Re: Can I get an answer please -- Re: Why integrate Tomcat with a web server?
True, but I don't have much static content and the Apache Tomcat Security book is not making that point. I'm trying to determine whether or not it is better to have a web server in front of Tomcat under Windows for security reasons. The book seems to say that but it clearly describe why this provides better security when running Tomcat under Windows. Nathan - Original Message - From: Rick Roberts [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Thursday, August 07, 2003 11:02 PM Subject: Re: Can I get an answer please -- Re: Why integrate Tomcat with a web server? Because a web server serves static content (html, images, etc.) much faster than tomcat will. Nathan Ward wrote: Hello John, I hate to be pushy, but are you going to post a reply to this question at some point? Nathan - Original Message - From: Nathan Ward To: [EMAIL PROTECTED] ; Tomcat Users List Sent: Monday, August 04, 2003 11:05 AM Subject: Why integrate Tomcat with a web server? I have a question for John Turner about a statement in the book Apache Tomcat Security. Page 12 says: As discussed earlier, running publicly available web services as root or superuser is typically a bad idea, so the solution is to avoid using Tomcat as a stand-alone web server on port 80 by integrating it with a standard HTTP web server such as Apache, Microsoft's IIS, or Sun Microsystem's iPlanet. Question: Does this apply when running under Windows? The reference to as discussed earlier talks about running Tomcat as a service with more permissions than necessary. Windows defaults to running services as SYSTEM which has administrator privileges. Fine, but as also mentioned earlier, you can create a user account with less permissions and setup the service to run Tomcat under that account. So, how does the statement on page 12 relate to running Tomcat under windows, i.e. why run Tomcat with IIS rather than just run Tomcat? There may be performance reasons, but from a security point of view, is there increased security risks in running Tomcat without IIS when running as a service under Windows? Nathan -- *** * Rick Roberts* * Advanced Information Technologies, Inc. * * http://www.ait-web.com * *** - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JAAS Realm useage
The book Apache Tomcat Security says that this realm is not documented in the Tomcat docs, but does provide documentation on it that appears to be what you need. The book Tomcat KickStart Describes it but says that the authors couldn't get it to work. Nathan - Original Message - From: Roman Blade Velichko [EMAIL PROTECTED] To: Tomcat Users [EMAIL PROTECTED] Sent: Wednesday, August 06, 2003 2:26 AM Subject: Q: JAAS Realm useage Hi to All! How can I get Subject in my web application with JAASRealm? With best wishes Roman Blade Velichko [mailto:[EMAIL PROTECTED] Chance favour to prepared mind - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Can I get an answer please -- Re: Why integrate Tomcat with a web server?
Sorry about that John. I must have missed your reply. I'm still figuring out how to effectively use the mailing lists. I wanted to direct the message to you, but I thought it would be useful to others so I wanted to post it here rather than sending it only to you. Nathan - Original Message - From: John Turner [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Friday, August 08, 2003 9:35 AM Subject: Re: Can I get an answer please -- Re: Why integrate Tomcat with a web server? I did, last week. In any case, if you have something to ask me directly, you can send me a message off-list. John Nathan Ward wrote: Hello John, I hate to be pushy, but are you going to post a reply to this question at some point? Nathan - Original Message - From: Nathan Ward To: [EMAIL PROTECTED] ; Tomcat Users List Sent: Monday, August 04, 2003 11:05 AM Subject: Why integrate Tomcat with a web server? I have a question for John Turner about a statement in the book Apache Tomcat Security. Page 12 says: As discussed earlier, running publicly available web services as root or superuser is typically a bad idea, so the solution is to avoid using Tomcat as a stand-alone web server on port 80 by integrating it with a standard HTTP web server such as Apache, Microsoft's IIS, or Sun Microsystem's iPlanet. Question: Does this apply when running under Windows? The reference to as discussed earlier talks about running Tomcat as a service with more permissions than necessary. Windows defaults to running services as SYSTEM which has administrator privileges. Fine, but as also mentioned earlier, you can create a user account with less permissions and setup the service to run Tomcat under that account. So, how does the statement on page 12 relate to running Tomcat under windows, i.e. why run Tomcat with IIS rather than just run Tomcat? There may be performance reasons, but from a security point of view, is there increased security risks in running Tomcat without IIS when running as a service under Windows? Nathan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Can I get an answer please -- Re: Why integrate Tomcat with a web server?
