RE: Urgent help tomcat 9 and https 8443

[Siva.Saravanamuthu]

Below is the catalina.log output

12-Mar-2020 19:57:18.885 INFO [main] org.apache.coyote.AbstractProtocol.pause 
Pausing ProtocolHandler ["https-openssl-apr-8443"]
12-Mar-2020 19:57:18.969 INFO [main] org.apache.coyote.AbstractProtocol.stop 
Stopping ProtocolHandler ["https-openssl-apr-8443"]
12-Mar-2020 19:57:18.969 INFO [main] org.apache.coyote.AbstractProtocol.destroy 
Destroying ProtocolHandler ["https-openssl-apr-8443"]
12-Mar-2020 20:34:44.758 SEVERE [main] 
org.apache.catalina.util.LifecycleBase.handleSubClassException Failed to 
initialize component 
[Connector[org.apache.coyote.http11.Http11AprProtocol-8443]]
12-Mar-2020 20:36:34.657 INFO [main] org.apache.coyote.AbstractProtocol.pause 
Pausing ProtocolHandler ["https-openssl-apr-8443"]
12-Mar-2020 20:36:34.704 INFO [1] org.apache.coyote.AbstractProtocol.stop 
Stopping ProtocolHandler ["https-openssl-apr-8443"]
12-Mar-2020 20:36:34.705 INFO [1] org.apache.coyote.AbstractProtocol.destroy 
Destroying ProtocolHandler ["https-openssl-apr-8443"]
12-Mar-2020 20:36:36.981 SEVERE [main] 
org.apache.catalina.util.LifecycleBase.handleSubClassException Failed to 
initialize component 
[Connector[org.apache.coyote.http11.Http11AprProtocol-8443]]
12-Mar-2020 23:05:08.376 INFO [main] org.apache.coyote.AbstractProtocol.pause 
Pausing ProtocolHandler ["https-openssl-apr-8443"]
12-Mar-2020 23:05:08.426 INFO [main] org.apache.coyote.AbstractProtocol.stop 
Stopping ProtocolHandler ["https-openssl-apr-8443"]
12-Mar-2020 23:05:08.426 INFO [main] org.apache.coyote.AbstractProtocol.destroy 
Destroying ProtocolHandler ["https-openssl-apr-8443"]
12-Mar-2020 23:05:10.776 INFO [main] org.apache.coyote.AbstractProtocol.init 
Initializing ProtocolHandler ["https-jsse-nio-8443"]
12-Mar-2020 23:05:10.798 SEVERE [main] 
org.apache.catalina.util.LifecycleBase.handleSubClassException Failed to 
initialize component [Connector[HTTP/1.1-8443]]
12-Mar-2020 23:09:23.385 INFO [main] org.apache.coyote.AbstractProtocol.pause 
Pausing ProtocolHandler ["https-jsse-nio-8443"]
12-Mar-2020 23:09:23.439 INFO [main] org.apache.coyote.AbstractProtocol.stop 
Stopping ProtocolHandler ["https-jsse-nio-8443"]
12-Mar-2020 23:09:23.440 INFO [main] org.apache.coyote.AbstractProtocol.destroy 
Destroying ProtocolHandler ["https-jsse-nio-8443"]
12-Mar-2020 23:09:25.703 INFO [main] org.apache.coyote.AbstractProtocol.init 
Initializing ProtocolHandler ["https-jsse-nio-8443"]
12-Mar-2020 23:09:25.723 SEVERE [main] 
org.apache.catalina.util.LifecycleBase.handleSubClassException Failed to 
initialize component [Connector[HTTP/1.1-8443]]
12-Mar-2020 23:10:47.171 INFO [main] org.apache.coyote.AbstractProtocol.pause 
Pausing ProtocolHandler ["https-jsse-nio-8443"]
12-Mar-2020 23:10:47.225 INFO [main] org.apache.coyote.AbstractProtocol.stop 
Stopping ProtocolHandler ["https-jsse-nio-8443"]
12-Mar-2020 23:10:47.225 INFO [main] org.apache.coyote.AbstractProtocol.destroy 
Destroying ProtocolHandler ["https-jsse-nio-8443"]
12-Mar-2020 23:10:49.473 INFO [main] org.apache.coyote.AbstractProtocol.init 
Initializing ProtocolHandler ["https-jsse-nio-8443"]
12-Mar-2020 23:10:49.494 SEVERE [main] 
org.apache.catalina.util.LifecycleBase.handleSubClassException Failed to 
initialize component [Connector[HTTP/1.1-8443]]

From: Arvind Kumar (ZNetLive) 
Sent: Friday, 13 March 2020 12:24 PM
To: Tomcat Users List 
Cc: Saravanamuthu, Sivakumar (Siva) AU/PKV 
Subject: [EXT] RE: Urgent help tomcat 9 and https 8443

EXTERNAL: This email originated from outside of the organization. Do not click 
any links or open any attachments unless you trust the sender and know the 
content is safe.



