1526 ESTABLISHED tcp0 0 cpmfttapt21.35153 cpmfttdbt01-vip..1526 ESTABLISHED tcp0 0 cpmfttapt21.35154 cpmfttdbt01-vip..1526 ESTABLISHED tcp0 0 cpmfttapt21.35157 cpmfttdbt01-vip..1526 ESTABLISHED On Tue, Jan 10, 2017 at 11:59 AM, Joleen Barker wrote: > Hello Filippo - I do not have JConsole available and the proposed idea is > past my knowledge level. > > Hello André - This was an interesting idea but it didn't work for me. I > only have the ksh available and could only use netstat -p tcp but the > output didn't make sense to me. > > On Tue, Jan 10, 2017 at 11:24 AM, André Warnier (tomcat) > wrote: > >> On 10.01.2017 17:10, Joleen Barker wrote: >> >>> Hello All, >>> >>> Details: >>> Tomcat Version: 7.0.64.0 >>> Java Version: 1.8.0 >>> OS: AIX 6.1 >>> Database: Oracle 11 >>> >>> The web application installed on the server above makes data connections >>> to >>> run file transfers from point A to point B. The default Database >>> connection >>> setting that are set when the application server comes up are as follows: >>> >>> DataBasePoolingFlag - APACHE >>> MaxActive - 400 >>> MaxIdle - 20 >>> MinIdle - 10 >>> >>> We had an incident where all these connections were actually used up due >>> to >>> a script someone had that looped. I need to determine at any given point >>> in >>> time how many DB connections exist from the web application to the DB. >>> There may be more than one way to do this. I am sure there is a DB >>> command >>> that could be run against the schema but the schema is pointed to by many >>> servers. I am wondering if there is a java command of some kind that I >>> could run that may tell me how many connections are open at that time or >>> possibly a tomcat or apache command. >>> >>> Thank you for the help in advance. >>> >>> >> Hi. >> Maybe an "out of the box" answer, not using java. >> I don't know how the following commands fare under AIX, but on a Linux >> system, the OS-level command : >> ~# netstat -pan --tcp | grep ESTABLISHED >> will show you pretty much all TCP connections that are established >> between any process and any other, local or remote. >> >> Sample output : >> >> tcp6 0 0 127.0.0.1:45095 127.0.0.1:11002 >> ESTABLISHED 11096/java >> tcp6 0 0 127.0.0.1:8009 127.0.0.1:53564 >> ESTABLISHED 2677/java >> tcp6 0 0 127.0.0.1:8009 127.0.0.1:53677 >> ESTABLISHED 2677/java >> tcp6 0 0 127.0.0.1:8009 127.0.0.1:53659 >> ESTABLISHED 2677/java >> tcp6 0 0 127.0.0.1:8009 127.0.0.1:53656 >> ESTABLISHED 2677/java >> tcp6 0 0 127.0.0.1:8009 127.0.0.1:53620 >> ESTABLISHED 2677/java >> tcp6 0 0 127.0.0.1:8009 127.0.0.1:53608 >> ESTABLISHED 2677/java >> tcp6 0 0 127.0.0.1:45142 127.0.0.1:11002 >> ESTABLISHED 11096/java >> tcp6 0 0 127.0.0.1:43558 127.0.0.1:11002 >> ESTABLISHED 11096/java >> tcp6 0 0 127.0.0.1:45128 127.0.0.1:11002 >> ESTABLISHED 11096/java >> tcp6 0 0 127.0.0.1:45069 127.0.0.1:11002 >> ESTABLISHED 11096/java >> >> I presume that you could easily find out the process-id of your Tomcat, >> and the port number under which the database is accessed. >> It would be a simple matter to "grep" the above and count the lines, to >> get the answer you seem to want. >> >> >> >> >> - >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> >
Re: Best way to find out how many DB connections that are open at any given time
Hello Filippo - I do not have JConsole available and the proposed idea is past my knowledge level. Hello André - This was an interesting idea but it didn't work for me. I only have the ksh available and could only use netstat -p tcp but the output didn't make sense to me. On Tue, Jan 10, 2017 at 11:24 AM, André Warnier (tomcat) wrote: > On 10.01.2017 17:10, Joleen Barker wrote: > >> Hello All, >> >> Details: >> Tomcat Version: 7.0.64.0 >> Java Version: 1.8.0 >> OS: AIX 6.1 >> Database: Oracle 11 >> >> The web application installed on the server above makes data connections >> to >> run file transfers from point A to point B. The default Database >> connection >> setting that are set when the application server comes up are as follows: >> >> DataBasePoolingFlag - APACHE >> MaxActive - 400 >> MaxIdle - 20 >> MinIdle - 10 >> >> We had an incident where all these connections were actually used up due >> to >> a script someone had that looped. I need to determine at any given point >> in >> time how many DB connections exist from the web application to the DB. >> There may be more than one way to do this. I am sure there is a DB command >> that could be run against the schema but the schema is pointed to by many >> servers. I am wondering if there is a java command of some kind that I >> could run that may tell me how many connections are open at that time or >> possibly a tomcat or apache command. >> >> Thank you for the help in advance. >> >> > Hi. > Maybe an "out of the box" answer, not using java. > I don't know how the following commands fare under AIX, but on a Linux > system, the OS-level command : > ~# netstat -pan --tcp | grep ESTABLISHED > will show you pretty much all TCP connections that are established between > any process and any other, local or remote. > > Sample output : > > tcp6 0 0 127.0.0.1:45095 127.0.0.1:11002 > ESTABLISHED 11096/java > tcp6 0 0 127.0.0.1:8009 127.0.0.1:53564 > ESTABLISHED 2677/java > tcp6 0 0 127.0.0.1:8009 127.0.0.1:53677 > ESTABLISHED 2677/java > tcp6 0 0 127.0.0.1:8009 127.0.0.1:53659 > ESTABLISHED 2677/java > tcp6 0 0 127.0.0.1:8009 127.0.0.1:53656 > ESTABLISHED 2677/java > tcp6 0 0 127.0.0.1:8009 127.0.0.1:53620 > ESTABLISHED 2677/java > tcp6 0 0 127.0.0.1:8009 127.0.0.1:53608 > ESTABLISHED 2677/java > tcp6 0 0 127.0.0.1:45142 127.0.0.1:11002 > ESTABLISHED 11096/java > tcp6 0 0 127.0.0.1:43558 127.0.0.1:11002 > ESTABLISHED 11096/java > tcp6 0 0 127.0.0.1:45128 127.0.0.1:11002 > ESTABLISHED 11096/java > tcp6 0 0 127.0.0.1:45069 127.0.0.1:11002 > ESTABLISHED 11096/java > > I presume that you could easily find out the process-id of your Tomcat, > and the port number under which the database is accessed. > It would be a simple matter to "grep" the above and count the lines, to > get the answer you seem to want. > > > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Re: Best way to find out how many DB connections that are open at any given time
On 10.01.2017 17:10, Joleen Barker wrote: Hello All, Details: Tomcat Version: 7.0.64.0 Java Version: 1.8.0 OS: AIX 6.1 Database: Oracle 11 The web application installed on the server above makes data connections to run file transfers from point A to point B. The default Database connection setting that are set when the application server comes up are as follows: DataBasePoolingFlag - APACHE MaxActive - 400 MaxIdle - 20 MinIdle - 10 We had an incident where all these connections were actually used up due to a script someone had that looped. I need to determine at any given point in time how many DB connections exist from the web application to the DB. There may be more than one way to do this. I am sure there is a DB command that could be run against the schema but the schema is pointed to by many servers. I am wondering if there is a java command of some kind that I could run that may tell me how many connections are open at that time or possibly a tomcat or apache command. Thank you for the help in advance. Hi. Maybe an "out of the box" answer, not using java. I don't know how the following commands fare under AIX, but on a Linux system, the OS-level command : ~# netstat -pan --tcp | grep ESTABLISHED will show you pretty much all TCP connections that are established between any process and any other, local or remote. Sample output : tcp6 0 0 127.0.0.1:45095 127.0.0.1:11002 ESTABLISHED 11096/java tcp6 0 0 127.0.0.1:8009 127.0.0.1:53564 ESTABLISHED 2677/java tcp6 0 0 127.0.0.1:8009 127.0.0.1:53677 ESTABLISHED 2677/java tcp6 0 0 127.0.0.1:8009 127.0.0.1:53659 ESTABLISHED 2677/java tcp6 0 0 127.0.0.1:8009 127.0.0.1:53656 ESTABLISHED 2677/java tcp6 0 0 127.0.0.1:8009 127.0.0.1:53620 ESTABLISHED 2677/java tcp6 0 0 127.0.0.1:8009 127.0.0.1:53608 ESTABLISHED 2677/java tcp6 0 0 127.0.0.1:45142 127.0.0.1:11002 ESTABLISHED 11096/java tcp6 0 0 127.0.0.1:43558 127.0.0.1:11002 ESTABLISHED 11096/java tcp6 0 0 127.0.0.1:45128 127.0.0.1:11002 ESTABLISHED 11096/java tcp6 0 0 127.0.0.1:45069 127.0.0.1:11002 ESTABLISHED 11096/java I presume that you could easily find out the process-id of your Tomcat, and the port number under which the database is accessed. It would be a simple matter to "grep" the above and count the lines, to get the answer you seem to want. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Best way to find out how many DB connections that are open at any given time
Ciao Joleen, maybe you could retrieve this information connecting via JMX (JConsole, VisualVM) to the tomcat instances. According to the way the datasource is configured, you could find a JMX bean exposing this information. Before that, tomcat should be launched in a way JMX connections are allowed from remote. For example, connecting via JMX I can find something under Catalina/Data Source/etc etc. HTH On Tue, Jan 10, 2017 at 5:10 PM, Joleen Barker wrote: > Hello All, > > Details: > Tomcat Version: 7.0.64.0 > Java Version: 1.8.0 > OS: AIX 6.1 > Database: Oracle 11 > > The web application installed on the server above makes data connections to > run file transfers from point A to point B. The default Database connection > setting that are set when the application server comes up are as follows: > > DataBasePoolingFlag - APACHE > MaxActive - 400 > MaxIdle - 20 > MinIdle - 10 > > We had an incident where all these connections were actually used up due to > a script someone had that looped. I need to determine at any given point in > time how many DB connections exist from the web application to the DB. > There may be more than one way to do this. I am sure there is a DB command > that could be run against the schema but the schema is pointed to by many > servers. I am wondering if there is a java command of some kind that I > could run that may tell me how many connections are open at that time or > possibly a tomcat or apache command. > > Thank you for the help in advance. > > Joleen >
Best way to find out how many DB connections that are open at any given time
Hello All, Details: Tomcat Version: 7.0.64.0 Java Version: 1.8.0 OS: AIX 6.1 Database: Oracle 11 The web application installed on the server above makes data connections to run file transfers from point A to point B. The default Database connection setting that are set when the application server comes up are as follows: DataBasePoolingFlag - APACHE MaxActive - 400 MaxIdle - 20 MinIdle - 10 We had an incident where all these connections were actually used up due to a script someone had that looped. I need to determine at any given point in time how many DB connections exist from the web application to the DB. There may be more than one way to do this. I am sure there is a DB command that could be run against the schema but the schema is pointed to by many servers. I am wondering if there is a java command of some kind that I could run that may tell me how many connections are open at that time or possibly a tomcat or apache command. Thank you for the help in advance. Joleen
RE: Vulnerability Issue with Apache Tomcat 8.0.15 with CSRF token
Hi Peter, Thank You! So, the solution would be to switch to the upgraded version for this fix? Thanks and Regards, Abhishek Kumar -Original Message- From: Kreuser, Peter [mailto:pkreu...@airplus.com] Sent: Tuesday, January 10, 2017 5:25 PM To: Tomcat Users List Subject: AW: Vulnerability Issue with Apache Tomcat 8.0.15 with CSRF token Hi Abishek, > -Ursprüngliche Nachricht- > Von: Kumar, Abhishek (IT Information Services ) > [mailto:abhishek.kum...