On 09/08/2011 11:58 PM, Konstantin Kolinko wrote:
2011/9/9 Christopher Schultz<ch...@christopherschultz.net>:
On 9/8/2011 11:47 AM, Mark Thomas wrote:
On 08/09/2011 16:13, Christopher Schultz wrote:
All, https://issues.apache.org/bugzilla/show_bug.cgi?id=51698
Mark's official report to the users' list indicates that setting a
"secret" for the AJP connection does the trick. (I tried this
myself before digging-up his message and can confirm that the
sample code fails when a "secret" is set).
Should we mention this on the Security page directly for those who
didn't read the announcement on the users' list?
No reason why not. Go for it.
Okay. Any idea if mod_proxy_ajp supports the shared secret? The
documentation is so light on actually using mod_proxy_ajp that it might
be supported ("ProxyPass /foo ajp://bar secret=changeit"?) but
completely undocumented in the httpd documentation.
This is all I could find:
(..)
I understand that the sources for that module for the current HTTPD
branch are in the following place in ASF svn:
/httpd/httpd/branches/2.2.x/modules/proxy/
The only code that mentions "secret" is in ajp_header.c there (besides
a constant declared in ajp_header.h) and it is commented out
/* XXXX need to figure out how to do this
if (s->secret) {
There is no parameter or local variable named "s" in that method, so
it probably originates from mod_jk.
Yep. We need a directive to set the secret in httpd, I will discuss that
in httpd dev list.
Cheers
Jean-Frederic
Best regards,
Konstantin Kolinko
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