FYI
From: Arvind Kumar (ZNetLive)
Sent: 13 March 2020 06:53
To: Tomcat Users List mailto:users@tomcat.apache.org>>
Subject: RE: Urgent help tomcat 9 and https 8443

Please make sure port 8443 is listing if not try to restart your tomcat once 
and then check the listing, once you get it is listing, please run below 
command to allow 8443 to open outside of your server.

iptables -I INPUT -m tcp -p tcp -s  0.0.0.0/0 --dport 8080 -j ACCEPT

How to check 8443 Is listing,

Netstat -tnap | grep 8443

From: siva.saravanamu...@csl.com.au 
mailto:siva.saravanamu...@csl.com.au>>
Sent: 13 March 2020 06:17
To: users@tomcat.apache.org
Subject: Urgent help tomcat 9 and https 8443

Hello Everyone,

I am new to this group and tomcat.

I am having issue with tomcat 9 using port 8443. I configured tomcat 8443  
using CA certificate and my configuration are as follow.




I verified the certificate file using openssl command and certificate working 
fine and there is no issue with the certificate.

#openssl verify dlkopatu001.crt
dlkopatu001.crt: OK


But for unknown reason port 8443 is not listening and because of that I am not 
able to access url using 

RE: Urgent help tomcat 9 and https 8443

[Siva.Saravanamuthu]

Thanks for the reply.

There is no firewall or selinux and it is not listening that is the problem.  
Not sure where it is failing ?

From: Arvind Kumar (ZNetLive) 
Sent: Friday, 13 March 2020 12:24 PM
To: Tomcat Users List 
Cc: Saravanamuthu, Sivakumar (Siva) AU/PKV 
Subject: [EXT] RE: Urgent help tomcat 9 and https 8443

EXTERNAL: This email originated from outside of the organization. Do not click 
any links or open any attachments unless you trust the sender and know the 
content is safe.



FYI
From: Arvind Kumar (ZNetLive)
Sent: 13 March 2020 06:53
To: Tomcat Users List mailto:users@tomcat.apache.org>>
Subject: RE: Urgent help tomcat 9 and https 8443

Please make sure port 8443 is listing if not try to restart your tomcat once 
and then check the listing, once you get it is listing, please run below 
command to allow 8443 to open outside of your server.

iptables -I INPUT -m tcp -p tcp -s  0.0.0.0/0 --dport 8080 -j ACCEPT

How to check 8443 Is listing,

Netstat -tnap | grep 8443

From: siva.saravanamu...@csl.com.au 
mailto:siva.saravanamu...@csl.com.au>>
Sent: 13 March 2020 06:17
To: users@tomcat.apache.org
Subject: Urgent help tomcat 9 and https 8443

Hello Everyone,

I am new to this group and tomcat.

I am having issue with tomcat 9 using port 8443. I configured tomcat 8443  
using CA certificate and my configuration are as follow.




I verified the certificate file using openssl command and certificate working 
fine and there is no issue with the certificate.

#openssl verify dlkopatu001.crt
dlkopatu001.crt: OK


But for unknown reason port 8443 is not listening and because of that I am not 
able to access url using 
https://url:8443

Please help me to resolve this issue.


Regards,

Sivakumar Saravanamuthu
Senior Systems Engineer, Open Systems
CSL Limited
POA2 , 189-209 Camp Road, Broadmeadows | VIC 3047 | Australia
siva.saravanamu...@csl.com.au
http://www.csl.com.au
Mobile: +61 419 835 682
Please consider the environment before printing this email.
[cid:image002.jpg@01D3F0F5.A4968CE0]




This email, including any attachments, is confidential and contains proprietary 
content and may be legally privileged. This transmission is intended only for 
the designated recipient(s), and any duplication or distribution, in any form 
or part, without the written consent of the sender is strictly prohibited. Any 
confidentiality or privilege is not waived or lost if this email has been sent 
to you by mistake, in which case you should not read, copy, adapt, use or 
disclose this message. If you've received this email by mistake, please delete 
the message, disregard its contents and notify the sender of the mistake. Any 
personal information in this email must be handled in accordance with 
applicable privacy laws.