@originenergy.com.au] > Gesendet: Dienstag, 10. Januar 2017 12:17 > An: users@tomcat.apache.org > Betreff: Vulnerability Issue with Apache Tomcat 8.0.15 with CSRF token > > > Hi, > > The Apache Tomcat web server running on the Load balancer is affected by an > information disclosure vulnerability in the index page of the Manager and > Host Manager applications. An unauthenticated attacker can exploit this > vulnerability to obtain a valid cross-site request forgery (CSRF) token > during the redirect issued when requesting /manager/ or /host-manager/. This > token can be utilized by an attacker to construct a CSRF attack. > > This is a Vulnerability issue with Tomcat 8.0.15. > > We have this version of Tomcat installed in our Servers. > > As suggested by Tomcat, this has been addressed and fixed after 8.0.32 > versions. > > Restrict access to the /manager URL from unauthorised IP addresses by > implementing access control lists that only permit authorised management > stations or subnets. For more information, see: > > https://urldefense.proofpoint.com/v2/url?u=http-3A__tomcat.apache.org_security-2D8.html-23Fixed-5Fin-5FApache-5FTomcat-5F8.0.32&d=DgIFAg&c=ZgVRmm3mf2P1-XDAyDsu4A&r=-JJsXOks_2Pd13691jEHA6PBSyPcGzblOMm00qdlxbs&m=54nd4qu7eMUZgW9FFIX2Q9G2FdQGJ69mCZu7VvFyN0s&s=y_OfZJOm3x6d8KgLtJS6flhRUDt_I8Aqk6kymbu3u2k&e= > > > But, We do not want to upgrade the Tomcat right now. > > Is there a way to implement this fix in our current Tomcat Version. > > > Kind Regards, > Abhishek Kumar > > Note: This email, including any attachments, is confidential. If you have > received this email in error, please advise the sender and delete it and all > copies of it from your system. If you are not the intended recipient of this > email, you must not use, print, distribute, copy or disclose its content to > anyone > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > from a security standpoint there is no way around updating. Specifically the CSRF attack is executed from the client, so whoever is at one of the authorized management stations will be executing the CSRF requests. Aside from this one vulnerability all versions up to the current 8.0.40 fix a whole load of flaws. So whenever you restrict access to the management console (via RemoteAddrValve), all other vulnerabilities that are more than Info disclosures will still persist. Best regards Peter Peter Kreuser AirPlus International Security Officer - Application Development - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
AW: Vulnerability Issue with Apache Tomcat 8.0.15 with CSRF token
Hi Abishek, > -Ursprüngliche Nachricht- > Von: Kumar, Abhishek (IT Information Services ) > [mailto:abhishek.kum...@originenergy.com.au] > Gesendet: Dienstag, 10. Januar 2017 12:17 > An: users@tomcat.apache.org > Betreff: Vulnerability Issue with Apache Tomcat 8.0.15 with CSRF token > > > Hi, > > The Apache Tomcat web server running on the Load balancer is affected by an > information disclosure vulnerability in the index page of the Manager and > Host Manager applications. An unauthenticated attacker can exploit this > vulnerability to obtain a valid cross-site request forgery (CSRF) token > during the redirect issued when requesting /manager/ or /host-manager/. This > token can be utilized by an attacker to construct a CSRF attack. > > This is a Vulnerability issue with Tomcat 8.0.15. > > We have this version of Tomcat installed in our Servers. > > As suggested by Tomcat, this has been addressed and fixed after 8.0.32 > versions. > > Restrict access to the /manager URL from unauthorised IP addresses by > implementing access control lists that only permit authorised management > stations or subnets. For more information, see: > > https://urldefense.proofpoint.com/v2/url?u=http-3A__tomcat.apache.org_security-2D8.html-23Fixed-5Fin-5FApache-5FTomcat-5F8.0.32&d=DgIFAg&c=ZgVRmm3mf2P1-XDAyDsu4A&r=-JJsXOks_2Pd13691jEHA6PBSyPcGzblOMm00qdlxbs&m=54nd4qu7eMUZgW9FFIX2Q9G2FdQGJ69mCZu7VvFyN0s&s=y_OfZJOm3x6d8KgLtJS6flhRUDt_I8Aqk6kymbu3u2k&e= > > > But, We do not want to upgrade the Tomcat right now. > > Is there a way to implement this fix in our