Re: Apache mod_jk and Tomcat not working correctly

Sun, 26 Oct 2008 23:20:42 -0700

I got it to work almost with some of these changes. In particular the JkMount /dwr-examples/* ajp13worker1. 
That was the problem.
Now the only thing that is causing a problem are a couple of a policy violations. This happened before and I had to delete them. 
How do I find which ones they are and where they are?
[Mon Oct 27 00:42:31 2008] [error] [client 127.0.0.1] ModSecurity: Warning. Pattern match "(?:\\\\b(?:on(?:(?:mo(?:use(?:o(?:ver|ut)|down|move|up)|ve)|key(?:press|down|up)|c(?:hange|lick)|s(?:elec|ubmi)t|(?:un)?load|dragdrop|resize|focus|blur)\\\\b\\\\W*?=|abort\\\\b)|(?:l(?:owsrc\\\\b\\\\W*?\\\\b(?:(?:java|vb)script|shell)|ivescript)|(?:href|url)\\\\b\\\\W*?\\\\b(?:(?:java|vb)script|shell)|mocha):|type\\\\b\\\\W*?\\\\b(?:text\\\\b(?:\\\\W*?\\\\b(?:j(?:ava)?|ecma)script\\\\b| [vbscript])|application\\\\b\\\\W*?\\\\bx-(?:java|vb)script\\\\b)|s(?:(?:tyle\\\\b\\\\W*=.*\\\\bexpression\\\\b\\\\W*|ettimeout\\\\b\\\\W*?)\\\\(|rc\\\\b\\\\W*?\\\\b(?:(?:java|vb)script|shell|http):)|(?:c(?:opyparentfolder|reatetextrange)|get(?:special|parent)folder|background-image:|@import)\\\\b|a(?:ctivexobject\\\\b|lert\\\\b\\\\W*?\\\\())|<(?:(?:body\\\\b.*?\\\\b(?:backgroun|onloa)d|input\\\\b.*?\\\\btype\\\\b\\\\W*?\\\\bimage)\\\\b|!\\\\[CDATA\\\\[|script|meta)|.(?:(?:execscrip|addimpor)t|(?:fromcharcod|cooki)e|innerhtml)\\\\b)" at REQUEST_FILENAME. [id "950004"] [msg "Cross-site Scripting (XSS) Attack"] [severity "CRITICAL"] [hostname "localhost"] [uri "/msgboard/js/cookie.js"] [unique_id "[EMAIL PROTECTED]"] [Mon Oct 27 01:06:10 2008] [error] [client 127.0.0.1] ModSecurity: Warning. Match of "rx ^(?:application/x-www-form-urlencoded|multipart/form-data|text/xml)$" against "REQUEST_HEADERS:Content-Type" required. [id "960010"] [msg "Request content encoding is not allowed by policy"] [severity "WARNING"] [hostname "localhost"] [uri "/dwr-examples/dwr/call/plaincall/Intro.getInsert.dwr"] [unique_id "7XnhS8CoAWUAAAwciBAAAADz"] 

Thanks alot for the help, your masters!
----- Original Message ----- From: "Rainer Jung" <[EMAIL PROTECTED]> 
To: "Tomcat Users List" <users@tomcat.apache.org>
Sent: Monday, October 27, 2008 12:07 AM
Subject: Re: Apache mod_jk and Tomcat not working correctly



Wayne Bragg schrieb:

my setup:
   WinXP Home
   Wed-Dev install of:
       Apache/2.2.3 (Win32)
       Tomcat 5
       PHP 5.2.0


Before proceeding consider taking more recent minor versions, like
2.2.10, PHP 5.2.6 and you didn't tell us your Tomcat version. Your
mod_jk below is 1.2.19, which is *very* outdated, use 1.2.26.


I have mod_jk connector set up the following way according to
instructions:

Alias /dwr-examples "/www/tomcat5/webapps/dwr-examples/"

<Directory "/www/tomcat5/webapps/dwr-examples/">
 Options Indexes FollowSymLinks


If you don't need those options drop them.


 AllowOverride None
 Order deny,allow
 Deny from all
 Allow from all

 AddType text/html .php .phps
 AddHandler application/x-httpd-php .php
 AddHandler application/x-httpd-php-source .phps
</Directory>

mod_jk setup:
   LoadModule jk_module modules/mod_jk.so

<IfModule jk_module>
    JkWorkersFile conf/Suite-extra/workers.properties


We don't know the contents of this file.


    JkLogFile logs/mod_jk.log
    JkLogLevel warn
    JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "


You shouldn't nedd a JkLogStampFormat. Only use it, if you think you
need it.


    JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories


Delete +ForwardURICompat from the list if you are not sure you need it.


    JkRequestLogFormat "%w %V %T"


You should use logging of mod_jk notes in the access log instead.


   <Location /*/WEB-INF/*>
        # AllowOverride None
         deny from all
    </Location>

   JkMount /dwr-examples/*.jsp ajp13worker1
   JkMount /dwr-examples/*.jspx ajp13worker1


Your testing URL /dwr-examples/dwr does not match any of those two
rules, so it won't get send to Tomcat.


   JkUnMount /dwr-examples/*.html  ajp13worker1
   JkUnMount /dwr-examples/*.htm  ajp13worker1
   JkUnMount /dwr-examples/*.png  ajp13worker1
   JkUnMount /dwr-examples/*.jpg  ajp13worker1
   JkUnMount /dwr-examples/*.jpeg  ajp13worker1
   JkUnMount /dwr-examples/*.gif  ajp13worker1
   JkUnMount /dwr-examples/*.ico  ajp13worker1
   JkUnMount /dwr-examples/*.php  ajp13worker1


What about

   JkMount /dwr-examples/* ajp13worker1
   JkUnMount /*.html  ajp13worker1
   JkUnMount /*.htm  ajp13worker1
   JkUnMount /*.png  ajp13worker1
   JkUnMount /*.jpg  ajp13worker1
   JkUnMount /*.jpeg  ajp13worker1
   JkUnMount /*.gif  ajp13worker1
   JkUnMount /*.ico  ajp13worker1
   JkUnMount /*.php  ajp13worker1

instead?


</IfModule>
Everthing works using port 8080 but I am getting the following error in the 
error.log in Apache when I use port
80 ie: http://localhost:8080/dwr-examples/ vs
http://localhost/dwr-examples/
[Sun Oct 26 15:11:32 2008] [notice] ModSecurity for Apache 2.0.4 configured 
[Sun Oct 26 15:11:34 2008] [notice] Apache/2.2.3 (Win32) PHP/5.2.0
mod_ssl/2.2.3 OpenSSL/0.9.8d mod_jk/1.2.19 mod_perl/2.0.3-dev Perl/v5.8.8
configured -- resuming normal operations
[Sun Oct 26 15:11:34 2008] [notice] Server built: Nov 15 2006 21:34:51
[Sun Oct 26 15:11:34 2008] [notice] Parent: Created child process 268
[Sun Oct 26 15:11:36 2008] [notice] ModSecurity for Apache 2.0.4 configured 
[Sun Oct 26 15:11:38 2008] [notice] Child 268: Child process is running
[Sun Oct 26 15:11:38 2008] [notice] Child 268: Acquired the start mutex.
[Sun Oct 26 15:11:38 2008] [notice] Child 268: Starting 250 worker threads. [Sun Oct 26 15:11:38 2008] [notice] Child 268: Starting thread to listen on 
port 443.
[Sun Oct 26 15:11:38 2008] [notice] Child 268: Starting thread to listen on 
port 80.
[Sun Oct 26 15:11:51 2008] [error] [client 127.0.0.1] File does not exist: 
C:/www/tomcat5/webapps/dwr-examples/dwr, referer:
http://localhost/dwr-examples/


Your request seems to be answered with a redirect to dwr-examples/dwr,
which is not contained in your forward rules.
[Sun Oct 26 15:11:51 2008] [error] [client 127.0.0.1] File does not exist: 
C:/www/tomcat5/webapps/dwr-examples/dwr, referer:
http://localhost/dwr-examples/
[Sun Oct 26 15:11:51 2008] [error] [client 127.0.0.1] File does not exist: 
C:/www/tomcat5/webapps/dwr-examples/dwr, referer:
http://localhost/dwr-examples/
[Sun Oct 26 15:11:52 2008] [error] [client 127.0.0.1] File does not exist: 
C:/www/webroot/favicon.ico
[Sun Oct 26 15:11:55 2008] [error] [client 127.0.0.1] File does not exist: 
C:/www/webroot/favicon.ico

Where /DWR is a servlet in Tomcat that works properly under port:8080


Be careful, URLs are case-sensitive. From the above it seems to be
/dwr-examples/dwr. In case it still doesn't work with the fixed
Jk(Un)Mounts, please set JkLogLevel to debug, retry one request and post
the JK log file.

Regards,

Rainer

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]




--------------------------------------------------------------------------------



No virus found in this incoming message.
Checked by AVG - http://www.avg.com
Version: 8.0.175 / Virus Database: 270.8.3/1748 - Release Date: 10/26/2008 7:53 PM 


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to