>From my testing.

secretRequired="false" is still needed though docs says its deprecated in
favor of just secret.
I also had to change the worker from host=localhost to host=127.0.0.1

Also AJP13 connector protocol block is commented out where it never was
before.

I'd prefer acceptance of localhost by default and then add secret for
remote ajp servers.

John Larsen

On Fri, Feb 14, 2020 at 7:37 AM Mark Thomas <ma...@apache.org> wrote:

> On 14/02/2020 14:21, John Larsen wrote:
> > I apologize - coffee started to kick in.  The address="::1"  portion is
> > commented out.
> >
> > Will adding  secret="false"? in the server.xml bypass this issue?
> >
> > <Connector protocol="AJP/1.3" port="8080" secret="false"
> > redirectPort="8443" />
>
> That will give you an AJP connector that is only listening on the
> loopback interface.
>
> Mark
>
>
> >
> > Thanks,
> >
> > John Larsen
> >
> > On Fri, Feb 14, 2020 at 6:52 AM Mark Thomas <ma...@apache.org> wrote:
> >
> >> On 14/02/2020 13:45, John Larsen wrote:
> >>> Seems tomcat 9.0.31 has thrown me a curve and messed up my automation.
> >>>
> >>> Where can i understand this change better?
> >>> "Rename the requiredSecret attribute of the AJP/1.3 Connector to secret
> >> and
> >>> add a new attribute secretRequired that defaults to true. When
> >>> secretRequired is truethe AJP/1.3 Connector will not start unless the
> >> secret
> >>>  attribute is configured to a non-null, non-zero length String.
> (markt)"
> >>>
> >>> Or can i just change this to false? What it its purpose?
> >>
> >> The purpose of that attribute is to stop you starting up Tomcat with an
> >> AJP connector that is open to the world without stopping to think first.
> >>
> >> AJP assumes all connecting clients are trusted.
> >>
> >> You need to make sure that, through the combination of AJP
> >> configuration, network configuratiom, etc. that this is the case.
> >>
> >> If you describe your particular use case, we people on this list should
> >> be able to provide you with recommended configuration options.
> >>
> >> Mark
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> >> For additional commands, e-mail: users-h...@tomcat.apache.org
> >>
> >>
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Reply via email to