Re: Append content to OutputStream after RequestDispatcher#forward

2020-09-29 Thread Christopher Schultz
Nicolò, On 9/29/20 05:31, Nicolò Boschi wrote: > I would like to know how to append (or prepend) some content in a Servlet, > after RequestDispatcher#forward is called. > > Example code: > > class MyServlet extends HttpServlet { > > > @Override > public void doGet(HttpServletRequest

Re: HTTP2: memory filled up fast on increasing the connections to 1000/2000 (Embedded tomcat 9.0.38)

2020-09-28 Thread Christopher Schultz
Arshiya, On 9/28/20 12:58, Arshiya Shariff wrote: > With 200 threads(users) , ramp up duration of 2 seconds , loop count > 80 and by sending 1000 http2 requests/sec from JMeter Client to an > embedded tomcat application we did not observe any memory issue , but > on sending 1000 http2

Re: Some functions not working when using a particular dns after tomcat upgrade from 6.x to 8.5.x

2020-09-28 Thread Christopher Schultz
Larvi, On 9/28/20 10:04, Larvi Boy wrote: > Hi, > > When I try to login to out web gui via direct link, it is working fine but > when I used the dns url, for first time it works fine as for the first time > we are redirected to our login page which redirects us back to my direct > link, but if

Re: Connection header override

2020-09-28 Thread Christopher Schultz
Mark, On 9/28/20 03:48, Mark Thomas wrote: > On 28/09/2020 08:33, Mark Thomas wrote: >> On 27/09/2020 00:07, Pawel Veselov wrote: >>> Hello! >>> >>> Tomcat 9.0.x >>> >>> I'd like to force connection closure on some endpoints. >> >> Why? Generally, this is something that should not be an

Re: Adding regular expression support to CORS filter

2020-09-27 Thread Christopher Schultz
Carsten, On 9/27/20 05:53, Carsten Klein wrote: > Any comments on that? Is it worth preparing a PR? Regular expressions are fairly expensive. If there is a way to build the code such that some subset of wildcards can be serviced without regex (and of course exact matches without using regex),

Re: Connection header override

2020-09-27 Thread Christopher Schultz
Pawel, On 9/26/20 19:07, Pawel Veselov wrote: > Hello! > > Tomcat 9.0.x > > I'd like to force connection closure on some endpoints. > I'm trying this on a simple JSP page. > If I call response.setHeader("Connection","close"), I see that the > response has "Connection: close, keep-alive". > I

Re: Tomcat's support for path parameters can expose resources despite reverse proxy access restrictions

2020-09-24 Thread Christopher Schultz
Nils, On 9/24/20 13:29, Nils Breunese wrote: > Christopher Schultz wrote: > >> On 9/24/20 07:46, Nils Breunese wrote: >>> Mark Thomas wrote: >>> >>>> On 24/09/2020 11:02, Nils Breunese wrote: >>>> >>>> >>>> &g

Re: Tomcat's support for path parameters can expose resources despite reverse proxy access restrictions

2020-09-24 Thread Christopher Schultz
Mark, On 9/24/20 12:41, Mark Thomas wrote: > On 24/09/2020 17:28, Christopher Schultz wrote: > > > >> Tomcat will only use path parameters in the final segment of a URL e.g. >> https://www.example.com/app/servlet;jsessionid=ABCD1234?q=search > > No

Re: Tomcat's support for path parameters can expose resources despite reverse proxy access restrictions

2020-09-24 Thread Christopher Schultz
Nils, On 9/24/20 07:46, Nils Breunese wrote: > Mark Thomas wrote: > >> On 24/09/2020 11:02, Nils Breunese wrote: >> >> >> >>> - Envoy allows the request based on the /v1/* rule, because it >>> does not support path parameters, because they are not part of >>> any recent standard (RFC 2396

Re: SSL certificate makes site dont work

2020-09-22 Thread Christopher Schultz
Carles, On 9/22/20 08:57, Carles Franquesa wrote: > Trying to install an SSL certificate on 8.5.57. > > Once created the cert files, and with a jks available, and set in a > connector into server.xml file, cannot connect to the page. > > The connectors code is > > ''' > >

Re: Truststore in HTTPS Connector does not work with Linux

2020-09-18 Thread Christopher Schultz
David, On 9/17/20 11:31, David Weisgerber wrote: > I think I was able to figure out the problem (more or less): > > Using two distinct keystores for trusted certificates and server keys > solves the problem. But don't ask me why there is a difference > between Windows and Linux on this topic.

