RE: Tomcat 9 How do you set httpHeaderSecurity properly
Works now, thanks. -Original Message- From: Mark Thomas [mailto:ma...@apache.org] Sent: Monday, November 14, 2016 4:38 PM To: Tomcat Users List Subject: Re: Tomcat 9 How do you set httpHeaderSecurity properly On 14/11/2016 21:32, Dustin Delage wrote: > What's this filter mapping you speak of? https://java.net/downloads/servlet-spec/Final/servlet-3_1-final.pdf The Tomcat docs (and to a lesser extent this list) assume users of Tomcat are familiar with the Servlet specification. While it appears you need to read all of that document fairly soon, chapter 6 should answer your immediate questions. Mark > > -Original Message- > From: Mark Thomas [mailto:ma...@apache.org] > Sent: Monday, November 14, 2016 4:16 PM > To: Tomcat Users List > Subject: Re: Tomcat 9 How do you set httpHeaderSecurity properly > > On 14/11/2016 21:11, Dustin Delage wrote: >> Trying to enable some header filters in web.xml and NOT having any >> luck. I pretty much had to guess how to do this and my config looks >> like >> this: >> >> >> httpHeaderSecurity >> >> org.apache.catalina.filters.HttpHeaderSecurityFilter> i >> lter >> -class> >> >> >> blockContentTypeSniffingEnabled >> true >> > Not necessary - that is the default. > > >> >> >> antiClickJackingEnabled >> true >> > Not necessary - that is the default. > > >> >> >> antiClickJackingOption >> SAMEORIGIN >> > This one you will need. > > >> >> >> xssProtectionEnabled >> true >> >> true > Not necessary - that is the default. > > >> > > And the filter mapping? > > Mark > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Tomcat 9 How do you set httpHeaderSecurity properly
Thanks -Original Message- From: Mark Thomas [mailto:ma...@apache.org] Sent: Monday, November 14, 2016 4:38 PM To: Tomcat Users List Subject: Re: Tomcat 9 How do you set httpHeaderSecurity properly On 14/11/2016 21:32, Dustin Delage wrote: > What's this filter mapping you speak of? https://java.net/downloads/servlet-spec/Final/servlet-3_1-final.pdf The Tomcat docs (and to a lesser extent this list) assume users of Tomcat are familiar with the Servlet specification. While it appears you need to read all of that document fairly soon, chapter 6 should answer your immediate questions. Mark > > -Original Message- > From: Mark Thomas [mailto:ma...@apache.org] > Sent: Monday, November 14, 2016 4:16 PM > To: Tomcat Users List > Subject: Re: Tomcat 9 How do you set httpHeaderSecurity properly > > On 14/11/2016 21:11, Dustin Delage wrote: >> Trying to enable some header filters in web.xml and NOT having any >> luck. I pretty much had to guess how to do this and my config looks >> like >> this: >> >> >> httpHeaderSecurity >> >> org.apache.catalina.filters.HttpHeaderSecurityFilter> i >> lter >> -class> >> >> >> blockContentTypeSniffingEnabled >> true >> > Not necessary - that is the default. > > >> >> >> antiClickJackingEnabled >> true >> > Not necessary - that is the default. > > >> >> >> antiClickJackingOption >> SAMEORIGIN >> > This one you will need. > > >> >> >> xssProtectionEnabled >> true >> >> true > Not necessary - that is the default. > > >> > > And the filter mapping? > > Mark > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Tomcat 9 How do you set httpHeaderSecurity properly
What's this filter mapping you speak of? -Original Message- From: Mark Thomas [mailto:ma...@apache.org] Sent: Monday, November 14, 2016 4:16 PM To: Tomcat Users List Subject: Re: Tomcat 9 How do you set httpHeaderSecurity properly On 14/11/2016 21:11, Dustin Delage wrote: > Trying to enable some header filters in web.xml and NOT having any > luck. I pretty much had to guess how to do this and my config looks like > this: > > > httpHeaderSecurity > > org.apache.catalina.filters.HttpHeaderSecurityFilter lter > -class> > > > blockContentTypeSniffingEnabled > true > Not necessary - that is the default. > > > antiClickJackingEnabled > true > Not necessary - that is the default. > > > antiClickJackingOption > SAMEORIGIN > This one you will need. > > > xssProtectionEnabled > true > > true Not necessary - that is the default. > And the filter mapping? Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Tomcat 9 How do you set httpHeaderSecurity properly
