IIS Connector Redirect to Localhost?
Hi, I configured the isapi_redirect file for tomcat using the instructions I found online. The only twist I added, was instead of defining the ISAPI filter for the entire website, I used a wildcard map and instructed IIS 6.0 to use isapi_redirect.dll as the high priority wildcard map for an empty directory called C:\myapp. In my worker map, I defined /myapp to go to the ajp13 connector. If I visit the page in plain http, it seems to work fine all the time. I.e. http://www.example.com/myapp brings up the page. When I visit the page in https, ajp13 tries to redirect the client to localhost:8009 (which of course is not valid). But when I reload the page, it goes to the https://www.example.com/myapp. How can I avoid the redirect to localhost? I suspect I just need to put www.example.com http://www.example.com/ somewhere in server.xml, but there were 3 places with localhost specified, and I wasn't sure which one I should replace. Thanks. Patrick
RE: Using Tomcat with ISAPI Redirector
Hi, I finally found an answer to my problem, thanks to a few posts on the interenet. Here they mention the fact that NETWORK SERVICE needs WRITE access to the directory defined by the log_file key under HKEY_LOCAL_MACHINE\SOFTWARE\Apache Software Foundation\Jakarta Isapi Redirector\1.0 in the registry: http://forums.iis.net/p/1150483/1874510.aspx With that, I was finally able to see the behavior of redirecting to /jakarta/isapi_redirect.dll. Thanks to an old mail post by Larry Isaacs back in 2002. My problem was that I had the isapi_redirect.dll defined in both the Default Website AND the Web Sites folder in IIS. As Larry explains here: http://www.mail-archive.com/[EMAIL PROTECTED]/msg55430.html So the moral is: When you see something like ' Default redirection of /jakarta/isapi_redirect.dll ' or ' [/jakarta/isapi_redirect.dll] is not a servlet url ' in the redirect log as if it is searching tomcat for that resource, then you have at least 2 redirect filters defined in IIS. Patrick -Original Message- From: Patrick Markiewicz [mailto:[EMAIL PROTECTED] Sent: Thursday, July 24, 2008 2:28 PM To: Tomcat Users List Subject: Using Tomcat with ISAPI Redirector Hi, I'm using Apache Tomcat/5.5.4 with Plesk 8.2 on a Windows Server 2003 machine. The isapi redirector program is supposed to allow me to connect to my server, and redirect my request to Tomcat, if the url matches a certain pattern. I have multiple sites configured in IIS, including: PleskControlPanel and Default Web Site. Default Web Site was previously configured with a jakarta virtual directory that allows the isapi redirector to work properly. When I try to access http://www.example.com/examples, I find the tomcat error: HTTP Status 404 - /examples/ I configured PleskControlPanel (port 8880, ssl port 8443) to use a second jakarta virtual directory. However, when I try to access http://www.example.com:8880/examples, I find the tomcat error: HTTP Status 404 - /jakarta/isapi_redirect.dll Does anyone know why IIS would be passing the URI: /jakarta/isapi_redirect.dll to Tomcat at that point? Is there a way to configure IIS so that /jakarta/isapi_redirect.dll is resolved properly (as the filter, not the URI) and so that the next URI delivered to Tomcat is /examples/ ? Patrick - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: https j_security_check now really Solved :P
Do I need to configure separate connectors for the isapi_redirect.dll to = work properly? I realize that this discussion is about apache, and not = iis, but I've had no ability to connect to = https://SAMPLE-DOMAIN.com:8443/examples, and I can't understand why. Patrick -Original Message- From: Julio César Chaves Fernández [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 20, 2008 12:33 AM To: Tomcat Users List Subject: RE: https j_security_check now really Solved :P Hi, Yes, it worked with only that connector ... the requests that came from http over apache and went to the AJP connector were redirected by te port defined as redirectPort in the connector...so changing this to 443 as in the second scheme you propose did the job...thanks for helping and again my apologies for all the trouble or headaches caused ;). Julio César Date: Tue, 19 Aug 2008 13:14:51 -0400 From: [EMAIL PROTECTED] To: users@tomcat.apache.org Subject: Re: https j_security_check apparently Solved :P -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Julio, Julio César Chaves Fernández wrote: I'm sorry but i read the previous question and now that i notice i doesn't make any sense given that apache is connecting tomcat by AJP connector ... the question would be if there is a way to redirect a request over http for an application that has a confidential transport guarantee defined in the application not through the port defined in the AJP connector but by port 443? If you want all traffic to be handled by Apache httpd and mod_jk in this way: Client --- HTTP (80) --- Apache httpd --- AJP (8100) --- Tomcat Client --- HTTPS (443) --- Apache httpd --- AJP (8100) --- Tomcat Then you need only a single connector: Connector port=8100 protocol=AJP/1.3 / (Plus any other settings you want to add). Apache httpd will handle all of the HTTPS stuff for you. Remove all other connectors from Tomcat. If you want to be able to support alternate ports that go directly to Tomcat, like this: Client --- HTTP (80) --- Tomcat Client --- HTTPS (443) --- Tomcat Then you will need two connectors: Connector port=80 / Connector port=443 scheme=https sslProtocol=TLS/ (Plus any other settings you want to add). If you want to support both configurations at the same time, you will need 3 connectors, but each with unique port numbers. Something like this: Client --- HTTP (80) --- Apache httpd --- AJP (8100) --- Tomcat Client --- HTTPS (443) --- Apache httpd --- AJP (8100) --- Tomcat Client --- HTTP (8080) --- Tomcat Client --- HTTPS (8443) --- Tomcat Connector port=8100 protocol=AJP/1.3 / !