Re: [OT] RE: How to get the tag name from within a taglib class ?

2020-09-16 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Cris, On 9/15/20 13:18, Berneburg, Cris J. - US wrote: > CS> IMO, the JSP effort was a stepping-stone on a path to better > CS> technologies like Velocity, FreeMarker, and others. If I were > CS> king, JSP would just go away. Just my POV of course

Re: Changing the keystore alias of the _default_ SSLHostConfig while running.

2020-09-16 Thread Christopher Schultz
gt; >> Is it something I can do programmatically, and pull Tomcat >> classes onto my >> local classpath to get around that issue? >> >> On Mon, Sep 14, 2020 at 9:08 AM Christopher Schultz < >> ch...@christopherschultz.net> wrote: >> > Daniel, &

Re: Low throughput with HTTP2

2020-09-15 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Martin, On 9/15/20 07:37, Martin Grigorov wrote: > I am running some load tests on Tomcat and I've noticed that when > HTTP2 is enabled the throughput drops considerably. > > Here are the steps to reproduce: > > 1) Enable HTTP2, e.g. by commenting

Re: [OT] RE: How to get the tag name from within a taglib class ?

2020-09-15 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Cris, On 9/14/20 15:04, Berneburg, Cris J. - US wrote: > Hey Chris > > CS> IMO, the JSP effort was a stepping-stone on a path to better > CS> technologies like Velocity, FreeMarker, and others. If I were > CS> king, JSP would just go away. Just my

Re: Handling Upgrades

2020-09-14 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Darryl, On 9/14/20 12:44, Darryl Philip Baker wrote: > Until recently most of our Tomcat installations were using the Red > Hat distributed version. A version of Tomcat7 with Red Hat > backporting security and important break fixes. Red Hat has

Re: Any update on 9.0.38 release plan

2020-09-14 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Mark, On 9/14/20 12:21, Mark Thomas wrote: > On 14/09/2020 16:57, Christopher Schultz wrote: >> Arshiya, >> >> On 9/14/20 10:54, Arshiya Shariff wrote: >>> Can we please get a tentative release date for 9.0.38 . >

Re: Any update on 9.0.38 release plan

2020-09-14 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Arshiya, On 9/14/20 10:54, Arshiya Shariff wrote: > Can we please get a tentative release date for 9.0.38 . The vote was started on 2020-09-11 and usually stays open for at least 3 days. There are enough votes for the release-vote to pass and

Re: AW: Track native memory of a Tomcat application

2020-09-14 Thread Christopher Schultz
pache.catalina.startup.Bootstrap start > > Thanks and Regards Arshiya Shariff > > > -Original Message- From: Christopher Schultz > Sent: Friday, September 11, 2020 > 10:54 PM To: users@tomcat.apache.org Subject: Re: Track native > memory of a Tomcat application >

[OT] Decent OAuth libraries?

2020-09-14 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 All, I'm looking at implementing OAuth/OAuth2 on the server for both incoming and outgoing SSO with other systems. It doesn't look like rocket surgery, but I figure: why reinvent the wheel? Has anyone had any experiences in particular they'd like

Re: [OT] Replacing the standard JspWriter

2020-09-14 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Adam, On 9/11/20 19:30, Adam Rauch wrote: > I have implemented a custom JspWriter and registered it for use by > our JSPs using the approach described here: > https://stackoverflow.com/questions/29508245/jsp-using-a-delegate-for-

Re: Microsoft Edge (Chromium based) not prompting for logons

2020-09-14 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Dave, On 9/11/20 16:29, Dave Ford wrote: > We've set up out Tomcat Manager to use LDAP for authentication - > (note, this is not MS AD, but linux-based LDAP server). The OS our > tomcat servers are running on is Linux and they're not intergrated >

Re: Changing the keystore alias of the _default_ SSLHostConfig while running.

2020-09-14 Thread Christopher Schultz
; >> To be honest, I wandered around in the JMX console until I found something >> that looked promising. >> >>> You'll want to "set" the value of the attribute >>> "certificateKeyAlias". >> >> Thank you for your help. I'll give that a

Re: How to get the tag name from within a taglib class ?

