Re: Regarding Tomcat url redirection

Lavanya, On 5/9/24 02:58, lavanya tech wrote: Just giving background again of this topic again. 1) The application team who is working they wanted to access the url https://server.lbg.com:8443/towl —> which should redirect or point to https://example.lbg.com Is that a typo? You want

Re: FileUpload class not working with Tomcat 10.1

> On May 9, 2024, at 01:25, Mark Foley wrote: > >> Does the JSP need to reference the "program" (servlet?) at all? > The program, as shown above didn'twork at all until I put that servlet > definition on WEB-INF/web.xml, so I suppose the answer is "yes". As to why, I > have not a clue. A

Re: Regarding Tomcat url redirection

Hi Chris, Thanks. Just giving background again of this topic again. 1) The application team who is working they wanted to access the url https://server.lbg.com:8443/towl —> which should redirect or point to https://example.lbg.com Is that a typo? You want specifically

Re: FileUpload class not working with Tomcat 10.1

On 5/7/2024 4:52 PM, Christopher Schultz wrote: Mark, On 5/3/24 12:16, Mark Foley wrote: On 4/23/24 18:44, Chuck Caldarale wrote:    uploadfile    uploadfile /schDistImportResults.jsp The first servlet is named “uploadfile”. On Apr 23, 2024, at 12:42, Mark Foley  wrote: Now I

Re: Regarding Tomcat url redirection

Lavanya, On 5/8/24 06:48, lavanya tech wrote: I figured out how I can it make it work with 443. Now the URls are working. I added iptables route 443 to 8443 and it started working. nslookup example.lbg.com Non-authoritative answer: Name:server.lbg.com Address: 192.168.200.105 Aliases:

Re: Regarding Tomcat url redirection

Hello Chris, I figured out how I can it make it work with 443. Now the URls are working. I added iptables route 443 to 8443 and it started working. nslookup example.lbg.com Non-authoritative answer: Name:server.lbg.com Address: 192.168.200.105 Aliases: example.lbg.com I have some

Re: [EXTERNAL] RE: After Windows Server Restart, tomcat generating New JSESSIONID even with <%@ page session="false" %>

Joey, On 5/7/24 10:50, Joey Cochran wrote: Coud this be the culprit ? ${CATALINA_BASE}/conf/context.xml Possible, but the report was that every single request generates a new JSESSIONID, not that every session seems to have expired and needs to be re-initialized.

Re: FileUpload class not working with Tomcat 10.1

Mark, On 5/3/24 12:16, Mark Foley wrote: On 4/23/24 18:44, Chuck Caldarale wrote:    uploadfile    uploadfile    /schDistImportResults.jsp The first servlet is named “uploadfile”. On Apr 23, 2024, at 12:42, Mark Foley  wrote: Now I need to add another program to the system that

[ANN] Apache Tomcat 9.0.89 available

The Apache Tomcat team announces the immediate availability of Apache Tomcat 9.0.89. Apache Tomcat 9 is an open source software implementation of the Java Servlet, JavaServer Pages, Java Unified Expression Language, Java WebSocket and JASPIC technologies. Apache Tomcat 9.0.89 is a bugfix and

Re: [EXTERNAL] RE: After Windows Server Restart, tomcat generating New JSESSIONID even with <%@ page session="false" %>

Coud this be the culprit ? ${CATALINA_BASE}/conf/context.xml From: Hamdan Khan Sent: Tuesday, May 7, 2024 9:09 AM To: users@tomcat.apache.org Subject: [EXTERNAL] RE: After Windows Server Restart, tomcat generating New JSESSIONID even with

RE: After Windows Server Restart, tomcat generating New JSESSIONID even with <%@ page session="false" %>

Thank you Mark, We have har files when the server is in error state, it shows that the jsessionid is sent in request. *Is there a reverse proxy in the mix?* No. we directly access tomcat. *Are you using sessions at all* Yes, we are using the default tomcat session in debugger it says

Re: SPNEGO GSSCaller {UNKNOWN} No Delegated Creds

We need to split between constrained and unconstrained delegation. Let's stay with uncontrained, simplest one. For that to happen you need: * Enable it for the service account (acceptor side) * Set the delegate flag (also there is a policy) on the security context (initiator side) Try again.