current Tomcat Version. > > > Kind Regards, > Abhishek Kumar > > Note: This email, including any attachments, is confidential. If you have > received this email in error, please advise the sender and delete it and all > copies of it from your system. If you are not the intended recipient of this > email, you must not use, print, distribute, copy or disclose its content to > anyone > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > from a security standpoint there is no way around updating. Specifically the CSRF attack is executed from the client, so whoever is at one of the authorized management stations will be executing the CSRF requests. Aside from this one vulnerability all versions up to the current 8.0.40 fix a whole load of flaws. So whenever you restrict access to the management console (via RemoteAddrValve), all other vulnerabilities that are more than Info disclosures will still persist. Best regards Peter Peter Kreuser AirPlus International Security Officer - Application Development - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Vulnerability Issue with Apache Tomcat 8.0.15 with CSRF token
Hi, The Apache Tomcat web server running on the Load balancer is affected by an information disclosure vulnerability in the index page of the Manager and Host Manager applications. An unauthenticated attacker can exploit this vulnerability to obtain a valid cross-site request forgery (CSRF) token during the redirect issued when requesting /manager/ or /host-manager/. This token can be utilized by an attacker to construct a CSRF attack. This is a Vulnerability issue with Tomcat 8.0.15. We have this version of Tomcat installed in our Servers. As suggested by Tomcat, this has been addressed and fixed after 8.0.32 versions. Restrict access to the /manager URL from unauthorised IP addresses by implementing access control lists that only permit authorised management stations or subnets. For more information, see: https://urldefense.proofpoint.com/v2/url?u=http-3A__tomcat.apache.org_security-2D8.html-23Fixed-5Fin-5FApache-5FTomcat-5F8.0.32&d=DgIFAg&c=ZgVRmm3mf2P1-XDAyDsu4A&r=-JJsXOks_2Pd13691jEHA6PBSyPcGzblOMm00qdlxbs&m=54nd4qu7eMUZgW9FFIX2Q9G2FdQGJ69mCZu7VvFyN0s&s=y_OfZJOm3x6d8KgLtJS6flhRUDt_I8Aqk6kymbu3u2k&e= But, We do not want to upgrade the Tomcat right now. Is there a way to implement this fix in our current Tomcat Version. Kind Regards, Abhishek Kumar Note: This email, including any attachments, is confidential. If you have received this email in error, please advise the sender and delete it and all copies of it from your system. If you are not the intended recipient of this email, you must not use, print, distribute, copy or disclose its content to anyone - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Possible bug with Transfer-Encoding: chunked on Tomcat 8.5.9
I have found a work-around for my case. The original code of my servlet was like this: ObjectMapper mapper = new ObjectMapper(); // Jackson Mapper mapper.readValue(request.getInputStream(), "utf-8") I have added a buffer to hold all the request: byte[] content = readFully(request.getInputStream()); mapper.readValue(content, "utf-8") Now the error has disappeared. I have not checked the code of Jackson Mapper. Is is possible that the ChunkedInputFilter breaks in case of reading more times after the end of the stream ? (calling ServletInputStream#read more times after -1 marker) Should I file an issue ? I'm really sorry but today I have not time to create a working JUnit testcase to demostrate the issue. I can work on it next days. -- Enrico 2017-01-09 16:31 GMT+01:00 Enrico Olivelli : > Hi, I am upgrading from Tomcat 8.0.33 to 8.5.9. > I have the following error during a POST made with Apache-HttpClient 4.3.6 > > I this this is the bad "POST" > > FINE Jan 09, 2017 3:45:15 PM org.apache.coyote.http11.Http11InputBuffer > parseRequestLine > BUONO: Received [POST /majordodo HTTP/1.1 > Transfer-Encoding: chunked > Content-Type: application/json;charset=utf-8 > Host: sviluppo06-cs7.sviluppo.dna:11986 > Connection: Keep-Alive > User-Agent: Apache-HttpClient/4.3.6 (java 1.5) > Accept-Encoding: gzip,deflate > Authorization: Basic bWFnbmV3czptYWduZXdz > > 10b78 > ] > > > this is the stack trace of the error: > java.io.IOException: Invalid end of line sequence (character other than CR > or LF found) > at org.apache.coyote.http11.filters.ChunkedInputFilter. > throwIOException(ChunkedInputFilter.java:655) > at org.apache.coyote.http11.filters.ChunkedInputFilter. > parseCRLF(ChunkedInputFilter.java:475) > at org.apache.coyote.http11.filters.ChunkedInputFilter. > doRead(ChunkedInputFilter.java:262) > at org.apache.coyote.http11.Http11InputBuffer.doRead( > Http11InputBuffer.java:256) > at org.apache.coyote.Request.doRead(Request.java:540) > at org.apache.catalina.connector.InputBuffer.realReadBytes( > InputBuffer.java:319) > at org.apache.catalina.connector.InputBuffer.checkByteBufferEof( > InputBuffer.java:627) > at org.apache.catalina.connector.InputBuffer.read(InputBuffer. > java:342) > at org.apache.catalina.connector.CoyoteInputStream.read( > CoyoteInputStream.java:183) > > > Is it a client error on 'chunked' encoding format or is there some change > on Tomcat code which processes his kind of encoding ? > > I think that the client is sending a broken request, but before the > upgrade I did not get the error, is it possible ? > > I'm using Nio (not Nio2) http Connector, I'm going to to try Nio2 > > Thank you > Enrico Olivelli > > . >
RE: JSP compilation fails with Java 9
Tomcat 9.0.0.M15 ecj-4.6.1.jar With Java 9 build 146 JSP's are broken. Surprisingly with Java 9 build 151, same tomcat started compiling and executing JSPs very well :) Now that’s called sun chasers -Original Message- From: Rémy Maucherat [mailto:r...@apache.org] Sent: 10 January 2017 04:56 To: Tomcat Users List Subject: Re: JSP compilation fails with Java 9 2017-01-09 1:16 GMT-06:00 Patil, Shital : > We are assessing Java 9(early access) and JSP compilation is badly > broken with Java 9. Even basic java objects(java.lang.Object) are not > accessible while compilation. Appears to be because of jigsaw(modular) > > Any solution or alternative to this problem ? > > I tested Java 9 relatively recently, and normally JSP compilation is > the last remaining issue. I can confirm what was said: JDT doesn't have modules support, and it doesn't have a planning for it from what I saw. There have been some significant updates to the modules lately, so it would be unfair to blame the JDT people at this point. Rémy -Original Message- From: Mark Thomas [mailto:ma...@apache.org] Sent: 09 January 2017 17:40 To: Tomcat Users List Subject: Re: JSP compilation fails with Java 9 As far as I am aware, the JDT compiler that Jasper uses by default does not yet support Java 9. You should be able to configure Jasper to use javac for Java 9. From memory (I tested this some time ago), a basic JSP worked with Java 9. Whether more complex JSPs might hit some Jigsaw related issues is TBD. Worst case, you should be able to work-around them with command line options when starting Tomcat. I've looked at Java 9 support a couple of times but partly because it is still in a state of flux and partly because the JDT support was not there I haven't taken it very far. Mark -- From: Konstantin Kolinko [mailto:knst.koli...@gmail.com] Sent: 09 January 2017 19:55 To: Tomcat Users List Subject: Re: JSP compilation fails with Java 9 1. Tomcat full version number =? 2. ecj.jar version (in Tomcat's lib directory) =? 3. Does it work with a later version of ecj.jar? It is "JDT Core Batch Compiler" Downloadable from http://download.eclipse.org/eclipse/downloads/ http://download.eclipse.org/eclipse/downloads/drops4/R-4.6.2-201611241400/ (Tomcat 8.5 ships with 4.5.1, Tomcat 9 uses 4.6.1, latest release is 4.6.2, but there is also a milestone build of 4.7 available) Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