2020-09-11 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Rony, On 9/11/20 10:28, Rony G. Flatscher (Apache) wrote: > While exploring, experimenting with creating a taglib (implementing > the BodyTag interface) I would have a need to find out the tag name > that caused the tagclass to run. > > Is this

Re: Track native memory of a Tomcat application

2020-09-11 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Arshiya, On 9/11/20 13:06, Arshiya Shariff wrote: > We have a standalone tomcat web application(Version 9.0.22) which > runs on Linux . The application is used to process only a single > http request. A single request, or a single *type* of

Re: Changing the keystore alias of the _default_ SSLHostConfig while running.

2020-09-11 Thread Christopher Schultz
f choice and have a look at what's there. You'll want to "set" the value of the attribute "certificateKeyAlias", then call reloadSslHostConfigs. - -chris > On Thu, Sep 10, 2020 at 4:00 PM Christopher Schultz < > ch...@christopherschultz.net> wrote: > >

Re: Tomcat Processing Timer Question

2020-09-10 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Eric, On 9/10/20 15:29, Eric Robinson wrote: > Chris -- > > >> You should also look at worker-thread availability. When you see >> these "high latency" (which is usually a term reserved for I/O >> characterization) events, do you have:>> 1.

Re: 400 error when upgrading tomcat

2020-09-10 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Brian, On 9/10/20 13:13, Brian Harris wrote: > We’re having an issue when upgrading Tomcat from 8.5.50 to 8.5.51. > Since moving to this version, requests sent to the http port are > failing with a 400 error code(bad request). The server.xml is >

Re: Changing the keystore alias of the _default_ SSLHostConfig while running.

2020-09-10 Thread Christopher Schultz
tializes the existing in-memory configuration. If you want to e.g. change the key alias, you'll have to make a JMX call to update the alias and THEN call reloadSslHostConfigs. - -chris > On Thu, Sep 10, 2020 at 11:34 AM Christopher Schultz < > ch...@christopherschultz.net> wro

Re: Changing the keystore alias of the _default_ SSLHostConfig while running.

2020-09-10 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Daniel, On 9/10/20 09:09, Daniel Skiles wrote: > Is it possible to change the keystore alias of the _default_ > SSLHostConfig's certificate while tomcat is running? > > At present, I'm trying to move the _default_ certificate from one > certificate

Re: Tomcat Processing Timer Question

2020-09-10 Thread Christopher Schultz
m reserved for I/O characterization) events, do you have: 1. Available worker threads (from the executor thread pool) 2. Any other shared/limited resource (e.g. DB connection pool) Also, are you seeing the otherwise unexpected slowness on each Tomcat node, or are you seeing it at the load-balancer

Re: HTTP2: Connections abruptly closed by sending GOAWAY

2020-09-09 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Arshiya, On 9/9/20 08:30, Arshiya Shariff wrote: > Can you please help us understand this behavior . > > The following is the sequence of events that is happening for a > few streams . Your images were stripped from the list. Can you use text to

Re: Truststore in HTTPS Connector does not work with Linux

2020-09-09 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 David, On 9/9/20 02:46, David Weisgerber wrote: > Hi Christopher, > >> This should be okay, though it is a little unusual to use the >> same keystore for both "keys" and "trusted certs". Can you >> confirm the contents + types of everything in the

Re: Tomcat Processing Timer Question

2020-09-09 Thread Christopher Schultz
t;>> does tomcat start its processing timer? >>>> >>>> Tomcat starts the processing timer as soon as Tomcat >>>> processes the first bytes of the request. In practice, this >>>> means the network stack has to deliver the data to Tomcat, >>>&g

Re: Tomcat Processing Timer Question

2020-09-08 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Eric, On 9/8/20 13:46, Eric Robinson wrote: > It is my understanding that the AccessLogValve %D field records the > time from when the last byte of the client's request is received > to when the last byte of the server's response is placed on the

Re: Truststore in HTTPS Connector does not work with Linux

2020-09-08 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 David, On 9/8/20 03:58, David Weisgerber wrote: > I have some weird problem or bug with the HTTPS Connector. In our > product, that ships with tomcat we want to achieve the following: > > There is one keystore where the customer puts its server >

Re: SV: [OT Upgrade: tomcat8w.exe //ES//example - dump Java Options and other information to tomcat9

2020-09-04 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hans, On 9/4/20 07:08, Hans Schou wrote: > >> On Tue, Aug 4, 2020 at 2:18 PM Christopher Schultz wrote: >> >> So how do you switch Java versions? > > In case anyone care to know... > > I have a directory called C:

Re: Native question (using Tomcat 8.5 and 9.0 on the same machine)