-- for AJP -- Connector port=8080 redirectPort=8443 / !-- for HTTP -- Connector port=8443 scheme=https sslProtocol=TLS/ If you want to use port 443 as the redirect port for your 8080 connector, then go ahead and do it. However, to me it only makes sense to support /either/ direct-to-Tomcat /or/ via-Apache-httpd configurations. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkiq/4sACgkQ9CaO5/Lv0PC7dwCgky/b57zH2RYKBc14jPo1mNXQ /g8AnAhjkevlaEyaoG0B7Pz3txgn8FFp =BhcA -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] _ Connect to the next generation of MSN Messenger http://imagine-msn.com/messenger/launch80/default.aspx?locale=en-ussource=wlmailtagline - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [BULK] Using tabbed browsers causes session sharing
Hi, A session boils down to a cookie sent between the browser and the server. So the only way you could create 2 sessions is if the IE browser would keep cookies independent on each tab. I don't know of any browser that associates cookies with anything but the site. I.e. when you login on tab 2, your browser sends the existing cookie that is associated with the tomcat site, and it auto logs in to A's profile. You could think about changing mozilla's source code to create a browser that allows it, but how would you change the profile for each tab? Would tab 3 remember that you logged into google mail already? Or would you have to log in again? Patrick -Original Message- From: murthy gandikota [mailto:[EMAIL PROTECTED] Sent: Friday, August 15, 2008 2:15 PM To: users@tomcat.apache.org Subject: [BULK] Using tabbed browsers causes session sharing Importance: Low Hello All While using tabbed browsers (e.g. IE 7) I am facing a login problem. Say on Tab#1 I login with a username A, on Tab#2 I login with username B, I still see A's session. Apparently the browser/Tomcat doesn't create a new session. Has anyone faced this problem? Are there any fixes? Thanks Murthy - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Cool SSL/TLS Deployment Trick! How Does It Work?
Hi Warren, It is my understanding that all tomcat does with a WAR file is unjar it. I.e. whatever is in the war becomes extracted into a particular location. Tomcat does not edit any of the files that come from the WAR file, it just reads those files for servlet mappings (web.xml) and compiler instructions (*.jsp). Hence, you could actually copy new-web-app.war into the secure application first, and www.secure-mydomain.com/new-web-app would point to the new-web-app as expected. The second part of the trick is nothing new. All you're basically doing is putting instructions in a separate web app to redirect to the secure page. I could put that on MY web page: % something like Dispatcher.redirect(https://www.secure-mydomain.com/new-web-app/ % The generated response would be 302 Moved to www.secure-mydomain.com/new-web-app and the user's browser would simply follow the Move instruction to the new location. Of course, since www.secure-mydomain.com has a valid certificate, there's no certificate error. There are a few caveats. The virtual web app could never use absolute references to its URL; www.new-web-app.com/not/the/index.jsp would either return 404 errors or it would not be secure. Also, if the webapp uses the domain name as a key into some database, the domain name would always be www.secure-mydomain.com and not whatever virtual host was defined by the webapp. Patrick -Original Message- From: Warren Killian [mailto:[EMAIL PROTECTED] Sent: Monday, August 04, 2008 2:41 PM To: users@tomcat.apache.org Subject: Cool SSL/TLS Deployment Trick! How Does It Work? Hello users@tomcat.apache.org, The company I recently started working at does a very interesting trick in order to facilitate SSL/TLS connections and I am baffled as to how it actually works. First, some background: === Tomcat Version: jakarta-tomcat-5.5.9 OS: SuSE Enterprise Linux Brief Description of the Trick: = We deploy multiple distinct (unsecure) web applications inside of another (secure) web application's deployment directory in order to achieve SSL/TLS connections without the user being nagged about Certificate/Domain name mismatches. The reason for this I am told is that we only have one server certificate for our one server IP address but we host multiple virtual domains. The bosses don't want the clients/end-users getting that funny domain name mismatch nagg window when they first go to one of our hosted web apps. Its true! We have one virtual host (secure-mydomain.com) configured in our Tomcat instance. Its specification/declaration in