Thank you - when I remove the secret line, save and restart Tomcat, it results in the same 403 error.
On Tue, Feb 25, 2020 at 12:34 PM André Warnier (tomcat/perl) <a...@ice-sa.com> wrote: > The workers.properties below look good to me at first sight. > > Just to eliminate something, could you try the following changes : > > 1) workers.properties : > remove the line > > worker.worker1.secret="mySecret". > > 2) AJP Connector in tomcat : > > <Connector protocol="AJP/1.3" > address="127.0.0.1" > port="8009" > secretRequired="false" > redirectPort="8443" /> > > then restart tomcat and IIS. > What's happening then ? > > Note : this is something new in tomcat 8.5.51 compared to 8.5.50 and > earlier. > Before, by default, the "secret" was disabled. Since 8.5.51, by default, > the secret is > enabled, and you have to disable it explicitly if you don't want it (as I > did above). > > With the settings above, we are just trying to get back to a configuration > without secret, > to check if that works in your case. > As indicated in the documentation > ( > http://tomcat.apache.org/tomcat-8.5-doc/config/ajp.html#Standard_Implementations) > you can > do that in your case, because the communication between IIS and Tomcat is > fairly secure, > since it happens all within the same host. > > > On 25.02.2020 18:06, Ellen Meiselman wrote: > > Yes, everything is on the same server. > > > > workers.properties: > > # Set properties for worker1 (ajp13) > > worker.worker1.type=ajp13 > > worker.worker1.host=127.0.0.1 > > worker.worker1.port=8009 > > worker.worker1.secret="mySecret". > > > > On Tue, Feb 25, 2020 at 11:27 AM <jonmcalexan...@wellsfargo.com.invalid> > > wrote: > > > >> -----Original Message----- > >> From: Ellen Meiselman <elle...@gmail.com> > >> Sent: Tuesday, February 25, 2020 10:01 AM > >> To: Tomcat Users List <users@tomcat.apache.org> > >> Subject: Re: At wits end: Difficulties with IIS ISAPI connector and > Tomcat > >> > >>> Hi, > >> > >>> I've been testing, and so far, there is no change in the behavior. I am > >> still getting the same tomcat->based 403 error. > >> > >>> Based on what you said above... > >>> > >>> secretRequired="true" (which is the default, so it can be removed) > >>> secret="xxxxxxx" > >> > >> > >>> ...I removed secretRequired="true" and left secret. So the connector > >> definition now looks like this: > >>> <Connector protocol="AJP/1.3" > >>> address="127.0.0.1" > >>> port="8009" > >>> secret="mySecret" > >>> redirectPort="8443" /> > >> > >> <SNIP> > >> > >> I'm assuming that your web-front-end is on the same server as your > Tomcat > >> instance, based on you having the address set to 127.0.0.1, correct? > What > >> do you have in your workers.properties file? > >> > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