2020-09-02 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Brian, On 9/2/20 11:39, Paquin, Brian wrote: > I have a macOS device with Tomcat 8.5 and Native 1.2.23. I have > been asked to add Tomcat 9.0 which has Native 1.2.24. In my setup > documents, I copy “.libs/libtcnative-1.0.dylib” to >

Re: Class loader does not find class in WEB-INF/classes

2020-09-01 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Carles, On 9/1/20 14:08, Carles Franquesa wrote: > This message is a reply to those that asked me for uploading a > simple version of my webapp reproducing the problem of not finding > classes when a JSP is inside a subfolder, thus not hanging

Re: Release date of latest Tomcat version - 9.0.38

2020-09-01 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Arshiya, On 9/1/20 08:13, Arshiya Shariff wrote: > Hi all, > > The following reported issue - "HTTP/2 Stream.receivedData method > throwing continuous NullPointerException in the logs" has been > fixed in the latest tomcat. >

Re: [OT] Red Hat / CentOS specific question about certificates

2020-08-31 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Daniel, On 8/31/20 16:28, Christopher Schultz wrote: > Daniel, > > On 8/31/20 11:36, Daniel Savard wrote: >> Le lun. 31 août 2020 à 11:13, Christopher Schultz < >> ch...@christopherschultz.net> a écrit : > >

Re: shared.loader classpaths

2020-08-31 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Carles, On 8/31/20 12:45, Carles Franquesa wrote: > Thank you Chris, for keeping on the problem. I don't know if you > saw the last mail sent by me to the list. > > The thing was resolved by placing all the JSP referencing those > classes at the

Re: [OT] Red Hat / CentOS specific question about certificates

2020-08-31 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Daniel, On 8/31/20 11:36, Daniel Savard wrote: > Le lun. 31 août 2020 à 11:13, Christopher Schultz < > ch...@christopherschultz.net> a écrit : > >> -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 >> >> >>

Re: shared.loader classpaths

2020-08-31 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Carles, On 8/29/20 15:13, Carles Franquesa wrote: > Is anybody out there that could explain to me the way to know > which classpath is being used by shared.loader. Or better, for any > loader.

Re: Implications of setting createDirs attribute on host declarations to false in Tomcat

2020-08-31 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Paul, On 8/31/20 05:36, Paul wrote: > Hello, > > When running Tomcat in a Docker container as non-root, I'm getting > an error entry in the logs: > > Unable to create directory for deployment: > [/usr/local/tomcat/conf/Catalina/localhost] I traced

Re: Probelm with shutdown script

2020-08-31 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Mark, On 8/29/20 20:28, Mark Thomas wrote: > On 28/08/2020 20:54, Christopher Schultz wrote: >> Calder, >> >> On 8/27/20 18:23, calder wrote: >>> On Thu, Aug 27, 2020, 16:16 Christopher Schultz < >&g

Re: [OT] Red Hat / CentOS specific question about certificates

2020-08-31 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Daniel, On 8/28/20 20:46, Daniel Savard wrote: > Le ven. 28 août 2020 à 17:19, Darryl Philip Baker < > darryl.ba...@northwestern.edu> a écrit : > >> I am having an issue that I don’t understand. On RHEL6/CentOS >> and earlier my predecessors

Re: Probelm with shutdown script

2020-08-28 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Calder, On 8/27/20 18:23, calder wrote: > On Thu, Aug 27, 2020, 16:16 Christopher Schultz < > ch...@christopherschultz.net> wrote: > > [ snip ] > > If you want to *kill* the application and it won't shut down on > its &g

Re: Tomcat 9.0.29 - HTTPS threads age, max connections reached, Tomcat not responding on 8443

2020-08-28 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 David, On 8/27/20 18:14, David wrote: >> I used the http to 8080 in order to read the Tomcat webmanager >> stats. I originally had issues with the JVM being too small, >> running out of memory, CPU spiking, threads maxing out, and >> whole system

Re: Tomcat 9.0.29 - HTTPS threads age, max connections reached, Tomcat not responding on 8443

2020-08-27 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 David, On 8/27/20 17:14, David wrote: > Thank you all for the replies! > > On Thu, Aug 27, 2020 at 3:53 PM Christopher Schultz > wrote: >> > David, > > On 8/27/20 13:57, David wrote: >>>> On Thu, Aug 2