Hello John, I hate to be pushy, but are you going to post a reply to this question at some point? Nathan - Original Message - From: Nathan Ward To: [EMAIL PROTECTED] ; Tomcat Users List Sent: Monday, August 04, 2003 11:05 AM Subject: Why integrate Tomcat with a web server? I have a question for John Turner about a statement in the book Apache Tomcat Security. Page 12 says: As discussed earlier, running publicly available web services as root or superuser is typically a bad idea, so the solution is to avoid using Tomcat as a stand-alone web server on port 80 by integrating it with a standard HTTP web server such as Apache, Microsoft's IIS, or Sun Microsystem's iPlanet. Question: Does this apply when running under Windows? The reference to as discussed earlier talks about running Tomcat as a service with more permissions than necessary. Windows defaults to running services as SYSTEM which has administrator privileges. Fine, but as also mentioned earlier, you can create a user account with less permissions and setup the service to run Tomcat under that account. So, how does the statement on page 12 relate to running Tomcat under windows, i.e. why run Tomcat with IIS rather than just run Tomcat? There may be performance reasons, but from a security point of view, is there increased security risks in running Tomcat without IIS when running as a service under Windows? Nathan
Re: Tomcat 4.1x running as NT Service Issue
I told you wrong about how to set the memory limits when running as a service. You can set the memory options in the Windows registry using regedit. In regedit, open HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Apache Tomcat 4.1\Parameters Add a string value named: JVM Option Number 3 and set it's value to -Xms100m Add a string value named: JVM Option Number 4 and set it's value to -Xmx100m Change the JVM Option Count to 5 (was 3 at least on my machine. The value of this field must match the number of JVM Option Number x values). You can also write log statements to check allocated and available memory. Following is an example thread that we used. I've cut out a few parts that are specific to our application and the formatting is screwed up from cutting and pasting it, but should be close enough to get you going. public class MemoryMonitor implements Runnable { private boolean done = false; private Runtime rt = Runtime.getRuntime(); public MemoryMonitor() { Thread theThread = new Thread(this); theThread.setDaemon(true); theThread.setPriority(Thread.MIN_PRIORITY); theThread.start(); } public void run() { while (!done) { try { long freeMemory = rt.freeMemory()/1024; long totalMemory = rt.totalMemory()/1024; long memoryUsed = (totalMemory-freeMemory)/1024; long allocatedMemory = (totalMemory/1024); AppLog.info([Memory Monitor] -- +new Timestamp(System.currentTimeMillis()).toString()+ --- Memory Allocated: +(int)allocatedMemory+k); AppLog.info([Memory Monitor] -- +new Timestamp(System.currentTimeMillis()).toString()+ --- Memory Used: +(int)memoryUsed+k); rt.gc(); if(allocatedMemorytotalMemory){ } Thread.sleep( MemoryMonitorProperties.getInstance().getCheckMemoryInterval()); } catch (Exception ie) { AppLog.error(AppError.getStackTraceAsString(ie)); } } AppLog.info(MemoryMonitor terminated.); } } - Original Message - From: Robert Porter [EMAIL PROTECTED] To: 'Tomcat Users List' [EMAIL PROTECTED] Sent: Saturday, August 02, 2003 11:34 PM Subject: RE: Tomcat 4.1x running as NT Service Issue I am not sure why we are not running 1.4, but the image from corporate has 1.3.1 and we have been told to live with it. We are running pretty much the same configuration from what you describe but with drastically different results. I am checking on JVM settings, and I will try what you suggest. The laptops are Dell and IBM late models with 256 MB of memory and large fast drives so I don't think it's the hardware. All running W2K Pro with SQL Server 2000 Std Ed. We are using an older JDBC driver, what JDBC driver are you using? -Original Message- From: Nathan Ward [mailto:[EMAIL PROTECTED] Sent: Saturday, August 02, 2003 10:27 PM To: Tomcat Users List Subject: Re: Tomcat 4.1x running as NT Service Issue I'm not sure that this is it, but you might try setting the JVM min and max memory limits when starting Tomcat by adding the following to $CATALINA_HOME\bin\catalina.bat: set JAVA_OPS = -Xms100m -Xmx100m Default for the JVM I believe should be 64mb, but who knows. Why are you using jdk 1.3.1? Do you have existing code that is not compatible with jdk 1.4? We are running Tomcat 4.1.24 as a service under Windows 2000 Server accessing an SQL Server database on the same machine with JDK 1.4.1_01 and it is working. Nathan - Original Message - From: Robert Porter [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Saturday, August 02, 2003 6:57 PM Subject: Tomcat 4.1x running as NT Service Issue I have scanned all the archives, and have seen some issues that are similar but not quite the same so I am posting this request. We are running Tomcat 4.1.24 Binary release, as a Service on Windows 2000 SP3 and SP4 Pro version. No JSP just servlets. The Tomcat instance is hosting 2 servlets that talk to a local SQL Server 2000 database on the same machine. A VB 6 client is talking to the servlets via http post etc, and exchanging XML documents for requests and replies. Running as a Service, with JDK 1.3.1 as the JVM the service will crash after about 10 minutes of activity. Just prior to the crash, available memory will decrease to 0 and the system will slow to a crawl with a lot of disk activity, paging I imagine. Running Tomcat in a window alleviates the problem entirely, so I am assuming there are some parameters that are being passed via the Startup.bat file that are not happening with the service. Or perhaps to the JVM, I am very new to Tomcat so I am not sure how to accomplish this. However we really want to have Tomcat running as a service since this is a laptop app being deployed to hundreds of our users, and we don't want them mucking about with the Window created by running Tomcat as a windowed service. Plus, having it run as a service means it is one less thing to worry about in our application
Why integrate Tomcat with a web server?