This email, including any attachments, is confidential and contains proprietary 
content and may be legally privileged. This transmission is intended only for 
the designated recipient(s), and any duplication or distribution, in any form 
or part, without the written consent of the sender is strictly prohibited. Any 
confidentiality or privilege is not waived or lost if this email has been sent 
to you by mistake, in which case you should not read, copy, adapt, use or 
disclose this message. If you've received this email by mistake, please delete 
the message, disregard its contents and notify the sender of the mistake. Any 
personal information in this email must be handled in accordance with 
applicable privacy laws.

RE: Urgent help tomcat 9 and https 8443

[Arvind Kumar (ZNetLive)]

FYI
From: Arvind Kumar (ZNetLive)
Sent: 13 March 2020 06:53
To: Tomcat Users List 
Subject: RE: Urgent help tomcat 9 and https 8443

Please make sure port 8443 is listing if not try to restart your tomcat once 
and then check the listing, once you get it is listing, please run below 
command to allow 8443 to open outside of your server.

iptables -I INPUT -m tcp -p tcp -s  0.0.0.0/0 --dport 8080 -j ACCEPT

How to check 8443 Is listing,

Netstat -tnap | grep 8443

From: siva.saravanamu...@csl.com.au 
mailto:siva.saravanamu...@csl.com.au>>
Sent: 13 March 2020 06:17
To: users@tomcat.apache.org
Subject: Urgent help tomcat 9 and https 8443

Hello Everyone,

I am new to this group and tomcat.

I am having issue with tomcat 9 using port 8443. I configured tomcat 8443  
using CA certificate and my configuration are as follow.




I verified the certificate file using openssl command and certificate working 
fine and there is no issue with the certificate.

#openssl verify dlkopatu001.crt
dlkopatu001.crt: OK


But for unknown reason port 8443 is not listening and because of that I am not 
able to access url using https://url:8443

Please help me to resolve this issue.


Regards,

Sivakumar Saravanamuthu
Senior Systems Engineer, Open Systems
CSL Limited
POA2 , 189-209 Camp Road, Broadmeadows | VIC 3047 | Australia
siva.saravanamu...@csl.com.au
http://www.csl.com.au
Mobile: +61 419 835 682
Please consider the environment before printing this email.
[cid:image002.jpg@01D3F0F5.A4968CE0]




This email, including any attachments, is confidential and contains proprietary 
content and may be legally privileged. This transmission is intended only for 
the designated recipient(s), and any duplication or distribution, in any form 
or part, without the written consent of the sender is strictly prohibited. Any 
confidentiality or privilege is not waived or lost if this email has been sent 
to you by mistake, in which case you should not read, copy, adapt, use or 
disclose this message. If you've received this email by mistake, please delete 
the message, disregard its contents and notify the sender of the mistake. Any 
personal information in this email must be handled in accordance with 
applicable privacy laws.

RE: Urgent help tomcat 9 and https 8443

[Arvind Kumar (ZNetLive)]

Please make sure port 8443 is listing if not try to restart your tomcat once 
and then check the listing, once you get it is listing, please run below 
command to allow 8443 to open outside of your server.

iptables -I INPUT -m tcp -p tcp -s  0.0.0.0/0 --dport 8080 -j ACCEPT

How to check 8443 Is listing,

Netstat -tnap | grep 8443

From: siva.saravanamu...@csl.com.au 
Sent: 13 March 2020 06:17
To: users@tomcat.apache.org
Subject: Urgent help tomcat 9 and https 8443

Hello Everyone,

I am new to this group and tomcat.

I am having issue with tomcat 9 using port 8443. I configured tomcat 8443  
using CA certificate and my configuration are as follow.




I verified the certificate file using openssl command and certificate working 
fine and there is no issue with the certificate.

#openssl verify dlkopatu001.crt
dlkopatu001.crt: OK


But for unknown reason port 8443 is not listening and because of that I am not 
able to access url using https://url:8443

Please help me to resolve this issue.