Re: Probelm with shutdown script

2020-08-27 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Roger, On 8/27/20 14:43, Roger Marquis wrote: > Mark Thomas wrote: >> Those are all application issues. The application should shut >> itself down cleanly. Tomcat is complaining because it hasn't. > > I don't know Mark, most Java/Tomcat engineers

Re: Tomcat 9.0.29 - HTTPS threads age, max connections reached, Tomcat not responding on 8443

2020-08-27 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Felix, On 8/27/20 16:09, Felix Schumacher wrote: > > Am 27.08.20 um 19:35 schrieb Christopher Schultz: >> David, >> >> On 8/27/20 10:48, David wrote: >>> In the last two weeks I've had two occurrences where a sing

Re: Tomcat 9.0.29 - HTTPS threads age, max connections reached, Tomcat not responding on 8443

2020-08-27 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 David, On 8/27/20 13:57, David wrote: > On Thu, Aug 27, 2020 at 12:35 PM Christopher Schultz > wrote: >> > David, > > On 8/27/20 10:48, David wrote: >>>> In the last two weeks I've had two occurrences where a >&

Re: Tomcat JDBC Pool Cleaner Deadlock Problem

2020-08-27 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Gokhan, On 8/27/20 05:47, Gokhan Akgul wrote: > Hi , > > I have been facing the deadlock issue for the last 2 months about > JDBCPoolCleaner Thread . > > Following config set in context.xml > > type="javax.sql.DataSource" >

Re: Apache 8.5.57 shared class loader does not find its default classpath

2020-08-27 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Carles, On 8/27/20 12:19, Carles Franquesa wrote: > Hi Everybody!, Just got in the list :) > > I am developing a webapp with Netbeans 8.0.2, and deploying it as a > WAR file with Apache 8.5.57 Tomcat Manager onto my VPS where a > mydomain.com is

Re: Tomcat 9.0.29 - HTTPS threads age, max connections reached, Tomcat not responding on 8443

2020-08-27 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 David, On 8/27/20 10:48, David wrote: > In the last two weeks I've had two occurrences where a single > CentOS 7 production server hosting a public webpage has become > unresponsive. The first time, all 300 available > "https-jsse-nio-8443" threads

Re: Tomcat v9 - Insecure transport vulnerability reported by Qualys

2020-08-27 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Merka, On 8/27/20 06:32, Phoenix, Merka wrote: > I think what the Qualys scan is trying to flag is that the server > (Tomcat) is listening for both secured and unsecured traffic on > the _same_ TCP port when the server should be listening for just

Re: Tomcat v9 - Insecure transport vulnerability reported by Qualys

2020-08-26 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Mark, On 8/26/20 13:59, Mark Thomas wrote: > On 26/08/2020 17:50, Christopher Schultz wrote: >> On 8/26/20 05:27, Mark Thomas wrote: >>> On 26/08/2020 08:14, Martin Grigorov wrote: >>>> Hi, >>>> >>&g

Re: Tomcat v9 - Insecure transport vulnerability reported by Qualys

2020-08-26 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Jon, On 8/26/20 14:01, jonmcalexan...@wellsfargo.com.INVALID wrote: > Did Qualsys include a QID with their report? No, but the OP did include this: " Insecure transport Group: Information Disclosure CWE CWE-319 OWASP A3 Sensitive Data Exposure

Re: Tomcat v9 - Insecure transport vulnerability reported by Qualys

2020-08-26 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Mark, On 8/26/20 05:27, Mark Thomas wrote: > On 26/08/2020 08:14, Martin Grigorov wrote: >> Hi, >> >> On Wed, Aug 26, 2020 at 7:53 AM Pratik Shrestha >> wrote: >> >>> Thanks for reply, >>> >>> Hi Peter - it complains on port 8443 which belongs to

Re: Something I still don't quite understand, Re: Let's Encrypt with Tomcat behind httpd

2020-08-25 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 James, On 8/24/20 13:24, James H. H. Lampert wrote: > On 8/24/20 9:57 AM, Christopher Schultz wrote: >> So your RewriteCond[ition] is expected to always be true? Okay. >> Maybe remove it, then? BTW I think your rewrite will strip q

Re: Allowing dir listing of root (/) dir of the machine

2020-08-24 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Aryeh, On 8/24/20 10:41, Aryeh Friedman wrote: > On Mon, Aug 24, 2020 at 4:27 AM Mark Thomas > wrote: > >> On 23/08/2020 22:05, Aryeh Friedman wrote: >>> In order to allow my developers to quickly access any >>> temporarily >> produced >>> html