I have a question for John Turner about a statement in the book Apache Tomcat Security. Page 12 says: As discussed earlier, running publicly available web services as root or superuser is typically a bad idea, so the solution is to avoid using Tomcat as a stand-alone web server on port 80 by integrating it with a standard HTTP web server such as Apache, Microsoft's IIS, or Sun Microsystem's iPlanet. Question: Does this apply when running under Windows? The reference to as discussed earlier talks about running Tomcat as a service with more permissions than necessary. Windows defaults to running services as SYSTEM which has administrator privileges. Fine, but as also mentioned earlier, you can create a user account with less permissions and setup the service to run Tomcat under that account. So, how does the statement on page 12 relate to running Tomcat under windows, i.e. why run Tomcat with IIS rather than just run Tomcat? There may be performance reasons, but from a security point of view, is there increased security risks in running Tomcat without IIS when running as a service under Windows? Nathan
Re: Tomcat 4.1x running as NT Service Issue
I'm not sure that this is it, but you might try setting the JVM min and max memory limits when starting Tomcat by adding the following to $CATALINA_HOME\bin\catalina.bat: set JAVA_OPS = -Xms100m -Xmx100m Default for the JVM I believe should be 64mb, but who knows. Why are you using jdk 1.3.1? Do you have existing code that is not compatible with jdk 1.4? We are running Tomcat 4.1.24 as a service under Windows 2000 Server accessing an SQL Server database on the same machine with JDK 1.4.1_01 and it is working. Nathan - Original Message - From: Robert Porter [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Saturday, August 02, 2003 6:57 PM Subject: Tomcat 4.1x running as NT Service Issue I have scanned all the archives, and have seen some issues that are similar but not quite the same so I am posting this request. We are running Tomcat 4.1.24 Binary release, as a Service on Windows 2000 SP3 and SP4 Pro version. No JSP just servlets. The Tomcat instance is hosting 2 servlets that talk to a local SQL Server 2000 database on the same machine. A VB 6 client is talking to the servlets via http post etc, and exchanging XML documents for requests and replies. Running as a Service, with JDK 1.3.1 as the JVM the service will crash after about 10 minutes of activity. Just prior to the crash, available memory will decrease to 0 and the system will slow to a crawl with a lot of disk activity, paging I imagine. Running Tomcat in a window alleviates the problem entirely, so I am assuming there are some parameters that are being passed via the Startup.bat file that are not happening with the service. Or perhaps to the JVM, I am very new to Tomcat so I am not sure how to accomplish this. However we really want to have Tomcat running as a service since this is a laptop app being deployed to hundreds of our users, and we don't want them mucking about with the Window created by running Tomcat as a windowed service. Plus, having it run as a service means it is one less thing to worry about in our application code. However we can't deploy the app if it crashes every 10 minutes. Any help or suggestions would be appreciated. RP2C Inc http://www.rp2c.com [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Logfile for isapi_redirector2.dll?
I don't mean to complain. I'm sure there are good reasons as you have mentioned why I haven't gotten more replies. I was trying to emphasize that I did appreciate the response in this case even though Ken didn't have much new info to offer. That said, I also asked what I thought were pretty simple questions about jk (isapi_redirector) like: Can I control what Tomcat webapps two virtual hosts (IIS web sites) can access? If not, how can I allow one IIS web site to access one webapp and another IIS web site access another but not both? Am I really the first one to have to do this or the first one that participates here? I guess so. That's OK though. It took me four days to figure out a solution, but I did learn a lot. I created a new valve that allows me to allow/deny access by server name (i.e. request.getServerName). Very similar to the RemoteHostValve. So, the answer that was basically that the ISAPI filter maps from IIS to Tomcat -- no other control provided by the filter. If you need more access control, use filters. I'm thinking that I'll submit my valve to be added to the Tomcat baseline. I suppose that the lack of response to my questions suggests that no one here knew that or at least no one that read my messages knew that. Maybe my subject lines didn't catch the right person's eye. I'm not bothered by it, but I am curious why I didn't get more replies. Nathan - Original Message - From: John Turner [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Friday, July 25, 2003 8:39 AM Subject: Re: Logfile for isapi_redirector2.dll? Not many people use IIS + Tomcat (comparatively speaking). Of those, the folks using JK2 (redirector2) is probably smaller still. Of those people, there's a good chance that they don't have an answer to your particular question. Would you rather they replied anyway and sent you off on a wild goose chase, wasting your time? John Nathan Ward wrote: I appreciate the reply. I've joined this mailing list about a week ago and posted several messages. I've not gotten many replies at all. I guess people are busy and there are a lot of messages to sift through. Nonetheless, I start wondering if I have bad breath, don't know how spell or something if noone even chimes in. I took a look at the souce code for the isapi_redirector2.dll. I can follow it pretty good since I spent 10 years programming in C. I see logging methods (functions in C), but I didn't see where the log file was created or where it was written to. I believe I see where the code specifies the registry enteries that it is looking for and there isn't any for log file. I didn't see the logLevel registry setting specified either which I saw in the jk2 Tomcat docs. I saw some statemens about writing event log statements which led me to check the Windows Application Log. I did find some warning messages written there by the isapi_redirector2.dll. However, I never did get jk2 working. I'll stick with isapi_redirector.dll for now. Nathan - Original Message - From: Januski, Ken [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Thursday, July 24, 2003 5:36 PM Subject: RE: Logfile for isapi_redirector2.dll? Since no one's responded I tried google. Eventually I found this page with the following sample registry entry. I've yet to try it but if it works I'll be very happy. It's about the same as registry entries for isapi_redirect and isapi_redirector. But all examples I've seen for isapi_redirector2.dll have not included a log_file. So I assumed there was a good reason. I guess I'll soon find out. http://www.wbtsystems.com/news/newsletters/july2003 [HKEY_LOCAL_MACHINE\SOFTWARE\Apache Software Foundation\Jakarta Isapi Redirector\2.0] serverRoot=\\tomcat extensionUri=/jakarta/isapi_redirector2.dll log_file=\\tomcat\\logs\\iis_redirect.log logLevel=DEBUG workersFile=\\tomcat\\conf\\workers2.properties -Original Message- From: Januski, Ken [mailto:[EMAIL PROTECTED] Sent: Thursday, July 24, 2003 12:57 PM To: Tomcat Users List Subject: RE: Logfile for isapi_redirector2.dll? I've been meaning to ask this myself ever since I went to isapi_redirector2.dll. It sure would be nice to have a log. -Original Message- From: Nathan Ward [mailto:[EMAIL PROTECTED] Sent: Thursday, July 24, 2003 9:08 AM To: Tomcat Users List Subject: Logfile for isapi_redirector2.dll? Does isapi_redirector2.dll write a log file? If so, where does it put the file? I don't see any registry settings in the documentation that specifies the log file location. Nathan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED
Re: Logfile for isapi_redirector2.dll?
