Hi,
Can anyone suggest me How to Disable TRACE and DELETE methods in tomcat
6.x?
For security reason i want to
- Disable TRACE and DELETE methods
- Disable 8005 Port on Tomcat instance. Users can shutdown tomcat from that
port.
- Anand Singh
About cisco: Peter Lin, what was the model in your case?
Was it able to replicate sessions (sticky session maybe ) ?
Peter Lin wrote:
from past experience, it's much better to use hardware load balancing. At a
previous job, we had any where from 12-24 servers load balanced behind a
cisco local
Update on this thing Tomcat+SSL+keystore thing:
I dug into the Tomcat 5.5.25 source code to see what's really going on.
Here's what I found - hopefully it's useful to someone.
Tomcat SSL Connector entries accept the following parameters:
- keystorePass (password for the JKS (Java keystore)
-
Chris Hut wrote:
We use a global message .tag file to display any important updates to
users - by default it is blank but can be updated to say, e.g. Site
will be going down for maintenance in one hour.. We push these updates
by deploying an updated .tag file to our system.
In my opinion
I would be interested how much performance you were able to tickle
compared to default jvm settings?
Leon
And how many of the settings had to be reverted with switch to a newer
jdk, if any.
On Jan 31, 2008 3:49 AM, Peter Lin [EMAIL PROTECTED] wrote:
from past experience, it's much better to use
hi all --
I'm trying to hook the NIO connector to an engine, but I'm lost in how
to do this. I'm using Tomcat embedded, so I have an Engine instance,
from which I have a Session object. Can anyone take me from there?
Thanks!
-
yes, most hardware load balancer handle sticky sessions. this was back in
2001-2002. I don't know which model number it was, but it was part of
cisco's local director line of routers.
peter
On Jan 31, 2008 3:46 AM, andrey.morskoy [EMAIL PROTECTED]
wrote:
About cisco: Peter Lin, what was the
From: Anand Kumar Singh [mailto:[EMAIL PROTECTED]
Subject: How to Disable TRACE and DELETE methods in tomcat 6.x
- Disable TRACE and DELETE methods
Don't know, but I suspect a filter can be written to ignore them.
- Disable 8005 Port on Tomcat instance. Users can shutdown
tomcat from
From: Samuli Seppänen [mailto:[EMAIL PROTECTED]
Subject: Re: Tomcat 5.5 and SSL connector: keystore was
tampered with [SOLVED]
Tomcat SSL Connector entries accept the following parameters:
- keystorePass (password for the JKS (Java keystore)
- keypass (password for the key inside the JKS
This Book is a good one
Professional Apache Tomcat 6
http://www.wrox.com/WileyCDA/Section/id-WROX_SEARCH_RESULT.html?queryText=9780471753612field=keyword
aum kumar wrote:
Hi all,
I am a java based developer used tomcat for the development purpose.but onlu
know abt it in limited manner,i
Thanks guys for all the replies. I did get it to work - by adding
logic to manually create/update a JSESSIONID cookie with the Domain
set to the parent domain (e.g., company.com).This logic could be
placed into a tomcat valve, or in some other place along the request
control flow. Wanting
use
public Connector createConnector(String address, int port,String protocol)
set org.apache.coyote.http11.Http11NioProtocol as the protocol value
should work
Filip
brien colwell wrote:
hi all --
I'm trying to hook the NIO connector to an engine, but I'm lost in how
to do this. I'm using
come and see us in amsterdam
http://eu.apachecon.com/eu2008/program/talk/1001
Filip
aum kumar wrote:
Hi all,
I am a java based developer used tomcat for the development purpose.but onlu
know abt it in limited manner,i mean to say wat i have to use.
Now i have some individual projects to
Hello Peter, Wow! this is good stuff: exactly what I needed. I feel sorry for
the client when they see that first baseline! Thank you! David.
Peter Lin wrote ..
from past experience, it's much better to use hardware load balancing. At a
previous job, we had any where from 12-24 servers load
Hi,
i am trying to build a cluster of tomcats with mod_proxy_balancer.
At the moment my tomcats are connected via mod_proxy_http protocol port 80
tomcat uses compression and mod_proxy_balancer is doing fine with sending the
compressed content to the client.
I wonder if i can do the same with
From: Tony Chamberlain [mailto:[EMAIL PROTECTED]
We had tomcat running on port 8080 (which is default).
Since some people block that port we moved it to the
http port 80. Now some places that are expecting it on 8080
can't find it anymore.