Re: After Windows Server Restart, tomcat generating New JSESSIONID even with <%@ page session="false" %>

On 06/05/2024 11:05, Hamdan Khan wrote: Hello everyone, We're having a problem with Tomcat on Windows servers. It only happens when: Tomcat is running as a service (automatically started by Windows). The Windows server automatically restarts for updates. After the restart, Tomcat starts

After Windows Server Restart, tomcat generating New JSESSIONID even with <%@ page session="false" %>

Hello everyone, We're having a problem with Tomcat on Windows servers. It only happens when: Tomcat is running as a service (automatically started by Windows). The Windows server automatically restarts for updates. After the restart, Tomcat starts creating new session IDs for every request, even

Re: FileUpload class not working with Tomcat 10.1

On 4/23/24 18:44, Chuck Caldarale wrote: uploadfile uploadfile /schDistImportResults.jsp The first servlet is named “uploadfile”. On Apr 23, 2024, at 12:42, Mark Foley wrote: Now I need to add another program to the system that does file uploads. I created another

Re: SPNEGO GSSCaller {UNKNOWN} No Delegated Creds

Thanks for the reply Michael, I'm trying to achieve retrieving delegated credentials. I'm confused by the debug output because I'm being told that authentication succeeded but no indication of why I'm not receiving delegated credentials other than there are none.I have looked over the delegation

Re: Package URLs for Apache Tomcat distributions

Hi, I think in the end it boils down to something very simple (and probably very complicated from another perpsective ): Can the id of a piece of software be used to find vulnerabilities? In the context of this mailing list and the example you brought up with defaulting to pkg:maven, the

Re: Package URLs for Apache Tomcat distributions

Just as an FYI that we established an official TG (Task Group) for PURL in yesterdays Ecma TC54 (CycloneDX) meeting: https://docs.google.com/document/d/1BkBd4PRhpP_u1WO_GueYB89vehT_HPKgFMMfbTuKWV4/edit#heading=h.si64e7edhupe This will take a bit to get set up but this may be something some people

Re: Package URLs for Apache Tomcat distributions

Thanks for bringing this up! The topic of software (artifact) identification is indeed a tricky one. CPEs have long been the main contender, but are not great for the SBOM (and 'vulnerability scanning' based on SBOMs) use case because CPE allocations need through the NVD CPE team, and generally

Re: SPNEGO GSSCaller {UNKNOWN} No Delegated Creds

On 2024/05/02 19:20:59 Tom Delaney wrote: > Hi All, > > Sorry for the duplicate requests. The first one was accidentally flagged > for Google's new Confidential Mode which happened to be flagged. > I have a red hat 9.2 server hosting a web application on a single instance > of Apache Tomcat. This

SPNEGO GSSCaller {UNKNOWN} No Delegated Creds

Hi All, Sorry for the duplicate requests. The first one was accidentally flagged for Google's new Confidential Mode which happened to be flagged. I have a red hat 9.2 server hosting a web application on a single instance of Apache Tomcat. This instance is behind an apache HTTP server on version

Re: SPNEGO GSSCaller {UNKNOWN} No Delegated Creds

Tom Delaney has sent you an email via Gmail confidential mode: [image: Gmail logo]Re: SPNEGO GSSCaller {UNKNOWN} No Delegated Creds

Re: missing headers

On 02/05/2024 06:15, Piyush Sharma wrote: Hi, How to forward custom headers from frontend tomcat to backend tomcat witn mod_jk? When using mod_jk the front end is always httpd, not Tomcat. You don't need to do anything. mod_jk passes all the http headers it receives. *Scenario :* 1.

missing headers

Hi, How to forward custom headers from frontend tomcat to backend tomcat witn mod_jk? *Scenario :* 1. APP1 : Apache (mod_jk) + Tomcat 2. APP2 : Apache (mod_jk) + Tomcat Now, when a user accesses APP1 it add fews headers via SSO app user details etc.. I can see in Tomcat logs as by adding

SPNEGO GSSCaller {UNKNOWN} No Delegated Creds

Tom Delaney has sent you an email via Gmail confidential mode: [image: Gmail logo]SPNEGO GSSCaller {UNKNOWN} No Delegated Creds

Re: Monitoring and Tuning Tomcat

Mark and Jerry, On 5/1/24 04:00, Mark Thomas wrote: On 30/04/2024 21:24, Jerry Malcolm wrote: I'm trying to optimize my instance, CPU, tuning, and size requirements for Tomcat.  It's easy to see CPU usage.  But this TC instance is running a lot of microservices that are often in and out

Re: Monitoring and Tuning Tomcat

On 30/04/2024 21:24, Jerry Malcolm wrote: I'm trying to optimize my instance, CPU, tuning, and size requirements for Tomcat.  It's easy to see CPU usage.  But this TC instance is running a lot of microservices that are often in and out fairly quickly.  So there can be a huge number of requests