I believe that is the same thing I'm trying to do (did) with IIS and Tomcat. I don't believe it is a bug. It is just the way the isapi_redirector.dll is written. Windows registry settings specifies where _the_ workers.properties file is located as well as where the uriworkermap.properties is located. Each IIS website is configured in IIS's Management Application to use the ISAPI filter (isapi_redirector.dll) and a virtual directory is defined in IIS as well under each web site to the directory where the isapi_redirector.dll file is located. Since the mapping to webapps is controlled by the uriworkermap.properties file and only one can be specified in the registry settings, there is no way in IIS or via the ISAPI filter to control the access. This must not be a common thing at all as you said because I also checked three books on Tomcat. Professional Apache Tomcat was the closest to cover this at all but none of them specifically addressed this configuration. However, my customer wants to have one computer running IIS to be accessible to the Internet. So, that is what I have make it work with this configuration. Nathan - Original Message - From: John Turner [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Friday, July 25, 2003 9:42 AM Subject: Re: Logfile for isapi_redirector2.dll? Sounds like a bug in isapi_redirector to me, or perhaps its a problem with the way IIS handles virtual hosts. Or maybe I don't understand what you want to do. In Apache, I setup one virtual host = one webapp. hostA = appA hostB = appB With mod_jk (essentially isapi_redirector), appB is never available to hostA, and appA is never available to hostB. A 404 results if I try: http://www.hostA.com/appB John Nathan Ward wrote: I don't mean to complain. I'm sure there are good reasons as you have mentioned why I haven't gotten more replies. I was trying to emphasize that I did appreciate the response in this case even though Ken didn't have much new info to offer. That said, I also asked what I thought were pretty simple questions about jk (isapi_redirector) like: Can I control what Tomcat webapps two virtual hosts (IIS web sites) can access? If not, how can I allow one IIS web site to access one webapp and another IIS web site access another but not both? Am I really the first one to have to do this or the first one that participates here? I guess so. That's OK though. It took me four days to figure out a solution, but I did learn a lot. I created a new valve that allows me to allow/deny access by server name (i.e. request.getServerName). Very similar to the RemoteHostValve. So, the answer that was basically that the ISAPI filter maps from IIS to Tomcat -- no other control provided by the filter. If you need more access control, use filters. I'm thinking that I'll submit my valve to be added to the Tomcat baseline. I suppose that the lack of response to my questions suggests that no one here knew that or at least no one that read my messages knew that. Maybe my subject lines didn't catch the right person's eye. I'm not bothered by it, but I am curious why I didn't get more replies. Nathan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Logfile for isapi_redirector2.dll?
Sure, but that specifies the machine where Tomcat is running. I could specify different hosts for different workers if I want multiple instances of Tomcat running on different machines. I have one instance of Tomcat on one machine and one instance of IIS on another. However, two virtual hosts/web sites under IIS each of which need access to one and only one webapp on the single Tomcat instance. Nathan - Original Message - From: John Turner [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Friday, July 25, 2003 10:47 AM Subject: Re: Logfile for isapi_redirector2.dll? uriworkermap.properties doesn't take a hostname? John Nathan Ward wrote: I believe that is the same thing I'm trying to do (did) with IIS and Tomcat. I don't believe it is a bug. It is just the way the isapi_redirector.dll is written. Windows registry settings specifies where _the_ workers.properties file is located as well as where the uriworkermap.properties is located. Each IIS website is configured in IIS's Management Application to use the ISAPI filter (isapi_redirector.dll) and a virtual directory is defined in IIS as well under each web site to the directory where the isapi_redirector.dll file is located. Since the mapping to webapps is controlled by the uriworkermap.properties file and only one can be specified in the registry settings, there is no way in IIS or via the ISAPI filter to control the access. This must not be a common thing at all as you said because I also checked three books on Tomcat. Professional Apache Tomcat was the closest to cover this at all but none of them specifically addressed this configuration. However, my customer wants to have one computer running IIS to be accessible to the Internet. So, that is what I have make it work with this configuration. Nathan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Logfile for isapi_redirector2.dll?
Shit! You're right!!! All the examples of uriworkermap.properties that I had seen had a relative path specified including the 3 books I looked at. It never occurred to me to specify the full url until your example. I just tried it that way and it works! Boy, do I feel stupid. You said the example is for jk2. Doesn't JK2 use workers2.properties instead of uirworkermap.properties and workers.properties? I'm using jk. I tried jk2, but didn't get it to work. jk is working fine for now. Back to the original question of why didn't I get more responses about this. Maybe indicating isapi/iis in the subject was too limiting. Maybe I should have said something about controlling access to webapps from multiple virtual hosts. Nathan - Original Message - From: John Turner [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Friday, July 25, 2003 11:55 AM Subject: Re: Logfile for isapi_redirector2.dll? I guess I misunderstood what uriworkermap.properties was doingI was under the impression that was where you mapped URIs to specific workers. In JK2 (mod_jk2.so), it might look something like: [uri:www.hostA.com/appA/*.jsp] There's no counterpart to that in an IIS + Tomcat configuration? I find that surprising. John Nathan Ward wrote: Sure, but that specifies the machine where Tomcat is running. I could specify different hosts for different workers if I want multiple instances of Tomcat running on different machines. I have one instance of Tomcat on one machine and one instance of IIS on another. However, two virtual hosts/web sites under IIS each of which need access to one and only one webapp on the single Tomcat instance. Nathan - Original Message - From: John Turner [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Friday, July 25, 2003 10:47 AM Subject: Re: Logfile for isapi_redirector2.dll? uriworkermap.properties doesn't take a hostname? John Nathan Ward wrote: I believe that is the same thing I'm trying to do (did) with IIS and Tomcat. I don't believe it is a bug. It is just the way the isapi_redirector.dll is written. Windows registry settings specifies where _the_ workers.properties file is located as well as where the uriworkermap.properties is located. Each IIS website is configured in IIS's Management Application to use the ISAPI filter (isapi_redirector.dll) and a virtual directory is defined in IIS as well under each web site to the directory where the isapi_redirector.dll file is located. Since the mapping to webapps is controlled by the uriworkermap.properties file and only one can be specified in the registry settings, there is no way in IIS or via the ISAPI filter to control the access. This must not be a common thing at all as you said because I also checked three books on Tomcat. Professional Apache Tomcat was the closest to cover this at all but none of them specifically addressed this configuration. However, my customer wants to have one computer running IIS to be accessible to the Internet. So, that is what I have make it work with this configuration. Nathan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Logfile for isapi_redirector2.dll?
