Hi Matthias,

I suspect your issue is: address="::"    You probably want
address="0.0.0.0" or the ipv4 IP address that your tomcat instance is
listening on.   :: allows any on IPv6, but for IPv4 I suspect that tomcat
would still be listening only on 127.0.0.1

Regards,
Stephen


On Wed, 4 Mar 2020 at 15:20, Matthias Fechner <ide...@fechner.net> wrote:

> Dear all,
>
> as tomcat version 9.0.31 has some security fixes included I tried to do
> an upgrade.
> On the IIS tomcat connector version 1.2.46 is installed.
>
> As secret I use a 32 character long alpha numeric string, I name it here
> token.
> In the workers.properties I tried to define it on the load balancer
> line:
> worker.loadbalancer.secret=token
>
> And/or on each node:
> worker.node1.secret=token
> ...
> worker.node2.secret=token
>
> For the tomcat configuration I defined in server.xml the following AJP
> connector:
>      <Connector protocol="AJP/1.3"
>                 address="::"
>                 port="8009"
>                 tomcatAuthentication="false"
>                 enableLookups="false"
>                 secret="token"
>                 redirectPort="8443" />
>
> But it does not work. It seems that tomcat does not answer here.
> If I downgrade to tomcat 9.0.29 it works without any problems.
>
> I started then wireshark and had a look into the traffic coming from the
> IIS.
>  From IIS is see a AJP13 connection with the following content in "Apache
> JServ Protocol v1.3" part in wireshark:
> ...
> Sec-Fetch-User: ?1
> token
> INTERNAL\user
> Negotiate
> ...
>
> as the token is here included the secret configuration is maybe correct.
> The token is here equal to the token define on IIS-tomcat-connector and
> the tomcat server.xml AJP definition.
> Tomcat is sending back a "0:RSP:SEND HEADERS:403 403"
>
> The IIS is doing authentication is is then just sending the user to
> tomcat.
>
> Regarding the documentation everything seems to be configured correctly,
> but it does not work.
> Could anyone help me here, please?
>
> --
> Thanks a lot
> Matthias
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

-- 
_________________________________________________
Stephen Hames, Systems Architect & Release Manager
Singapore | +65 6403 5900
CloudPay <https://www.cloudpay.net/>
-- 
_________________________________________________
Stephen Hames, Systems Architect & Release Manager
Singapore | +65 6403 5900
CloudPay <https://www.cloudpay.net/>

-- 


This message may
contain confidential and privileged information. If it 
has been sent to you in
error, please reply to advise the sender of the 
error and then immediately
delete this message.

Reply via email to