Trying to enable some header filters in web.xml and NOT having any luck. I pretty much had to guess how to do this and my config looks like this: httpHeaderSecurity org.apache.catalina.filters.HttpHeaderSecurityFilter blockContentTypeSniffingEnabled true antiClickJackingEnabled true antiClickJackingOption SAMEORIGIN xssProtectionEnabled true true Thank You, Dustin Delage - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Tomcat 9 exe, High CPU usage due to TCP I/O with itself
Looks like the app is now slated for redevelopment. Thanks everyone. -Original Message- From: Mark Thomas [mailto:ma...@apache.org] Sent: Thursday, October 27, 2016 4:48 AM To: Tomcat Users List Subject: Re: Tomcat 9 exe, High CPU usage due to TCP I/O with itself On 26/10/2016 18:07, Dustin Delage wrote: > Tomcat 9, running on Windows Server 2008, runs the CPU at 79% - 90% > continuously. The only activity is tomcat spamming itself with TCP > traffic. Same proc ID, out one port, to another port back to itself. Tomcat doesn't do that. That looks more likely to be an app issue. A series of thread dumps (3 thread dumps, 10 seconds apart) should provide some pointers as to what is going on. A profiler (e.g. YourKit) would be better. Mark > > A small sample from Process Monitor: > > ## > > ## > > ## > 10:16:04.7458125 AM Tomcat9.exe 1932TCP Receive > 7f00:1::d880:fe03:80fa::49199 -> > 7f00:1:::::::49198SUCCESS Length: 1, seqnum: > 0, connid: 0 > 10:16:04.7458374 AM Tomcat9.exe 1932TCP Send > Sage-Web03.sage.local:49198 -> Sage-Web03.sage.local:49199SUCCESS > Length: 1, startime: 12341635, endtime: 12341635, seqnum: 0, connid: 0 > 10:16:04.7458805 AM Tomcat9.exe 1932TCP Receive > 7f00:1::d880:fe03:80fa::49197 -> > 7f00:1:::::::49196SUCCESS Length: 1, seqnum: > 0, connid: 0 > 10:16:04.7458972 AM Tomcat9.exe 1932TCP Send > Sage-Web03.sage.local:49196 -> Sage-Web03.sage.local:49197SUCCESS > Length: 1, startime: 12341635, endtime: 12341635, seqnum: 0, connid: 0 > 10:16:04.7459244 AM Tomcat9.exe 1932TCP Receive > 7f00:1::d880:fe03:80fa::49197 -> > 7f00:1:::::::49196SUCCESS Length: 1, seqnum: > 0, connid: 0 > 10:16:04.7459507 AM Tomcat9.exe 1932TCP Send > Sage-Web03.sage.local:49196 -> Sage-Web03.sage.local:49197SUCCESS > Length: 1, startime: 12341635, endtime: 12341635, seqnum: 0, connid: 0 > ## > > ## > > ### > > Attaching an image of my findings as well > > Thank You, > > D Delage > > > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Tomcat 9 exe, High CPU usage due to TCP I/O with itself
Unfortunately my knowledge of Tomcat and Java apps is limited to basic sys admin stuff. I've made the suggestion to the developer to Profile the app. I'm sure this will reveal the problem. I might make an attempt as well. -Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Thursday, October 27, 2016 12:03 PM To: Tomcat Users List Subject: Re: Tomcat 9 exe, High CPU usage due to TCP I/O with itself -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Mark, On 10/27/16 4:47 AM, Mark Thomas wrote: > On 26/10/2016 18:07, Dustin Delage wrote: >> Tomcat 9, running on Windows Server 2008, runs the CPU at 79% - 90% >> continuously. The only activity is tomcat spamming itself with TCP >> traffic. Same proc ID, out one port, to another port back to itself. > > Tomcat doesn't do that. That looks more likely to be an app