Just to be clear for others who may read this, here's an example of the uriworkermap.properties file that works for me: www.website1.com/rms-jobs/*=ajp13Worker www.website2.biz/rms/*=ajp13Worker What I had before that didn't control access as required was: /rms-jobs/*=ajp13Worker /rms/*=ajp13Worker Nathan - Original Message - From: Nathan Ward [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Friday, July 25, 2003 1:05 PM Subject: Re: Logfile for isapi_redirector2.dll? Shit! You're right!!! All the examples of uriworkermap.properties that I had seen had a relative path specified including the 3 books I looked at. It never occurred to me to specify the full url until your example. I just tried it that way and it works! Boy, do I feel stupid. You said the example is for jk2. Doesn't JK2 use workers2.properties instead of uirworkermap.properties and workers.properties? I'm using jk. I tried jk2, but didn't get it to work. jk is working fine for now. Back to the original question of why didn't I get more responses about this. Maybe indicating isapi/iis in the subject was too limiting. Maybe I should have said something about controlling access to webapps from multiple virtual hosts. Nathan - Original Message - From: John Turner [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Friday, July 25, 2003 11:55 AM Subject: Re: Logfile for isapi_redirector2.dll? I guess I misunderstood what uriworkermap.properties was doingI was under the impression that was where you mapped URIs to specific workers. In JK2 (mod_jk2.so), it might look something like: [uri:www.hostA.com/appA/*.jsp] There's no counterpart to that in an IIS + Tomcat configuration? I find that surprising. John Nathan Ward wrote: Sure, but that specifies the machine where Tomcat is running. I could specify different hosts for different workers if I want multiple instances of Tomcat running on different machines. I have one instance of Tomcat on one machine and one instance of IIS on another. However, two virtual hosts/web sites under IIS each of which need access to one and only one webapp on the single Tomcat instance. Nathan - Original Message - From: John Turner [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Friday, July 25, 2003 10:47 AM Subject: Re: Logfile for isapi_redirector2.dll? uriworkermap.properties doesn't take a hostname? John Nathan Ward wrote: I believe that is the same thing I'm trying to do (did) with IIS and Tomcat. I don't believe it is a bug. It is just the way the isapi_redirector.dll is written. Windows registry settings specifies where _the_ workers.properties file is located as well as where the uriworkermap.properties is located. Each IIS website is configured in IIS's Management Application to use the ISAPI filter (isapi_redirector.dll) and a virtual directory is defined in IIS as well under each web site to the directory where the isapi_redirector.dll file is located. Since the mapping to webapps is controlled by the uriworkermap.properties file and only one can be specified in the registry settings, there is no way in IIS or via the ISAPI filter to control the access. This must not be a common thing at all as you said because I also checked three books on Tomcat. Professional Apache Tomcat was the closest to cover this at all but none of them specifically addressed this configuration. However, my customer wants to have one computer running IIS to be accessible to the Internet. So, that is what I have make it work with this configuration. Nathan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Logfile for isapi_redirector2.dll?
Ken, That was an example configuration. I didn't realize that you'd care to go to the actual web sites. Some of the real uri's aren't accessible from the Internet. One of them is though. Go to http://www.usresources.com Click on the Candidates link menu item, then click on the OPPORTUNITIES or SUBMIT RESUME links at the bottom of the page. Those two links go to /rms-jobs/something which is my webapp running on Tomcat on a different machine. The pages before those links were static HTML files from IIS. Turns out that what I had tried per John's message isn't actually working. What I tried was: www.usresources.com/rms-jobs/*=ajp13Worker in the uriworkermap.properties file I thought that was working, but maybe I didn't restart IIS after making the change. I've since changed the file back to: /rms-jobs/*=ajp13Worker I also have the following in the uriworkermap.properties file: /rms/*=ajp13Worker However, this better not be accessible from www.usresources.com (i.e. http://www.usresources.com/rms/something) should never work. It is supposed to be accessed from another web site that isn't actually on the Internet yet because we have to get a SSL certificate from Verisign for it first. So, if I could specify: www.usresources.com/rms-jobs/*=ajp13Worker and www.another-to-be-determined-domainname.com/rms/*=ajp13Worker in uriworkermap.properties file I wouldn't need the valve that I created in Tomcat. Let me know if you need more clarification. Nathan - Original Message - From: Januski, Ken [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Friday, July 25, 2003 1:20 PM Subject: RE: Logfile for isapi_redirector2.dll? Nathan, I'd love to see the configuration but these urls don't seem to work. P.S. I wasn't thinking clearly when I suggested multiple workers2.properties files. Ken -Original Message- From: Nathan Ward [mailto:[EMAIL PROTECTED] Sent: Friday, July 25, 2003 1:12 PM To: Tomcat Users List Subject: Re: Logfile for isapi_redirector2.dll? Just to be clear for others who may read this, here's an example of the uriworkermap.properties file that works for me: www.website1.com/rms-jobs/*=ajp13Worker www.website2.biz/rms/*=ajp13Worker