server.xml is seemingly quite normal: Host name=secure-mydomain.com appBase=/some/directory/secure-mydomain.com Aliaswww.secure-mydomain.com/Alias Valve className=org.apache.catalina.valves.AccessLogValve directory=logs prefix=access-secure-mydomain.com- suffix=.log pattern=combined/ /Host We have a server Certificate for secure-mydomain.com for which we have defined a connector: Connector port=443 maxHttpHeaderSize=8192 maxThreads=200 minSpareThreads=25 maxSpareThreads=75 enableLookups=false disableUploadTimeout=true acceptCount=150 scheme=https secure=true keystoreFile=/some/other/directory/secure-mydomain.com.keystore keystorePass=none-of-your-beeswax clientAuth=false sslProtocol=TLS/ Now for the weird part. Whenever our developers create a new web app which requires SSL/TLS, they: 1.) deploy the new web app to its own (unsecure) virtual host. 2.) copy the new web app deployment directory into the secure web app's deployment directory (/some/directory/secure-mydomain.com/). So, there now exists for the secure web app a directory structure such as: secure-mydomain.com ROOT WEB-INF web.xml new-web-app WEB-INF web.xml another-new-web-app WEB-INF web.xml yet-another-new-web-app WEB-INF web.xml 3.) replace the new (unsecure) web app's index.jsp file with one which sends a redirect to www.secure-mydomain.com/new-web-app/. Voila! The user is redirected to the new web app under secure-mydomain.com/new-web-app/ with a secure SSL/TLS connection and the new-web-app seems to works fine. I'm no expert at Tomcat or web app deployment. But I have read about the directory structure of J2EE compiant web applications. It seems to me that we are literally copying one (unsecure) web app and its entire directory structure into another (secure) web apps directory structure. But everything seems to work. Tomcat seems to recognize the deployment descriptors of each new web
RE: receiving 404 page not found from godaddy.com
Is the error coming from tomcat? Or does it look like it could be from IIS? My experience with GoDaddy is that they are not very helpful. Even with a dedicated server account, they don't disclose to you what ports are available. You have to find a problem and basically prove to them that they're firewalling a port, and then they say that's a port we don't allow. E.g. port 8080 is off-limits on a dedicated server. That said, I've had success publishing war files/jsp files on my tomcat instance. Patrick -Original Message- From: jim stone [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 29, 2008 9:45 AM To: users@tomcat.apache.org Subject: receiving 404 page not found from godaddy.com I have a small jsp application which I packaged as a war file and deployed to my godaddy user account. The war exploded as expected. In my webapp, under the newly exploded context root, I am able to hit the html files, however, the jsp's are giving me a 404 not found. I have tested this locally using tomcat 5.5 and it works like a charm. I've contacted godaddy.com to find out what may be the reason for the 404 error and all the rep said was that my account is not showing any errors and that's all he could do for me. He said they could not help with deployment issues. If I wanted better diagnostics, I needed to upgrade to a dedicated server. I do have java/jsp enabled for the site so it should work. I chose to deploy as a war because it's much easier to deploy, however, I'm wondering if I should deploy the file individually. Has anyone had this same experience with deploying war files to godaddy.com. I'm considering using another host as I've had nothing but problems with this company. -- Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Using Tomcat with ISAPI Redirector
Hi, I'm using Apache Tomcat/5.5.4 with Plesk 8.2 on a Windows Server 2003 machine. The isapi redirector program is supposed to allow me to connect to my server, and redirect my request to Tomcat, if the url matches a certain pattern. I have multiple sites configured in IIS, including: PleskControlPanel and Default Web Site. Default Web Site was previously configured with a jakarta virtual directory that allows the isapi redirector to work properly. When I try to access http://www.example.com/examples, I find the tomcat error: HTTP Status 404 - /examples/ I configured PleskControlPanel (port 8880, ssl port 8443) to use a second jakarta virtual directory. However, when I try to access http://www.example.com:8880/examples, I find the tomcat error: HTTP Status 404 - /jakarta/isapi_redirect.dll Does anyone know why IIS would be passing the URI: /jakarta/isapi_redirect.dll to Tomcat at that point? Is there a way to configure IIS so that /jakarta/isapi_redirect.dll is resolved properly (as the filter, not the URI) and so that the next URI delivered to Tomcat is /examples/ ? Patrick - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Spam Score
What is the tomcat mailing list spam score, and why am I unable to send my email to post a question? Patrick
RE: Spam Score
