Hello Olaf,

We have tried yours as well as Chris's suggestions, but in both the cases
the functionality of the application is lost.

We have installed apace and configured mod_jk connector along with a
load-balancer for 2 tomcat servers.

We were able to successfully start apache and we got the login page of our
application hosted on it, but the functionality is lost. For example, when
we hit login button on home page, nothing happens. Also, we tried access
some specific web page using a direct url, we ended up with an error.

Do you have any suggestion for me so that we can achieve the exact same
functionality that we had without apache in the front?

Mohammad Nayeem

-----Original Message-----

From: Olaf Kock [mailto:tom...@olafkock.de]
Sent: 31 May 2017 16:38
To: Tomcat Users List <users@tomcat.apache.org>
Subject: [External] Re: Security Headers Implementation in Tomcat 6.x

Am 29.05.2017 um 13:34 schrieb Shaik, Mohammad N.:

> Hello Olaf,


> Thanks for your response!


> Based on your inputs, we are thinking to put Apache httpd in front of
Tomcat 6 server, since our header configuration is going to be static.


> Can you please help us in identifying which version of Apache HTTP Server
we can use for Tomcat 6 version? Also, it will be great if you can share
some guidelines on how to implement Apache in front of Tomcat.

For completeness sake I'd like to answer a few of these questions, rather
briefly. It seems that you're deep into implementing Christopher's solution
of compiling the newer filters for Tomcat 6.

Every current Apache httpd is fine, no version restriction. Especially:

Choose one that will get updates for quite a while, not like the outdated
Tomcat version you're running. Read on mod_proxy, mod_proxy_ajp, mod_jk and
mod_proxy_http, which are all keywords on the connection between Apache and
tomcat. Once you've set this up, setting the headers is a matter of adding
the "Header" directive to httpd's configuration. I understand though, that
setting up the connection can be some task if you've never done that.
Especially if you're using https, and also refer to it in your webapp's
code (e.g. to validate client certs) - but as you give no clue you're doing
that, I'm assuming you don't and the setup would be easy.

Anyway, feel free to utilize the newer code - I just wanted this
information to be in this thread as well. However, once you're done with

it: Utilize even more newer code and prepare to migrate away from your
discontinued tomcat version.



To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org

For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to