What I had before that didn't control access as required was: /rms-jobs/*=ajp13Worker /rms/*=ajp13Worker Nathan - Original Message - From: Nathan Ward [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Friday, July 25, 2003 1:05 PM Subject: Re: Logfile for isapi_redirector2.dll? Shit! You're right!!! All the examples of uriworkermap.properties that I had seen had a relative path specified including the 3 books I looked at. It never occurred to me to specify the full url until your example. I just tried it that way and it works! Boy, do I feel stupid. You said the example is for jk2. Doesn't JK2 use workers2.properties instead of uirworkermap.properties and workers.properties? I'm using jk. I tried jk2, but didn't get it to work. jk is working fine for now. Back to the original question of why didn't I get more responses about this. Maybe indicating isapi/iis in the subject was too limiting. Maybe I should have said something about controlling access to webapps from multiple virtual hosts. Nathan - Original Message - From: John Turner [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Friday, July 25, 2003 11:55 AM Subject: Re: Logfile for isapi_redirector2.dll? I guess I misunderstood what uriworkermap.properties was doingI was under the impression that was where you mapped URIs to specific workers. In JK2 (mod_jk2.so), it might look something like: [uri:www.hostA.com/appA/*.jsp] There's no counterpart to that in an IIS + Tomcat configuration? I find that surprising. John Nathan Ward wrote: Sure, but that specifies the machine where Tomcat is running. I could specify different hosts for different workers if I want multiple instances of Tomcat running on different machines. I have one instance of Tomcat on one machine and one instance of IIS on another. However, two virtual hosts/web sites under IIS each of which need access to one and only one webapp on the single Tomcat instance. Nathan - Original Message - From: John Turner [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Friday, July 25, 2003 10:47 AM Subject: Re: Logfile for isapi_redirector2.dll? uriworkermap.properties doesn't take a hostname? John Nathan Ward wrote: I believe that is the same thing I'm trying to do (did) with IIS and Tomcat. I don't believe it is a bug. It is just the way the isapi_redirector.dll is written. Windows registry settings specifies where _the_ workers.properties file is located as well as where
Re: Logfile for isapi_redirector2.dll?
It is not working. The isapi log file says that it is ignoring the mappings when I specify www.usresources.com/rms-jobs/*=ajp13Worker or similar. Maybe there is a syntax that will allow this to work. Maybe I'll look at the source code again for the isapi filter and see where the message is comming from. But, probably not today. Nathan - Original Message - From: John Turner [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Friday, July 25, 2003 2:25 PM Subject: Re: Logfile for isapi_redirector2.dll? So its not working? I can't believe that IIS + Tomcat doesn't separate virtual hosts. Do your hosts have different appBase's? John Nathan Ward wrote: Ken, That was an example configuration. I didn't realize that you'd care to go to the actual web sites. Some of the real uri's aren't accessible from the Internet. One of them is though. Go to http://www.usresources.com Click on the Candidates link menu item, then click on the OPPORTUNITIES or SUBMIT RESUME links at the bottom of the page. Those two links go to /rms-jobs/something which is my webapp running on Tomcat on a different machine. The pages before those links were static HTML files from IIS. Turns out that what I had tried per John's message isn't actually working. What I tried was: www.usresources.com/rms-jobs/*=ajp13Worker in the uriworkermap.properties file I thought that was working, but maybe I didn't restart IIS after making the change. I've since changed the file back to: /rms-jobs/*=ajp13Worker I also have the following in the uriworkermap.properties file: /rms/*=ajp13Worker However, this better not be accessible from www.usresources.com (i.e. http://www.usresources.com/rms/something) should never work. It is supposed to be accessed from another web site that isn't actually on the Internet yet because we have to get a SSL certificate from Verisign for it first. So, if I could specify: www.usresources.com/rms-jobs/*=ajp13Worker and www.another-to-be-determined-domainname.com/rms/*=ajp13Worker in uriworkermap.properties file I wouldn't need the valve that I created in Tomcat. Let me know if you need more clarification. Nathan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: IIS and the isapi_redirect.dll
What does your jk_iis.log file and also your IIS log file (in c:\winnt\system32\LogFiles\W3SVC1 directory) show? I'll include a copy of mine at the end of this message. The jk_iis.log file should show that it accesses the registry and reads the workers.properties and uriworkermap.properties files, and also show the urls patterns that it found in uriworkermap.properties. IIS log should indicate that IIS got a 200 response code from the isapi_redirect.dll. You can also set the debug level on the connector listening on 8009 in server.xml to 5 to get info that will show that the connector is running. That has never helped me very much though. I found that the book Professional Apache Tomcat had the best description of configuring IIS/Tomcat including very good troubleshooting tips. Have you tried configuring IIS on another machine to talk to Tomcat? You can leave Tomcat on one machine and IIS on another by just changing the worker.host field in workers.properties to be the ip of the machine running Tomcat. Nathan - Original Message - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, July 23, 2003 3:51 PM Subject: IIS and the isapi_redirect.dll Sorry if this was posted twice, my email client was not behaving. Well, here's a topic that has been hashed and rehashed before on this list... unfortunately after countless hours of reading the archives and googling around, I haven't found an answer as to why IIS won't play nice with Tomcat. Here's the skinny: W2k sp3 (5.00.2195) IIS 5 Tomcat 4.1.24 j2sdk 1.4.2 installed isapi_redirect.dll 1.2.4 I have checked the registery settings as well as had coworkers check them multiple times. I have also followed up on the possibility of the corrupted DLL by downloading different versions of the connector on to different servers on my network to no avail. Multiple restarts have also ensued. The error that is being logged in Component Services is your basic The data is the error and the data section of the error window reads: : 02 00 00 00 If anyone has any other possibilities, or has fixed this problem before, any help would be greatly appriciated. For those that are interested, the details on the enviornment are below. Thanks in advance! -s Tomcat install: C:\Tomcat4 \isapi\isapi_redirect.dll \conf\uriworkermap.properties workers.properties \logs Registery: [HKEY_LOCAL_MACHINE\SOFTWARE\Apache Group\Jakarta Isapi Redirector\1.0] extension_uri=/jakarta/isapi_redirect.dll worker_file=c:\Tomcat4\conf\workers.properties worker_mount_file=c:\Tomcat4\conf\uriworkermap.properties log_file=c:\Tomcat4\logs\jk_iis.log log_level=debug @=c:\Tomcat4\isapi\isapi_redirect.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3SVC\Parameters] .. Filter DLLs=C:\Tomcat4\isapi\isapi_redirect.dll .. IIS: site root=C:\Inetpub\wwwroot vdir jakarta=C:\Tomcat4\isapi with read and execute set Permissions: All .properties files, the isapi_redirect.dll, and the folders that house them have modify, read execute, read, write enabled for the everyone group. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: IIS and the isapi_redirect.dll
/jakarta/isapi_redirect.dll 200 2003-07-23 17:02:10 127.0.0.1 - W3SVC1 NWARDLT 127.0.0.1 80 GET /jakarta/isapi_redirect.dll 200 2003-07-23 17:02:10 127.0.0.1 - W3SVC1 NWARDLT 127.0.0.1 80 GET /jakarta/isapi_redirect.dll 200 - Original Message - From: Nathan Ward [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Thursday, July 24, 2003 8:17 AM Subject: Re: IIS and the isapi_redirect.dll What does your jk_iis.log file and also your IIS log file (in c:\winnt\system32\LogFiles\W3SVC1 directory) show? I'll include a copy of mine at the end of this message. The jk_iis.log file should show that it accesses the registry and reads the workers.properties and uriworkermap.properties files, and also show the urls patterns that it found in uriworkermap.properties. IIS log should indicate that IIS got a 200 response code from the isapi_redirect.dll. You can also set the debug level on the connector listening on 8009 in server.xml to 5 to get info that will show that the connector is running. That has never helped me very much though. I found that the book Professional Apache Tomcat had the best description of configuring IIS/Tomcat including very good troubleshooting tips. Have you tried configuring IIS on another machine to talk to Tomcat? You can leave Tomcat on one machine and IIS on another by just changing the worker.host field in workers.properties to be the ip of the machine running Tomcat. Nathan - Original Message - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, July 23, 2003 3:51 PM Subject: IIS and the isapi_redirect.dll Sorry if this was posted twice, my email client was not behaving. Well, here's a topic that has been hashed and rehashed before on this list... unfortunately after countless hours of reading the archives and googling around, I haven't found an answer as to why IIS won't play nice with Tomcat. Here's the skinny: W2k sp3 (5.00.2195) IIS 5 Tomcat 4.1.24 j2sdk 1.4.2 installed isapi_redirect.dll 1.2.4 I have checked the registery settings as well as had coworkers check them multiple times. I have also followed up on the possibility of the corrupted DLL by downloading different versions of the connector on to different servers on my network to no avail. Multiple restarts have also ensued. The error that is being logged in Component Services is your basic The data is the error and the data section of the error window reads: : 02 00 00 00 If anyone has any other possibilities, or has fixed this problem before, any help would be greatly appriciated. For those that are interested, the details on the enviornment are below. Thanks in advance! -s Tomcat install: C:\Tomcat4 \isapi\isapi_redirect.dll \conf\uriworkermap.properties workers.properties \logs Registery: [HKEY_LOCAL_MACHINE\SOFTWARE\Apache Group\Jakarta Isapi Redirector\1.0] extension_uri=/jakarta/isapi_redirect.dll worker_file=c:\Tomcat4\conf\workers.properties worker_mount_file=c:\Tomcat4\conf\uriworkermap.properties log_file=c:\Tomcat4\logs\jk_iis.log log_level=debug @=c:\Tomcat4\isapi\isapi_redirect.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3SVC\Parameters] .. Filter DLLs=C:\Tomcat4\isapi\isapi_redirect.dll .. IIS: site root=C:\Inetpub\wwwroot vdir jakarta=C:\Tomcat4\isapi with read and execute set Permissions: All .properties files, the isapi_redirect.dll, and the folders that house them have modify, read execute, read, write enabled for the everyone group. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Logfile for isapi_redirector2.dll?
Does isapi_redirector2.dll write a log file? If so, where does it put the file? I don't see any registry settings in the documentation that specifies the log file location. Nathan
Re: Logfile for isapi_redirector2.dll?
