Set this on AJP Connector in tomcat server.xml allowedRequestAttributesPattern="CERT_(ISSUER|SUBJECT|COOKIE|FLAGS|SERIALNUMBER)|HTTPS_(SERVER_(SUBJECT|ISSUER)|(SECRETKEYSIZE|KEYSIZE))" All on one line.
I can see tomcat fixing this in 9.0.32 which isn't yet released. Thanks, P. -----Original Message----- From: KC Mok <mok...@gmail.com> Sent: Thursday, March 12, 2020 9:06 AM To: users@tomcat.apache.org Subject: After upgraded to Tomcat 9.0.31, ISAPI Redirector is not "working" when SSL enabled in IIS Hi All, I am using ISAPI redirector to connect IIS to Tomcat via AJP connector. Recently I have replaced the Tomcat 9.0.22 with the new version 9.0.31. I have set the new required attributes of the AJP connector in the new 9.0.31 version, and it is working fine when using http. However, it returns error (403 Access is denied) when I use https to access the site. I tried with the lastest 1.2.48 version isapi_redirect.dll, still not working. After that, I tried to revert back to Tomcat 9.0.22, everything is working fine. Does anyone have the same problem? I wonder if I hit a bug in the new version... please help... Thanks and regards, KC