Regards,

Sivakumar Saravanamuthu
Senior Systems Engineer, Open Systems
CSL Limited
POA2 , 189-209 Camp Road, Broadmeadows | VIC 3047 | Australia
siva.saravanamu...@csl.com.au
http://www.csl.com.au
Mobile: +61 419 835 682
Please consider the environment before printing this email.
[cid:image002.jpg@01D3F0F5.A4968CE0]




This email, including any attachments, is confidential and contains proprietary 
content and may be legally privileged. This transmission is intended only for 
the designated recipient(s), and any duplication or distribution, in any form 
or part, without the written consent of the sender is strictly prohibited. Any 
confidentiality or privilege is not waived or lost if this email has been sent 
to you by mistake, in which case you should not read, copy, adapt, use or 
disclose this message. If you've received this email by mistake, please delete 
the message, disregard its contents and notify the sender of the mistake. Any 
personal information in this email must be handled in accordance with 
applicable privacy laws.

Urgent help tomcat 9 and https 8443

[Siva.Saravanamuthu]

Hello Everyone,

I am new to this group and tomcat.

I am having issue with tomcat 9 using port 8443. I configured tomcat 8443  
using CA certificate and my configuration are as follow.




I verified the certificate file using openssl command and certificate working 
fine and there is no issue with the certificate.

#openssl verify dlkopatu001.crt
dlkopatu001.crt: OK


But for unknown reason port 8443 is not listening and because of that I am not 
able to access url using https://url:8443

Please help me to resolve this issue.


Regards,

Sivakumar Saravanamuthu
Senior Systems Engineer, Open Systems
CSL Limited
POA2 , 189-209 Camp Road, Broadmeadows | VIC 3047 | Australia
siva.saravanamu...@csl.com.au
http://www.csl.com.au
Mobile: +61 419 835 682
Please consider the environment before printing this email.
[cid:image002.jpg@01D3F0F5.A4968CE0]





This email, including any attachments, is confidential and contains proprietary 
content and may be legally privileged. This transmission is intended only for 
the designated recipient(s), and any duplication or distribution, in any form 
or part, without the written consent of the sender is strictly prohibited. Any 
confidentiality or privilege is not waived or lost if this email has been sent 
to you by mistake, in which case you should not read, copy, adapt, use or 
disclose this message. If you've received this email by mistake, please delete 
the message, disregard its contents and notify the sender of the mistake. Any 
personal information in this email must be handled in accordance with 
applicable privacy laws.

Re: Tomcat 8.5.51 (Linux) issue with the tomcat manager and empty responses of the manager's "stop" command

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Tillmann,

On 3/12/20 11:01, Tillmann Schulz wrote:
> Hello tomcat user group,
>
> since our update from Tomcat 8.5.50 to 8.5.51 (Linux) I got a issue
> with the "tomcat manager", when calling the manager's "stop"
> command by socket command. With the following socket command I try
> to stop the application app1: GET /manager/text/stop?path=/app1
> HTTP/1.1
>
>
> In some cases the response is empty. Our log says:
>
> 2020-03-10 19:17:14,951 [pool-1-thread-1] DEBUG - MANAGER REQUEST:
> GET /manager/text/stop?path=/app1 HTTP/1.1 Host: localhost:8080
> Authorization: Basic xxx 2020-03-10 19:17:34,977
> [pool-1-thread-1] DEBUG - MANAGER RESPONSE:
>
>
> As you see the stop command has no response after a time of 20
> seconds (Client Socket Timeout is 5 minutes) I guess that the
> tomcat (serverside/servlet) timeout of 20 seconds causes the call
> to end.
>
> But why is the response in some cases empty? This is not as
> described in the tomcat documentation.
>
> Is it possible, that the tomcat server is stopped, when the issue
> occurs? But why is there a delay of 20 secs? And why does this
> issue not occur with tomcat 8.5.50?

Are you able to make other /manager requests and get a good response?