Re: Something I still don't quite understand, Re: Let's Encrypt with Tomcat behind httpd

2020-08-24 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 James, On 8/24/20 11:45, James H. H. Lampert wrote: > On 8/22/20 7:35 AM, Christopher Schultz wrote: > >>> (1) every http request is unconditionally redirected to https: >>> >>> RewriteEngine on RewriteCond %{HTTP_H

Re: Tomcat 9 and FIP-140 mode

2020-08-24 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Robert, On 8/24/20 11:04, Robert Hicks wrote: > Maybe it's just better to straight up ask. I've found a couple of > Google searches but nothing for Tomcat 9 and the information seems > sporadic, incomplete, or contradictory. > > How do you enable

Re: Something I still don't quite understand, Re: Let's Encrypt with Tomcat behind httpd

2020-08-22 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 James, On 8/21/20 13:14, James H. H. Lampert wrote: > On 8/21/20 9:30 AM, Christopher Schultz wrote: > >> Why would you think that redirecting from http -> https would >> block renewal? > > Because, at least if I correct

Re: Tomcat and CLoudWatch

2020-08-21 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Jerry, On 8/19/20 13:19, Jerry Malcolm wrote: > Is anyone successfully monitoring Tomcat JMX beans on Amazon > CloudWatch? This shouldn't be that difficult. But we are hitting > a brick wall. Can't get anything to work that is recommended on >

Re: Something I still don't quite understand, Re: Let's Encrypt with Tomcat behind httpd

2020-08-21 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 James, On 8/18/20 19:47, James H. H. Lampert wrote: > Something just worked, that I wasn't expecting to work. Or rather, > I was expecting it to work, but kill cert renewal. > > The port 80 virtual host had >> RewriteEngine on RewriteCond

Re: Login appears only once : solved

2020-08-18 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Anwar, On 8/18/20 17:42, Anwar AliKhan wrote: > It came down to browser privacy and security settings. Cleared all > previous cookies and blocked third party cookies. Now Login appears > every time in Google chrome. None of that is necessary.

Re: Tomcat Handling close_waits

2020-08-18 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Norbert, On 8/16/20 13:16, Norbert Elbanbuena wrote: > I also noticed that while server receives the connection requests, > we are seeing multiple requests from the same sources. Some same > source requests (FIN-WAIT) are all in state while other

Re: getting web application version string?

2020-08-18 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Jason, On 8/16/20 12:16, Jason Pyeron wrote: > Is there a better way than this? Yes. > Specifically - detect running Tomcat, then if under Tomcat (today > only interested in v7 and v9) obtain the version string as > described [1] and shown on the

Re: Tomcat 9 and FIPS-140

2020-08-18 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Robert, On 8/18/20 16:19, Robert Hicks wrote: > Is this article good for enabling FIPS-140 for Tomcat 9? [citation needed] - -chris -BEGIN PGP SIGNATURE- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

Re: Login appears only once

2020-08-18 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Anwar, On 8/18/20 14:45, Anwar AliKhan wrote: > I rebooted the machine , then the login box appeared . Obviously > this is not an ideal solution! Which machine did you reboot? The Tomcat server or your own client (browser)? Neither was necessary

Re: Tomcat behind httpd, with Let's Encrypt and Certbot

2020-08-18 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Mark, On 8/17/20 03:50, Mark Thomas wrote: > On 16/08/2020 18:00, James H. H. Lampert wrote: >> Permit me to clarify: >> >> 1. The existing httpd server on this box, and its certbot setup >> may be extended/expanded, but not otherwise disturbed. >>

ApacheCon @ Home Tomcat Track Schedule

2020-08-14 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 All, I'm happy to announce that the Apache Tomcat track schedule has been posted for ApacheCon @ Home, our virtual conference to replace "ApacheCon North America 2020". If you use social media to discuss this event, please use #ACAH2020 and tag

Re: CVE reporting discrepencies

2020-08-13 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Nic, On 8/13/20 15:52, Nic P wrote: > Hi > > Can anyone help me understand why some CVE's show in the changelog > but not on the security report? > > Example is CVE-2016-5388 which shows as fixed in 8.0.37 changelog > but missing on the security

Re: Possible memory leak in Tomcat 8.5.57 Websocket

2020-08-11 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Alex, On 8/11/20 11:47, Alex Maltinsky wrote: > Hi Folks > > We ran into what looks like a memory leak in tomcat 8.5.57 on > Ubuntu 18.04 running on Openjdk 11.0.5 > > Our app maintains permanent websocket connections with multiple > clients (also