Re: Disabling OPTIONS HTTP method with * path

On 30/04/2024 19:56, Oleg Frenkel wrote: This issue exists in 9.0.88 and 10.1.23. I am looking to disable the following HTTP request (note 'OPTIONS *' in the request): Why? Please confirm if this is a bug in Tomcat or if I am missing something in Tomcat configuration. Neither. Tomcat is

Monitoring and Tuning Tomcat

I'm trying to optimize my instance, CPU, tuning, and size requirements for Tomcat.  It's easy to see CPU usage.  But this TC instance is running a lot of microservices that are often in and out fairly quickly.  So there can be a huge number of requests coming in.  I'm not sure that CPU

Re: [EXTERNAL] Disabling OPTIONS HTTP method with * path

From: Oleg Frenkel Sent: Tuesday, April 30, 2024 1:56 PM To: users@tomcat.apache.org Subject: [EXTERNAL] Disabling OPTIONS HTTP method with * path This issue exists in 9.0.88 and 10.1.23. I am looking to disable the following HTTP request (note 'OPTIONS *' in the request): $ curl -v

Disabling OPTIONS HTTP method with * path

This issue exists in 9.0.88 and 10.1.23. I am looking to disable the following HTTP request (note 'OPTIONS *' in the request): $ curl -v --request-target "*" -X OPTIONS http://: * Rebuilt URL to: :/ * Trying ... *

Re: Regarding Tomcat url redirection

Lavanya, On 4/30/24 07:10, lavanya tech wrote: Can you tell me how to do the below ? How should I setup Tomcat in server.xml ? If you want to use port 443 (the default port for HTTPS) then you will need to change Tomcat to bind to port 443 (if that's allowed on your OS) or arrange to have

Re: Regarding Tomcat url redirection

Hi Chris, Can you tell me how to do the below ? How should I setup Tomcat in server.xml ? If you want to use port 443 (the default port for HTTPS) then you will need to change Tomcat to bind to port 443 (if that's allowed on your OS) or arrange to have port 443 routed to port 8443. You may need

Re: Tomcat closes connections on unexpected status codes

Chris, On Fri, Apr 19, 2024 at 4:40 AM Christopher Schultz wrote: > > Pawel, > > On 4/18/24 20:21, Pawel Veselov wrote: > >> On 18/04/2024 15:18, Stefan Ansing wrote: > >>> Hi Rémy, Mark, > >>> I just want to make sure that we’re understanding each other. I can see > >>> that the connection

Re: Regarding Tomcat url redirection

Hi Chris, There is no issues with browser, because I tested with different browsers and it all works fine. I am sure that there is no issue with the certificate. Because I was able to establish successful connections with port 8443, it just doesnot work with out port curl

Re: Regarding Tomcat url redirection

Lavanya, On 4/25/24 09:36, lavanya tech wrote: I have updated the certificate now, but still I cannot access url https://example.lbg.com/towl either https://server.lbg.com/towl ? I wonder why its working with port 8443 and not with out port If Tomcat is listening to port 8443, then you need

Re: Regarding Tomcat url redirection

Lavanya, On 4/25/24 07:24, lavanya tech wrote: Hi Chris, One question / doubt: As I mentioned earlier, the below URLS already working in the browser https://server.lbg.com:8443/towl https://example.lbg.com:8443/towl -> redirect ( which means when I hit in browser) it points to

Re: Regarding Tomcat url redirection

Hi I have updated the certificate now, but still I cannot access url https://example.lbg.com/towl either https://server.lbg.com/towl ? I wonder why its working with port 8443 and not with out port On Thu, Apr 25, 2024 at 1:24 PM lavanya tech wrote: > Hi Chris, > > One question / doubt: > >

Re: Regarding Tomcat url redirection

Hi Chris, One question / doubt: As I mentioned earlier, the below URLS already working in the browser > https://server.lbg.com:8443/towl > https://example.lbg.com:8443/towl -> redirect ( which means when I hit in browser) it points to https://server.lbg.com:8443/towl ---> To be frank, even I

Re: Regarding Tomcat url redirection

Hi Chris, Thanks I will request new certificate with SANs and I will try to fix the things from our end. Best Regards, Lavanya On Wed, Apr 24, 2024 at 11:12 PM Christopher Schultz < ch...@christopherschultz.net> wrote: > Lavanya, > > On 4/24/24 15:39, lavanya tech wrote: > > Local host means