I appreciate the reply. I've joined this mailing list about a week ago and posted several messages. I've not gotten many replies at all. I guess people are busy and there are a lot of messages to sift through. Nonetheless, I start wondering if I have bad breath, don't know how spell or something if noone even chimes in. I took a look at the souce code for the isapi_redirector2.dll. I can follow it pretty good since I spent 10 years programming in C. I see logging methods (functions in C), but I didn't see where the log file was created or where it was written to. I believe I see where the code specifies the registry enteries that it is looking for and there isn't any for log file. I didn't see the logLevel registry setting specified either which I saw in the jk2 Tomcat docs. I saw some statemens about writing event log statements which led me to check the Windows Application Log. I did find some warning messages written there by the isapi_redirector2.dll. However, I never did get jk2 working. I'll stick with isapi_redirector.dll for now. Nathan - Original Message - From: Januski, Ken [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Thursday, July 24, 2003 5:36 PM Subject: RE: Logfile for isapi_redirector2.dll? Since no one's responded I tried google. Eventually I found this page with the following sample registry entry. I've yet to try it but if it works I'll be very happy. It's about the same as registry entries for isapi_redirect and isapi_redirector. But all examples I've seen for isapi_redirector2.dll have not included a log_file. So I assumed there was a good reason. I guess I'll soon find out. http://www.wbtsystems.com/news/newsletters/july2003 [HKEY_LOCAL_MACHINE\SOFTWARE\Apache Software Foundation\Jakarta Isapi Redirector\2.0] serverRoot=\\tomcat extensionUri=/jakarta/isapi_redirector2.dll log_file=\\tomcat\\logs\\iis_redirect.log logLevel=DEBUG workersFile=\\tomcat\\conf\\workers2.properties -Original Message- From: Januski, Ken [mailto:[EMAIL PROTECTED] Sent: Thursday, July 24, 2003 12:57 PM To: Tomcat Users List Subject: RE: Logfile for isapi_redirector2.dll? I've been meaning to ask this myself ever since I went to isapi_redirector2.dll. It sure would be nice to have a log. -Original Message- From: Nathan Ward [mailto:[EMAIL PROTECTED] Sent: Thursday, July 24, 2003 9:08 AM To: Tomcat Users List Subject: Logfile for isapi_redirector2.dll? Does isapi_redirector2.dll write a log file? If so, where does it put the file? I don't see any registry settings in the documentation that specifies the log file location. Nathan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Controlling access to webapps from ajp13 connector
How can I configure Tomcat to filter requests received via the ajp13 connector on port 8009 based on whether the HTTP Request was received on a secure connection or not? I see the following in the souce code for tomcat4.CoyoteConnector class in the jakarta-tomcat-connector project: /** * Return the port number to which a request should be redirected if * it comes in on a non-SSL port and is subject to a security constraint * with a transport guarantee that requires SSL. */ public int getRedirectPort() { return (this.redirectPort); } That is the kind of thing I believe I need to use. However, I don't yet see any documentation on what other settings are related to this and how to use them. I guess I have to continue reading the source code. Nathan
Where are ISAPI filter registry settings defined?
Hello, Is there any more documentation on the registry settings used by the isapi_redirect.dll than defined in the IIS How-To in the Tomcat documenation? I'd like to configure two web sites defined in the same IIS server to use different instances of the ISAPI redirector plug-in so that each IIS website can access different webapps on the same instance of Tomcat by using different uriworkermap.properties file specified by different woker_file registry string values. Nathan
Re: Where are ISAPI filter registry settings defined?
I'm using Tomcat 4.1.24 and isapi_redirector.dll. Should I be using isapi_redirectory2.dll? I saw something in a book about isapi_redirectory2.dll, but I didn't see it yet in the Tomcat docs. Nathan - Original Message - From: Lior Shliechkorn [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Monday, July 21, 2003 12:36 PM Subject: Re: Where are ISAPI filter registry settings defined? Which Tomcat are you using? isapi_redirect.dll or isapi_redirect2.dll? Nathan Ward [EMAIL PROTECTED] wrote: Hello, Is there any more documentation on the registry settings used by the isapi_redirect.dll than defined in the IIS How-To in the Tomcat documenation? I'd like to configure two web sites defined in the same IIS server to use different instances of the ISAPI redirector plug-in so that each IIS website can access different webapps on the same instance of Tomcat by using different uriworkermap.properties file specified by different woker_file registry string values. Nathan - Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month! - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Where are ISAPI filter registry settings defined?
I would appreciate the documentation. Thanks! I'm going to try configuring both isapi_redirector.dll and isapi_redirector2.dll on the IIS server. Looks like they have different registry key names. So, I can configure each for a different workers file (different name anyway). Then, I specify one of the filters for one of the IIS web sites and the other filter for the other IIS web site in the IIS Management Console. Nathan - Original Message - From: Lior Shliechkorn [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Monday, July 21, 2003 12:41 PM Subject: Re: Where are ISAPI filter registry settings defined? The redirector2.dll file is a new implementation...I was told that it was faster. I have a document you can use if you choose the redirector2.dll file. Let me know. Nathan Ward [EMAIL PROTECTED] wrote:I'm using Tomcat 4.1.24 and isapi_redirector.dll. Should I be using isapi_redirectory2.dll? I saw something in a book about isapi_redirectory2.dll, but I didn't see it yet in the Tomcat docs. Nathan - Original Message - From: Lior Shliechkorn To: Tomcat Users List Sent: Monday, July 21, 2003 12:36 PM Subject: Re: Where are ISAPI filter registry settings defined? Which Tomcat are you using? isapi_redirect.dll or isapi_redirect2.dll? Nathan Ward wrote: Hello, Is there any more documentation on the registry settings used by the isapi_redirect.dll than defined in the IIS How-To in the Tomcat documenation? I'd like to configure two web sites defined in the same IIS server to use different instances of the ISAPI redirector plug-in so that each IIS website can access different webapps on the same instance of Tomcat by using different uriworkermap.properties file specified by different woker_file registry string values. Nathan - Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month! - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month! - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
How to map different webapps to two IIS web sites
Hello, How can I allow one web site managed by IIS to access one webapp on Tomcat and have another web site managed by IIS on the same server (i.e. same instance of IIS) access a different webapp on the same Tomcat instance? I have two webapps running on the same Tomcat server at a client's site. The customer wants both on the Internet accessed via two different web sites defined in IIS. One of the web sites needs to be secure using SSL with a CA certificate and users have to login to it. The other is for public access without a login or secure connections. The customer would like to configure the IIS web site with the certificate and SSL rather than configuring Tomcat as such. They want only the server that is running IIS to be directly on the Internet and they want Tomcat to run on a separate server so that Tomcat doesn't slow down the machine running IIS. As far as I can tell, the IIS plugin for Tomcat (isapi_redirector.dll) is configured via Windows registry settings that allow only one workers.properties file and one uriworkermap.properties per physical server. So, I wonder if this is actually possible. On the other hand, surely I'm not the first to need to configure it like this. I can easily add both uri's to the uriworkermap.properties file, but I believe this makes both uri's accessible to both IIS web sites. Nathan