- -chris
-BEGIN PGP SIGNATURE-
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl5qivcACgkQHPApP6U8
pFi4qQ/+LYetRFfD+pIs0LAynSO00nkakwcQa8cO9QrmUtYH9GChZL3UiDFerVFi
Ejr+sONASD3iaZ3t3/9JTapZGUV9yL6EIW043X1cnvHqP3Z8vUkQ3VNRjyNIEoH0
Pga2taSC27DORi7+oPWWKBvIib7q9V0AL1BQUo0t4XkapXKD+Mu6+9sS3IlSt8wi
s7b680rK94MyHAx4qW/3NuNOwcZEuOYkNtElOkrTgfJu+SVZyVdN5NpvWWxWUUVR
+MUHHpJjgKk2sUBvjljI1oKlVhAN53Z1EAiZ8E1avauJZS1w9IJW4nCd1FnL6WZf
v8MIKhTUGlJBsarzqLOZKzP4Dg+v1HdFQHqQ9dJd6kD6dxdiI+PKBCL6WwM3oGR+
il2jqVYU4XTH/DFuGd3b5yyVyr/8qAxKxTk1M+kAItCTBCcuEN9QeAXfOI3JAbbc
QZMjpV2UZRyMwIza0v79TtDs0WkEsXkZYRx9+eoJe118RLqObA2aGpj8gcKTnzJK
TlZbqxV4fmlGlnEARsdjisBJaDdjO48j07b5G/kh1l/CmWVtZnfNCxlIFqNNa2p9
gmQPl7xEnsflrLvN4nTj6XiUMRlGa1xz+l4CHZxxkRn4x694hkLl0usZOsWy41f9
5KgVGaOxcREQqWv4jG2IeLUaPWV3j6+HxrPuZPxccg7zHf5TGnQ=
=IuoT
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Problem with tomcat connector in IIS using tomcat 9.0.31

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Matthias,

On 3/12/20 07:19, Matthias Fechner wrote:
> Hi Christopher,
>
> Am 09.03.2020 um 22:50 schrieb Christopher Schultz:
>> That's not a super-secure solution. You really should specify a
>> correct whitelist pattern instead of "accept all".
>
> thanks for your comment. You are fully right, but as this seem to
> will be fixed with the next tomcat version, I see it only as a
> temporary work-around.
>
> After the new version is released the configuration option can be
> completely removed again.

Fair enough. In the meantime, if you didn't trust your AJP connection
before, you (again) cannot trust it until you upgrade. And even then,
maybe not. You really need to lock it down; I highly recommend
mutually-authenticated TLS using e.g. stunnel.

> I'm not sure if it is worth to find the correct options you have
> to allow, as tomcat does not log any reason why the connection was
> refused.

The complete new default pattern is:


(javax\.servlet\.request\.(cipher_suite|key_size|ssl_session|X509Certifi
cate)|CERT_(ISSUER|SUBJECT|COOKIE|FLAGS|SERIALNUMBER)|HTTPS_(SERVER_SUBJ
ECT|SECRETKEYSIZE|SERVER_ISSUER|KEYSIZE))

The pattern above has no newlines in it; you may have to trim those
from your mail reader in order to produce the correct pattern.

- -chris
-BEGIN PGP SIGNATURE-
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl5qUSkACgkQHPApP6U8
pFgTvg//fYB7WwXUdHBBqiBMhgT1hioTgflhd4mp06znz2s46ufpQvbKm30UQbKx
4D8/bA/6ouKh9LnlhzoybPyYelxHx5RXO5tV0n6d+VDfFyA2MIdFiRleoj8SPJyn
HxmeYZQqCceVWmIDzPxXpqQ2Xh4+oLbKtwqn8lZWdJdCzpE5v5VgQmEWGtYMsCYV
wWZmhhZiZzdNnulgBh+G3VMa+GiXnAZZ1xaaAcCUut2Fw7Dk9dkkSl59srgc0bM8
Y2nFHso55c1tnLdRkVTAORGyNjTE1UnKovPNEcH4yONiokaAir+i5OhzzaJNXLcI
UehPdQ4lPySE1V0ZwJnorCqeLMUhmc1hf64e9+PxhhYdKZpoAh1v0KNG995+hCpm
osy2sXbmanUu1RbgzvUipzBMxHBd75Q6ehlaqyImnGt6RL7DAeeEvL2bjUTPiVkj
DuYZartMwBk+AIYzO2WlLng7VubziF9rpDCEIT7nb8hmFW5Tg/pHVjs9G1F7/pOG
sBb1pKxIfsdjGAKNR2DFsWwWwQJnH468OLiZ0PKK6Plvq8LWK4l/uJhpeJCuHkVd
uiI9THx3ZvS6hd5UXi+jpIS7d3nFCpfq1+6AFfBdESwKibVPHn2VibGLzPnKe6pV
PkGn+DqFqgUWoan6vRPVenuHY6BwuDWHx62aeDgYEyIwoJXKyM8=
=n70c
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Tomcat 8.5.51 (Linux) issue with the tomcat manager and empty responses of the manager's "stop" command

[Tillmann Schulz]

Hello tomcat user group,

since our update from Tomcat 8.5.50 to 8.5.51 (Linux) I got a issue with the 
"tomcat manager", when calling the manager's "stop" command by socket command.
With the following socket command I try to stop the application app1:
    GET /manager/text/stop?path=/app1 HTTP/1.1


In some cases the response is empty.
Our log says: 

2020-03-10 19:17:14,951 [pool-1-thread-1] DEBUG - MANAGER REQUEST: GET 
/manager/text/stop?path=/app1 HTTP/1.1
Host: localhost:8080
Authorization: Basic xxx
2020-03-10 19:17:34,977 [pool-1-thread-1] DEBUG - MANAGER RESPONSE: 


As you see the stop command has no response after a time of 20 seconds (Client 
Socket Timeout is 5 minutes)
I guess that the tomcat (serverside/servlet) timeout of 20 seconds causes the 
call to end.

