On 13/02/2020 12:41, Mark Thomas wrote:
On 13/02/2020 09:57, Olivier Jaquemet wrote:
I understand the need to introduce a "secured by default" AJP
However, I question one choice that was made for this change : the
default behavior of the AJP connector to listen only on the loopback

You can specify "" (IPv4) or "::" (IPv6) to restore the behaviour
of listening on any address.


Thank you Mark. This should address this use case.

Would you consider adding this binding information to the documentation (in the documentation of the address attribute) ?

To sum up :
When migrating to Tomcat 8.5.51, 9.0.31 (and probably the next 7.0.x as I saw you had also backported this change to the 7.0.x branch), if your server architecture is to expose tomcat with an AJP connector, to a remote distant front server, you can :

either, *secure your installation* (obviously the recommended way on untrusted network) :

- by specifying the valid IP address on which the connector must bind; This is done with address attribute of the AJP connector.

- by specifying a shared secret between the front server and the connector ; This is done with the secret attribute of the AJP connector

or else, if you want your server.xml to be agnostic to the running host and remote front server, change your configuration back to the previous behavior, *BUT ONLY IF AND ONLY IF you are on trusted network* :

- by removing explicit bind of AJP connector, by specifying "" (IPv4) or "::" (IPv6) in the address attribute of the AJP connector

- by removing need for shared secret between front and tomcat ; This is done with the secretRequired="false" attribute of the AJP connector.


To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to