Anyway to have it run on both? Maybe forward from
Anand Kumar Singh wrote:
Hi,
Can anyone suggest me How to Disable TRACE and DELETE methods in tomcat
6.x?
For security reason i want to
- Disable TRACE and DELETE methods
- Disable 8005 Port on Tomcat instance. Users can shutdown tomcat from that
port.
set port=-1
Filip
- Anand Singh
- Disable 8005 Port on Tomcat instance. Users can shutdown
tomcat from that port.
Only if you give them telnet or other direct access to the machine
Tomcat is running on. The shutdown port is used only with 127.0.0.1, no
other IP address.
Yes, and you also may change the shutdown
I'm using Tomcat 5.0.28, installed the option to start as a windows
service, and my question relates to an issue I've posted earlier about
sqljdbc.
For some reason, I cannot get a connection to our sql database using a
simple JSP page.
I'm using this connection information:
Hi again,
I try the config using keepAliveTime to 10:
Transport
className=org.apache.catalina.tribes.transport.nio.PooledParallelSender
timeout=6 keepAliveTime=10
keepAliveCount=0/
One more time, the cluster is not working, the big problem is that I cannot
reproduce the error at my backup
Hi,
You can have an apache HTTPd redirecting it to port 8080 of Tomcat.
Additionaly, if you're on Linux, you can do port forwarding with IPTables
-Original Message-
From: Tony Chamberlain [mailto:[EMAIL PROTECTED]
Sent: quinta-feira, 31 de Janeiro de 2008 15:18
To:
From: Leo Donahue - PLANDEVX [mailto:[EMAIL PROTECTED]
Changing the log on as user from Local System account to a domain
account seems straight forward. Under the Windows Services tool, I
double click Apache Tomcat and I specify the This account, under the
Log On tab, and put in some
Your are in basically the right spot. I have used TC for years and I am not
sure if there are any books that can help. My experience with any type of
Java/J2EE and related books are most books are outdated by the time you read
them. The only exception is: I wished Peter Lin would get his book
Incidentally, is the SQL Server on the same box or on a remote one?
If remote, you'll never get a SSPI connection using LocalSystem, as it's
local to the machine on which Tomcat's running.
Yes, SQL Server is on a remote physical server. That's why my sysadmin
suggested changing the log on user
I'll take this offline with you, and if we resolve it, we will post the
solution here
Filip
Raúl García wrote:
Hi again,
I try the config using keepAliveTime to 10:
Transport
className=org.apache.catalina.tribes.transport.nio.PooledParallelSender
timeout=6 keepAliveTime=10
I can't figure out the iptable commands to do it.
On Thu, Jan 31, 2008 at 9:45 AM, Peter Crowther [EMAIL PROTECTED]
wrote:
From: Tony Chamberlain [mailto:[EMAIL PROTECTED]
We had tomcat running on port 8080 (which is default).
Since some people block that port we moved it to the
http
Edit your server.xml. Find the Connector element for port 80. Copy the
Connector element and paste it. Change the port in the pasted one to 8080.
Restart Tomcat. No iptables needed.
-Original Message-
From: Tony Chamberlain [mailto:[EMAIL PROTECTED]
Sent: 31 January 2008 17:07
I create the keystore per instructions. My server.xml was modified
thusly:
Connector port=8443 protocol=HTTP/1.1 SSLEnabled=true
maxThreads=150 scheme=https secure=true
clientAuth=false sslProtocol=TLS
keystoreFile=c:\Documents and
Julio Cesar Leiva wrote:
We have an app on a m linux box dual processor dual core , 16GB RAM
We are wondering what could be the ideal size for Xmx and Xms (Java Heap
Size)
We have a load test that hits our server with 800 clients sending
request every sec.
Thanks for your tips.
Adding to
From: Juha Laiho [mailto:[EMAIL PROTECTED]
Subject: Re: Xmx and Xms size
This recommendation comes from seeing (albeit with a now
obsolete JVM) excessively long pauses for GC in a situation
where an application with memory leak had gradually been
given higher and higher Xmx values
When accessing an HTTPSession through a back door the session's last access
time is not updated. Is there any way to touch that session to update
that time or call a specific method to do so?