But why is the response in some cases empty? This is not as described in the 
tomcat documentation.

Is it possible, that the tomcat server is stopped, when the issue occurs? But 
why is there a delay of 20 secs?   
And why does this issue not occur with tomcat 8.5.50?

Thank you for your help

Tillmann Schulz

RE: [External] After upgraded to Tomcat 9.0.31, ISAPI Redirector is not "working" when SSL enabled in IIS

[Mills, Robert - CTR [ASM Research]]

Great KC - glad it's working!

Chris suggested that solution in another thread and it helped me too.

Toby

-Original Message-
From: KC Mok 
Sent: Wednesday, March 11, 2020 11:55 PM
To: Tomcat Users List 
Subject: Re: [External] After upgraded to Tomcat 9.0.31, ISAPI Redirector is 
not "working" when SSL enabled in IIS

thank you very much, it is working now!

On Thu, Mar 12, 2020, 11:50 Mills, Robert - CTR [ASM Research] 
 wrote:

> Hi KC
>
> I hit that also.  Turns out if I added this:
>
>allowedRequestAttributesPattern=".*"
>
> Then I got past the 403.  I think this is supposed to be fixed in the
> next release of tomcat.
>
> Give it a shot.
>
> Toby
>
> -Original Message-
> From: KC Mok 
> Sent: Wednesday, March 11, 2020 11:36 PM
> To: users@tomcat.apache.org
> Subject: [External] After upgraded to Tomcat 9.0.31, ISAPI Redirector
> is not "working" when SSL enabled in IIS
>
> Hi All,
> I am using ISAPI redirector to connect IIS to Tomcat via AJP connector.
>
> Recently I have replaced the Tomcat 9.0.22 with the new version 9.0.31.
>
> I have set the new required attributes of the AJP connector in the new
> 9.0.31 version, and it is working fine when using http.
> However, it returns error (403 Access is denied) when I use https to
> access the site.
>
> I tried with the lastest 1.2.48 version isapi_redirect.dll, still not
> working. After that, I tried to revert back to Tomcat 9.0.22,
> everything is working fine.
>
> Does anyone have the same problem?
> I wonder if I hit a bug in the new version...
> please help...
>
> Thanks and regards,
> KC
>
>
> The information contained in this message may be privileged and/or
> confidential and protected from disclosure. If the reader of this
> message is not the intended recipient or agent responsible for
> delivering this message to the intended recipient, you are hereby
> notified that any dissemination, distribution or copying of this
> communication is strictly prohibited. If you have received this
> communication in error, please notify the sender immediately by
> replying to this message and deleting the material from any computer.
>


The information contained in this message may be privileged and/or confidential 
and protected from disclosure. If the reader of this message is not the 
intended recipient or agent responsible for delivering this message to the 
intended recipient, you are hereby notified that any dissemination, 
distribution or copying of this communication is strictly prohibited. If you 
have received this communication in error, please notify the sender immediately 
by replying to this message and deleting the material from any computer.

Re: Problem with tomcat connector in IIS using tomcat 9.0.31

[Matthias Fechner]

Hi Christopher,

Am 09.03.2020 um 22:50 schrieb Christopher Schultz:
> That's not a super-secure solution. You really should specify a
> correct whitelist pattern instead of "accept all".

thanks for your comment.
You are fully right, but as this seem to will be fixed with the next
tomcat version, I see it only as a temporary work-around.

After the new version is released the configuration option can be
completely removed again.

I'm not sure if it is worth to find the correct options you have to
allow, as tomcat does not log any reason why the connection was refused.

Gruß
Matthias

-- 

"Programming today is a race between software engineers striving to
build bigger and better idiot-proof programs, and the universe trying to
produce bigger and better idiots. So far, the universe is winning." --
Rich Cook



signature.asc
Description: OpenPGP digital signature