Re: Regarding Tomcat url redirection

Lavanya, On 4/24/24 15:39, lavanya tech wrote: Local host means the machine i am logged in to server.lbg.com You are right, example.lbg.com is CNAME record. Okay, thanks for clearing that up. I dont have any SAN configured for the certificate. The certificate is requested for only

Re: Tomcat closes connections on unexpected status codes

> Assuming it's easy for Tomcat to differentiate between errors generated My PR was based on the assumption that it is easy, since Tomcat always invokes this method[1] if it's a badRequest. [1]

Re: Regarding Tomcat url redirection

Hi Chris, Thanks for the reply. Local host means the machine i am logged in to server.lbg.com You are right, example.lbg.com is CNAME record. I dont have any SAN configured for the certificate. The certificate is requested for only server.lbg.com So if i just request new certificate with SAN

Re: Tomcat closes connections on unexpected status codes

Stefan, On 4/24/24 13:58, Stefan Ansing wrote: Op do 18 apr 2024 om 17:42 schreef Mark Thomas : On 18/04/2024 15:18, Stefan Ansing wrote: Hi Rémy, Mark, I just want to make sure that we’re understanding each other. I can see that the connection needs to be closed in certain conditions to

Re: Tomcat closes connections on unexpected status codes

Op do 18 apr 2024 om 17:42 schreef Mark Thomas : > On 18/04/2024 15:18, Stefan Ansing wrote: > > Hi Rémy, Mark, > > > > > > > > I just want to make sure that we’re understanding each other. I can see > > that the connection needs to be closed in certain conditions to prevent > > request smuggling

Re: Regarding Tomcat url redirection

Lavanya, On 4/24/24 07:37, lavanya tech wrote: Sorry I understood wrongly here with regards to my environment, Let me start from the beginning. I donot want to use redirect at all. I simply wanted to force apache tomcat to use both localhost and dns name of the localhost via url. When you say

Re: allow symlink tomcat 9

Thanks. it works fine. G On 24/04/24 12:27, Holger Klawitter wrote: A plain should suffice. Giacomo Morri wrote (at 2024-04-24 12:03 +0200): Hi Holger, thanks for your reply. consider that the symlink is /MTF/Content -> /realt/path/, how can i set the Resource element for that path?

Re: Regarding Tomcat url redirection

Hi Chris, Sorry I understood wrongly here with regards to my environment, Let me start from the beginning. I donot want to use redirect at all. I simply wanted to force apache tomcat to use both localhost and dns name of the localhost via url. I have DNS resollution as below. server.lbg.com -->

Re: allow symlink tomcat 9

A plain should suffice. Giacomo Morri wrote (at 2024-04-24 12:03 +0200): > Hi Holger, thanks for your reply. > > consider that the symlink is /MTF/Content -> /realt/path/, how can i set the > Resource element for that path? > > Regards, > > Giacomo > > > > On 24/04/24 11:55, Holger Klawitter

Re: allow symlink tomcat 9

Hi Holger, thanks for your reply. consider that the symlink is /MTF/Content -> /realt/path/, how can i set the Resource element for that path? Regards, Giacomo On 24/04/24 11:55, Holger Klawitter wrote: Hi, allowLinking goes into a Resource Element inside Context, not into Context

Re: allow symlink tomcat 9

Hi, allowLinking goes into a Resource Element inside Context, not into Context itself. This changed in Tomcat 8.0 IIRC. Giacomo Morri wrote (at 2024-04-24 11:42 +0200): > Hi, i have a servlet for uploading files inside a path that contains a > symbolic link, the upload works fine with tomcat 7

allow symlink tomcat 9

Hi, i have a servlet for uploading files inside a path that contains a symbolic link, the upload works fine with tomcat 7 but after upgrading it to tomcat 9 the servlet give me a java.lang.NullPointerException at java.io.File.. I tried setting the allowLinking param to true for the context in

Re: FileUpload class not working with Tomcat 10.1

>>> >>> uploadfile >>> >>> >>> uploadfile >>> /schDistImportResults.jsp >>> The first servlet is named “uploadfile”. > On Apr 23, 2024, at 12:42, Mark Foley wrote: > > Now I need to add another program to the system that does file uploads. I > created another definition in

Re: Installation on Win 10 failure.

Hello, A few things. 1. Are you really coming from Tomcat 4.04? 2. Are you really using Java 18? It's basically dead. Use Java 17 or 21, which are both Long Term Support (LTS) versions, especially if you are only going to upgrade once every 20 years. 3. You should not have CLASSPATH set.