In other words I allow people to access their session through an xml request
that may be called from a
I've deployed a WAR for Railo (a CFML processor) and I have a site working
just fine through apache (with mod_jk) to point to my domain. My problem is
I want to be able to host multiple sites on my server using the Railo
application and have the httpdocs in a structure like /home/www/domain/ as
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
David,
David Delbecq wrote:
| Perhaps you can create a
| custom valve to do so (Alter response to change cookie domain, alter
| request to change the other way) :)
You only have to change the outgoing cookie domain; the browser does not
send the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Tony,
Tony Chamberlain wrote:
| No, it is not time sensitive. It is command sensitive (if that makes
| sense).
| Clicking a certain button in a jsp form
Then Tomcat should not have crashed. Did the JVM actually go down, or
did you just get an
I upgraded from 5.5.20--5.5.25 (RH linux) by copying new jars to
/common/lib and /server/lib
I then got these errors. Is this a bug in 5.5.25, or some sort of
problem with my upgrade method?
I'm now back to 5.5.20 jars and working fine again, but I'd like to upgrade.
Any suggestions?
From: George Payne [mailto:[EMAIL PROTECTED]
Subject: Upgrading to 5.5.25 causes File
/javax/servlet/resources/web-app_2_3.dtdnot found
I upgraded from 5.5.20--5.5.25 (RH linux) by copying new jars to
/common/lib and /server/lib
And what happens if you do a real install of a real Tomcat
Connector c =
e.createConnector((String)null,8080,org.apache.coyote.http11.Http11NioProtocol);
Filip
brien colwell wrote:
hi Filip,
Thanks for the tip. Any thoughts on why createConnector would give null?
embedded.createConnector( (InetAddress) null, port,
Well, I guess part of my question is: what does that mean?
I downloaded the 5.5.25 binary tar and used all the latest jar files
from it.
If no one else has seen this problem, I'll try a real install--by
which I assume you mean untarring, symlinking, and copying over webapps
and server.xml,
TC 5.5.25 servlet spec jumped to Servlet Spec 2.4/ JSP Spec 2.0
I dont think you can upgrade by copying in some of the jars in that way and
would suggest a fresh install
M
- Original Message -
From: George Payne [EMAIL PROTECTED]
To: Tomcat Users List users@tomcat.apache.org
Sent:
For cookie-based session tracking, when a user clicks a link on a jsp page,
how to make the request belong to a new session, not existing session.
Thanks!
dave
-
Never miss a thing. Make Yahoo your homepage.
From: Martin Gainty [mailto:[EMAIL PROTECTED]
Subject: Re: Upgrading to 5.5.25 causes File
/javax/servlet/resources/web-app_2_3.dtd not found
TC 5.5.25 servlet spec jumped to Servlet Spec 2.4/ JSP Spec 2.0
That jump was from 5.0.x to 5.5.x, not 5.5.20 to 5.5.25.
- Chuck
THIS
From: George Payne [mailto:[EMAIL PROTECTED]
Subject: Re: Upgrading to 5.5.25 causes File
/javax/servlet/resources/web-app_2_3.dtdnotfound
Well, I guess part of my question is: what does that mean?
We get many questions from people who try to use 3rd-party, repackaged
versions of Tomcat,
hey really thanks for giving me such wonderful answers.
i hope i will again put my queries when ever i wll find any one...
On 1/31/08, David Brown [EMAIL PROTECTED] wrote:
Your are in basically the right spot. I have used TC for years and I am
not sure if there are any books that can help. My
Hi Chuck,
I had tried with JDK 1.5, it was built successfully, however it need
ecj.jar to be built.
Thank you very much chuck.
*thanks and regards*
*subba reddy kalluri*
On Jan 30, 2008 7:14 PM, Caldarale, Charles R [EMAIL PROTECTED]
wrote:
From: KALLURI VENKATA SUBBA REDDY
hi Filip,
Still no success there ... I think I'm missing something fundamental.
Just in case anyone is interested, I'm running Tomcat 6.0.13, JDK
1.6.0_04, with libnative for the APR connector. I'm going to stick to
APR for now ... I wanted to run a benchmark, but it's not critical.
Best
I'm using Tomcat version 6.0.14.
What is the setting/config to automatically run updated classes
(without having to restart Tomcat each time I compile a .java file)?
David Schwartz
[EMAIL PROTECTED]
www.arrayone.com
-
For jsf page (myfaces), some data need to go through SSL such as bank
information.
For better performance, other pages(or forms) can use http.
h:form ... /h:form
h:form ... /h:form
if a form may contain personal data, it should be summitted using https. Also
we need to let
47 matches
Mail list logo