Re: Rewritten requests returning 404 in 8.5.57

2020-08-07 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Barry, On 8/6/20 16:20, Barry Roberts wrote: > On Thu, Aug 6, 2020 at 1:23 PM Christopher Schultz > wrote: >> >> Are you trying to redirect across contexts (from one web >> application to another)? If so, you need to make

Re: Rewritten requests returning 404 in 8.5.57

2020-08-06 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Barry, On 8/6/20 14:36, Barry Roberts wrote: > On Thu, Aug 6, 2020 at 9:51 AM Mark Thomas > wrote: >> >> >> Minimum steps to recreate the issue with an 8.5.57 install of a >> standard ASF provided distribution? >> >> Mark >> > > A minimal example

Re: Let's Encrypt cert worked fine in 8.5.57, but connector fails in 8.5.40

2020-08-06 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 James, On 8/6/20 14:10, James H. H. Lampert wrote: > On 8/6/20 9:37 AM, Christopher Schultz wrote: >> $ openssl pkcs12 -export \ -inkey /etc/tomcat8/test.foo.net.key >> \ - > > Dear Mr. Schultz: > > Is there supposed to b

Re: Let's Encrypt cert worked fine in 8.5.57, but connector fails in 8.5.40

2020-08-06 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 James, On 8/6/20 13:03, James H. H. Lampert wrote: > On 8/6/20 9:37 AM, Christopher Schultz wrote: . . . >> As a short-term workaround, you can load your stuff into a >> keystore like this: >> >> $ openssl pkcs12 -e

Re: Let's Encrypt cert worked fine in 8.5.57, but connector fails in 8.5.40

2020-08-06 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 James, On 8/5/20 19:46, James H. H. Lampert wrote: > I've now proceeded to the "real" server, with the Tomcat portion of > the procedure refined to give me plenty of "undo" capability. And > it turns out I need it. > > It seems that with the

Re: [OT] Upgrade: tomcat8w.exe //ES//example - dump Java Options and other information to tomcat9

2020-08-06 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Bill, On 8/6/20 11:56, Bill Stewart wrote: > On Thu, Aug 6, 2020 at 9:09 AM Christopher Schultz wrote: > > I don't know if you are interested in such things, but being table > to >> export a configuration from one machin

Re: Connector works fine with Firefox, but not on speaking terms with Chrome!

2020-08-06 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 James, On 8/5/20 16:39, James H. H. Lampert wrote: > First, I did a quick SSLLabs scan on the server. That told me that > "sslEnabledProtocols" in an SSLHostConfig was indeed wrong. And it > told me that all simulated Chrome handshakes failed, but

Re: JMX Insecure Agent.

2020-08-06 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Manuel and Kaydo, On 8/6/20 09:23, Manuel Dominguez Sarmiento wrote: > JMX is usually setup on port 1099 for monitoring the JVM. It can > be either secured, or insecure (no password, no encryption) which > is the default configuration. If you

Re: Date of EOL and EOS for Tomcat8.5

2020-08-06 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Trae, On 8/6/20 09:14, Trae McCombs wrote: > Correct me if I'm wrong but 8.5 is really just a forked 9.x so > wouldn't they both EOL roughly at the same time? While the history of 8.5 is true, the conclusion is likely not. The Tomcat committers

Re: Vulnerability on Apache Tomcat Default Files

2020-08-06 Thread Christopher Schultz
this: $ telnet localhost 8080 GET /foo HTML/4.0 [newline] [newline] See what comes back. That should come back as a 400 Bad Request and it might include Tomcat's version information, etc. - -chris > On Wed, 5 Aug 2020, 04:21 Christopher Schultz, > wrote: > > Fang, > > On 8/

Re: Weirdness going on with Tomcat on an AWS instance

2020-08-06 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 James, On 8/4/20 20:20, James H. H. Lampert wrote: > I am once again attempting to get our development AWS box switched > over to Let's Encrypt. > > This time, I've managed to get the httpd server working with the > Let's Encrypt cert. This is far

Re: [OT Upgrade: tomcat8w.exe //ES//example - dump Java Options and other information to tomcat9

2020-08-06 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Bill, On 8/4/20 18:59, Bill Stewart wrote: > On Tue, Aug 4, 2020 at 4:01 PM Christopher Schultz wrote: > > I have a client who runs our product on Windows (we usually run it > on >> Linux) and there are 2-4 separate Tomcat-base