issue. > > A series of thread dumps (3 thread dumps, 10 seconds apart) should > provide some pointers as to what is going on. A profiler (e.g. > YourKit) would be better. Tomcat9.exe should be the monitor (procrun), not anything hosting an application, right? - -chris >> A small sample from Process Monitor: >> >> # # >> >> ## >> ## 10:16:04.7458125 AM Tomcat9.exe 1932TCP >> Receive 7f00:1::d880:fe03:80fa::49199 -> >> 7f00:1:::::::49198 SUCCESS Length: 1, >> seqnum: 0, connid: 0 10:16:04.7458374 AM Tomcat9.exe 1932TCP >> Send Sage-Web03.sage.local:49198 -> Sage-Web03.sage.local:49199 >> SUCCESS Length: 1, startime: 12341635, endtime: 12341635, seqnum: >> 0, connid: 0 10:16:04.7458805 AM Tomcat9.exe 1932TCP Receive >> 7f00:1::d880:fe03:80fa::49197 -> >> 7f00:1:::::::49196 SUCCESS Length: 1, >> seqnum: 0, connid: 0 10:16:04.7458972 AM Tomcat9.exe 1932TCP >> Send Sage-Web03.sage.local:49196 -> Sage-Web03.sage.local:49197 >> SUCCESS Length: 1, startime: 12341635, endtime: 12341635, seqnum: >> 0, connid: 0 10:16:04.7459244 AM Tomcat9.exe 1932TCP Receive >> 7f00:1::d880:fe03:80fa::49197 -> >> 7f00:1:::::::49196 SUCCESS Length: 1, >> seqnum: 0, connid: 0 10:16:04.7459507 AM Tomcat9.exe 1932TCP >> Send Sage-Web03.sage.local:49196 -> Sage-Web03.sage.local:49197 >> SUCCESS Length: 1, startime: 12341635, endtime: 12341635, seqnum: >> 0, connid: 0 >> # # >> >> ## >> ### >> >> Attaching an image of my findings as well >> >> Thank You, >> >> D Delage >> >> >> >> >> - >> >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> > > > - > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJYEiUyAAoJEBzwKT+lPKRY92oP/jYekQFTj5HaiQsmsQaaWgg+ eGmookPwRATKubROIedjzQA9Y62Y1PL0udQpk5xnEReQ5ISxbUs+OGJtPQippC85 VxILggVIA2ZHuPVd2qEhj1cBb5ppB9n1SsRBFRHU+Y7rdJGp8goIMBZzs1CytR/M vK7xkyDtXzLinerMGj4k/82KnTfCo6nwf+z7Np03Np2doWXYYcZmJO3yo3N/v4lm arp1MEHf1qSutd12ga3MeMXwt8e3WZaK5M1gFL7h7CMclIbgUBz0vGtZ7VYYCB7g qVCzwQi64Jt7HADwllKKLmPC/N3lA3zTQvp/o1z8qsDSYPtbaZNSKNnSoqb4uzx/ 8Z59Y3HZEQudT8gV2GwNzULmGh6Clcn3ECQaUxnK81YZFz0YluO8QbKTMuRM18pb mr8UH/JoPO3PUaBsDvWo95KUZw8m1+YPhvtMCi0r2NTD7j+Klr3r9cHubAHq21Hi VfsGXHm1Pv7vaYVx4za9bREtxEtQZWkQOsjrviYX9lH5n2Ad8QwWOd0fI4HrLBhM 3i/zE7VSOLnCpCZwQ0Dpx7inzVIuXQzmvecdSS6MsuPea3uzNqgSbKoct0A28tTU Em1dBwPuyeHVISnxBtTYufJOeBSBEq/sFW5385QftHLQgwfH4aVouix9U6pLfAF0 +ptjg7u5okrPzuh+6RTx =laEe -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Tomcat 9 exe, High CPU usage due to TCP I/O with itself
Tomcat 9, running on Windows Server 2008, runs the CPU at 79% - 90% continuously. The only activity is tomcat spamming itself with TCP traffic. Same proc ID, out one port, to another port back to itself. A small sample from Process Monitor: ## ## ## 10:16:04.7458125 AM Tomcat9.exe 1932TCP Receive 7f00:1::d880:fe03:80fa::49199 -> 7f00:1:::::::49198 SUCCESS Length: 1, seqnum: 0, connid: 0 10:16:04.7458374 AM Tomcat9.exe 1932TCP Send Sage-Web03.sage.local:49198 -> Sage-Web03.sage.local:49199 SUCCESS Length: 1, startime: 12341635, endtime: 12341635, seqnum: 0, connid: 0 10:16:04.7458805 AM Tomcat9.exe 1932TCP Receive 7f00:1::d880:fe03:80fa::49197 -> 7f00:1:::::::49196 SUCCESS Length: 1, seqnum: 0, connid: 0 10:16:04.7458972 AM Tomcat9.exe 1932TCP Send Sage-Web03.sage.local:49196 -> Sage-Web03.sage.local:49197 SUCCESS Length: 1, startime: 12341635, endtime: 12341635, seqnum: 0, connid: 0 10:16:04.7459244 AM Tomcat9.exe 1932TCP Receive 7f00:1::d880:fe03:80fa::49197 -> 7f00:1:::::::49196 SUCCESS Length: 1, seqnum: 0, connid: 0 10:16:04.7459507 AM Tomcat9.exe 1932TCP Send Sage-Web03.sage.local:49196 -> Sage-Web03.sage.local:49197 SUCCESS Length: 1, startime: 12341635, endtime: 12341635, seqnum: 0, connid: 0 ## ## ### Attaching an image of my findings as well Thank You, D Delage - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
