I am running Tomcat 4.1.27 using Sun's j2sdk 1.4.2 on Solaris 9 64-bit. I am only using Tomcat for a JSP/Servlet engine using mod_jk2 and apache 2. I am using an AF_UNIX socket for communication.
The only connector I have defined in conf/server.xml is as follows:
<!-- Define a Coyote/JK2 AJP 1.3 Connector - LOCAL ONLY-->
<Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
minProcessors="5" maxProcessors="75" enableLookups="true"
acceptCount="10" debug="5" connectionTimeout="0" useURIValidationHack="false" protocolHandlerClassName="org.apache.jk.server.JkCoyoteHandler"> </Connector>
I was told that removing the port="" parameter this would effectively be a local only connector.
However, here is the catalina.out logfile from tomcat initialization:
-------------------------------------------------------------------------
Sep 28, 2003 6:56:12 AM org.apache.commons.modeler.Registry loadRegistry
INFO: Loading registry information
Sep 28, 2003 6:56:12 AM org.apache.commons.modeler.Registry getRegistry
INFO: Creating new Registry instance
Sep 28, 2003 6:56:14 AM org.apache.commons.modeler.Registry getServer
INFO: Creating MBeanServer
Starting service Tomcat-Standalone
Apache Tomcat/4.1.27
Sep 28, 2003 6:56:21 AM org.apache.struts.util.PropertyMessageResources <init>
INFO: Initializing, config='org.apache.struts.util.LocalStrings', returnNull=true
Sep 28, 2003 6:56:21 AM org.apache.struts.util.PropertyMessageResources <init>
INFO: Initializing, config='org.apache.struts.action.ActionResources', returnNull=true
Sep 28, 2003 6:56:22 AM org.apache.struts.util.PropertyMessageResources <init>
INFO: Initializing, config='org.apache.webapp.admin.ApplicationResources', returnNull=true
[Sun Sep 28 06:56:29 2003] ( info ) [jk_config_file.c (320)] cfg.update() Updating config /usr/local/jakarta-tomcat-4.1.27/conf/workers2.properties 1864393060 1064685328
[Sun Sep 28 06:56:30 2003] ( info ) [jk_config_file.c (331)] config.setConfig(): Reading properties /usr/local/jakarta-tomcat-4.1.27/conf/workers2.properties 1
[Sun Sep 28 06:56:30 2003] ( info ) [jk_logger_file.c (184)] Initializing log file stderr
[Sun Sep 28 06:56:30 2003] ( info ) [jk_workerEnv.c (403)] workerEnv.init() ok /usr/local/jakarta-tomcat-4.1.27/conf/workers2.properties
Sep 28, 2003 6:56:30 AM org.apache.jk.apr.AprImpl init
INFO: JK2: Initialized apr
Sep 28, 2003 6:56:30 AM org.apache.jk.common.ChannelUn init
INFO: JK: listening on unix socket: /usr/local/jakarta-tomcat-4.1.27/work/jk2.socket
Sep 28, 2003 6:56:30 AM org.apache.jk.common.ChannelSocket init
INFO: JK2: ajp13 listening on /0.0.0.0:8080
Sep 28, 2003 6:56:30 AM org.apache.jk.server.JkMain start
INFO: Jk running ID=0 time=3/264 config=/usr/local/jakarta-tomcat-4.1.27/conf/jk2.properties
-------------------------------------------------------------------------
From this log you can see that ajp13 is listening on the loopback interface.
However, 'netstat -a' shows this:
*.8080 *.* 0 0 49152 0 LISTEN
The *.8080 means the process is listening for connections on all interfaces. On Solaris, if a service is ONLY listening on loopback, it should appear as so: (using the sshd server as an example)
localhost.ssh *.* 0 0 49152 0 LISTEN
If a service is ONLY listening on a non-loopback interface it would appear as so:
hostname.mydomain.tld.ssh *.* 0 0 49152 0 LISTEN
I can indeed telnet to the machine from a remote host and connect to port 8080. (however I do not know the protocol to test any commands but I do get a connection)
Have I misconfigured something or is this a bug or what? This box is on a very high profile network (due to the myriad of porn sites and anti-spam services running on the same subnet at this particuliar colo) and security is a major concern, and I currently have no firewall to put this box behind.
Thanks for any help, Chuck
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