Re: [OT Upgrade: tomcat8w.exe //ES//example - dump Java Options and other information to tomcat9

2020-08-04 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Bill, On 8/4/20 17:06, Bill Stewart wrote: > On Tue, Aug 4, 2020 at 2:18 PM Christopher Schultz wrote: > > So how do you switch Java versions? >> > > What do you mean? 1. Point an existing Tomcat instance to a > diff

Re: Reloading JNDI

2020-08-04 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Phil, On 8/3/20 21:43, Phil Steitz wrote: > > > On 7/24/20 10:46 AM, Christopher Schultz wrote: All, > > I have a JNDI which is a JDBC DataSource. It is set to > singleton="true" via defaults (not explicitly se

Re: Vulnerability on Apache Tomcat Default Files

2020-08-04 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Fang, On 8/3/20 23:10, FANG YAP wrote: > I have an issue on the subject mentioned as the vulnerability scan > flagged out. > > Plugin: 12085 Plugin Text: Apache Tomcat Default Files Protocol: > TCP Port: 8080 > > Apache Tomcat 8.5.55 (x64-bit

Re: [OT Upgrade: tomcat8w.exe //ES//example - dump Java Options and other information to tomcat9

2020-08-04 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Bill, (Marking OT because this isn't about tomcatXw.exe anymore) On 8/4/20 10:48, Bill Stewart wrote: > On Tue, Aug 4, 2020 at 7:47 AM Christopher Schultz wrote: > > Done. >> >> https://issues.apache.org/jira/browse/DAE

Re: Upgrade: tomcat8w.exe //ES//example - dump Java Options and other information to tomcat9

2020-08-04 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 All, On 8/2/20 12:00, Mark Thomas wrote: > On July 27, 2020 4:03:04 PM UTC, Christopher Schultz wrote: > All, > > On 7/27/20 10:43, Bill Stewart wrote: >>>> On Mon, Jul 27, 2020 at 12:22 AM Hans Schou wrote: >>&g

Re: Reloading JNDI

2020-08-03 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Mark, On 8/2/20 11:55, Mark Thomas wrote: > On July 24, 2020 5:46:45 PM UTC, Christopher Schultz wrote: > All, > > I have a JNDI which is a JDBC DataSource. It is set to > singleton="true" via defaults (not expl

Re: Can Directory Listing and Welcome File List coexist?

2020-07-30 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Igal, On 7/30/20 13:49, Igal Sapir wrote: > Hello, > > I have the following in web.xml: > > - A servlet named Lucee, mapped to by URI pattern "*.cfm" - A > default servlet from Tomcat, with init-param listings=true - A > welcome-file of "index.cfm"

Re: After OS update from RHEL 6.3 to 6.10 seeing 503 error

2020-07-29 Thread Christopher Schultz
Satish, On 7/29/20 2:56 PM, Satish Chhatpar 02 wrote: > After OS update from RHEL 6.6 to 6.10, seeing 503 error. > > Need help to fix this. > > > > > 503 Service Temporarily Unavailable > > Service Temporarily Unavailable > The server is temporarily unable to service your > request due to

Re: Request for Help

2020-07-29 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Mohan, On 7/29/20 10:32, Mohan T wrote: > This is build using cruise control . We have a similar > environment wherein this deliverable is working fine without any > error. We too k the deliverable from the working environment and > moved to the

Re: Question regarding servlet lifecycle and connection pooling ..

2020-07-27 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 John, On 7/25/20 11:25, John Dale wrote: > We've wrapped my connection pool interface in a Factory. Can you > confirm how the current request's thread is used by JDBC > connection pooling to MySQL? Are you using Tomcat to manage your DataSource

Re: Upgrade: tomcat8w.exe //ES//example - dump Java Options and other information to tomcat9

2020-07-27 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 All, On 7/27/20 10:43, Bill Stewart wrote: > On Mon, Jul 27, 2020 at 12:22 AM Hans Schou wrote: > > Yes I can add and change information, but how can I get the > information out >> so I can use that for an upgrade to a new major version? >> > >

Re: CVE-2020-1935

2020-07-24 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 George, On 7/24/20 15:15, George Stanchev wrote: > The description for this CVE is pretty vague (as perhaps > necessary) but we have a customer that is trying to assess their > risk for this CVE. Their risk is probably very low. Their risk of a

  1   2   3   4   5   6   7   8   9   10   >