For some reason, my original question is undeliverable, and the tomcat mailing list sends me: users@tomcat.apache.org on 7/22/2008 2:28 PM The e-mail system was unable to deliver the message, but did not report a specific reason. Check the address and try again. If it still fails, contact your system administrator. XX; host mx1.us.apache.org[140.211.11.136] said:552 spam score (5.6) exceeded threshold (in reply to end of DATA command) XX is a placeholder for my mailserver's actual address. Are there specific things that are not allowed? Like having URLs in my email? I'll try reposting that message. Patrick -Original Message- From: Bill Davidson [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 22, 2008 2:34 PM To: Tomcat Users List Subject: Re: Spam Score Patrick Markiewicz wrote: What is the tomcat mailing list spam score, and why am I unable to send my email to post a question? You just posted a question. I don't know what you mean by spam score. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Isapi Redirector Question
Hi, I have a question about the isapi redirector. I am using Plesk. On port 80, the redirector works fine. On port 8880, the redirector fails to retrieve the specified tomcat application and returns a status code of not found for slash jakarta slash isapi underscore redirect dot dll. I've spelled out the path to the file because the tomcat mailing list is rejecting my original more detailed email as spam. Is there a configuration change that is necessary for the isapi redirector to work on port 8880? Patrick
RE: Isapi Redirector Question
Attempt to post the original question: I'm running into trouble trying to use the isapi_redirect that comes with Plesk 8.2. Basically, if my web application is on a port other than 80, the redirector appears to present the url /jakarta/isapi_redirect.dll to Tomcat instead of the url of my web application. I.e. I had the redirector set up, and http://localhost/examples shows a 404 from tomcat that /examples/ is not found. But http://localhost:8880/examples shows a 404 from tomcat that /jakarta/isapi_redirect.dll is not found. Originally I thought that I had a problem if isapi_redirect was shared between 2 websites in IIS, so I copied the dll to another directory and added a separate extension that uses the copy of the dll. The only differences between the 2 websites are: Default Application (port 80) is part of an application pool, and it does not have SSL as an option. Plesk Application (port 8880 and port 8443) are not isolated, and it does have SSL on port 8443. The file where the redirector log is supposed to go does not exist. So there is no log being created for the actual redirector. The W3SVC log shows that /myapp/GetFileData (my application) is found with a 200 status code, but the end result presented in the browser is /jakarta/isapi_redirect.dll with a 404 error. Is there a change to worker.properties or uriworker.properties that needs to change to indicate that port 8880 is being used instead of port 80? Thanks. Patrick -Original Message- From: Patrick Markiewicz [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 22, 2008 2:54 PM To: users@tomcat.apache.org Subject: Isapi Redirector Question Hi, I have a question about the isapi redirector. I am using Plesk. On port 80, the redirector works fine. On port 8880, the redirector fails to retrieve the specified tomcat application and returns a status code of not found for slash jakarta slash isapi underscore redirect dot dll. I've spelled out the path to the file because the tomcat mailing list is rejecting my original more detailed email as spam. Is there a configuration change that is necessary for the isapi redirector to work on port 8880? Patrick - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Spam Score
Apparently the plain text suggestion worked. Thanks. -Original Message- From: Len Popp [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 22, 2008 2:55 PM To: Tomcat Users List Subject: Re: Spam Score If you can't re-post the original email successfully, try: - posting in plain text format, not HTML - removing URLs - posting from a different email account, or from a web gateway such as nabble.com Perhaps the mailing list admin can give us some hints about what to avoid when sending email to this list. Or tell us what anti-spam software is running on mx1.us.apache.org - maybe there is documentation about how to compose emails so they're not scored as spam. -- Len On Tue, Jul 22, 2008 at 14:46, Patrick Markiewicz [EMAIL PROTECTED] wrote: For some reason, my original question is undeliverable, and the tomcat mailing list sends me: users@tomcat.apache.org on 7/22/2008 2:28 PM The e-mail system was unable to deliver the message, but did not report a specific reason. Check the address and try again. If it still fails, contact your system administrator. XX; host mx1.us.apache.org[140.211.11.136] said:552 spam score (5.6) exceeded threshold (in reply to end of DATA command) XX is a placeholder for my mailserver's actual address. Are there specific things that are not allowed? Like having URLs in my email? I'll try reposting that message. Patrick -Original Message- From: Bill Davidson [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 22, 2008 2:34 PM To: Tomcat Users List Subject: Re: Spam Score Patrick Markiewicz wrote: What is the tomcat mailing list spam score, and why am I unable to send my email to post a question? You just posted a question. I don't know what you mean by spam score. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]