Re: AW: FileUpload class not working with Tomcat 10.1

Mark, On 4/23/24 13:42, Mark Foley wrote: I'm back with a related issue. I was able to get the java class jakarta.servlet.annotation.MultipartConfig working back last November by adding the definition shown in the included message below to my WEB-INF/web.xml file. Now I need to add another

Re: Regarding Tomcat url redirection

Lavanya, On 4/22/24 05:21, lavanya tech wrote: Could you please explain, what you exactly mean ? So here redirect is not a solution right ? Redirecting is fine. Perhaps you should take a step back and decide: what do you actually want, here? You might be trying to solve problem X by

Re: Installation on Win 10 failure.

Thanks for the advice!Did two runs: regular cmd and one with admin privileges::The cmd window looks good: C:\tomcat8\bin>startupUsing CATALINA_BASE:   "C:\tomcat8"Using CATALINA_HOME:    "C:\tomcat8"Using CATALINA_TMPDIR: "C:\tomcat8\temp"Using JRE_HOME:        "C:\Program

Re: Tomcat closes connections on unexpected status codes

Any chance someone took a look at the PR? Do you guys think this is a viable solution? On Sun, Apr 21, 2024 at 12:54 PM Adwait Kumar Singh wrote: > https://github.com/apache/tomcat/pull/723 is a draft PR of the idea I was > talking about earlier, i.e close the connection on a bad request but >

Re: AW: FileUpload class not working with Tomcat 10.1

I'm back with a related issue. I was able to get the java class jakarta.servlet.annotation.MultipartConfig working back last November by adding the definition shown in the included message below to my WEB-INF/web.xml file. Now I need to add another program to the system that does file uploads.

RE: [EXT]Re: [EXT]Re: [EXT]Re: Tomcat 10 skipping state transfer. No members active in cluster group

Chuck, to get rid of the warnings... 3-Apr-2024 08:30:22.970 WARNING [Tribes-Task-Receiver[station-Channel]-1] org.apache.catalina.ha.session.ClusterSessionListener.messageReceived Context manager doesn't exist:[##0001] I moved my Manager element form the server.xml to the context.xml

RE: [EXT]Re: [EXT]Re: [EXT]Re: Tomcat 10 skipping state transfer. No members active in cluster group

Your suggestion worked Chuck, Thank you! I now see this in cat log.. 23-Apr-2024 08:30:10.969 INFO [Catalina-utility-1] org.apache.catalina.ha.tcp.SimpleTcpCluster.memberAdded Replication member added:[org.apache.catalina.tribes.membership.MemberImpl[tcp://{192, 168, 47, 157}:4001,{192,

Re: Installation on Win 10 failure.

On 23/04/2024 03:31, DdC wrote: I have installed tomcat originally with version 4.04 on winxp andlater on win7, ubuntu, and another linux box - many times by now.Trouble now with win10 and version 9.0.88.Yes, there is a jdk, CLASSPATH is set, j2ee.jar is in lib.Running in a cmd window

Re: Installation on Win 10 failure.

ack. I meant fire off under Eclipse, not tomcat. if that helps On Mon, Apr 22, 2024 at 9:03 PM Stephanie Panah wrote: > > Perhaps I am misunderstanding, but if not, I had something similar. > be sure that tomcat is not running under Services. > then fire it off under tomcat. > and, of

Re: Installation on Win 10 failure.

Perhaps I am misunderstanding, but if not, I had something similar. be sure that tomcat is not running under Services. then fire it off under tomcat. and, of course, I may have just said nonsense. On Mon, Apr 22, 2024 at 7:33 PM DdC wrote: > > I have installed tomcat originally with version

Installation on Win 10 failure.

I have installed tomcat originally with version 4.04 on winxp andlater on win7, ubuntu, and another linux box - many times by now.Trouble now with win10 and version 9.0.88.Yes, there is a jdk, CLASSPATH is set, j2ee.jar is in lib.Running in a cmd window with bin startup triggers another cmd

Re: [EXT]Re: [EXT]Re: Tomcat 10 skipping state transfer. No members active in cluster group

> On Apr 22, 2024, at 18:48, Rick Noel wrote: > > So you mean we use the VM's IP as the address value below > Instead or using the value of auto ? > > address="auto" >port="4001" > autoBind="100" >

Re: Tomcat log warnings for connection parameter limits?

Thanks, Mark. Submitted < https://bz.apache.org/bugzilla/show_bug.cgi?id=68934> On Tue, Apr 16, 2024 at 4:44 AM Mark Thomas wrote: > It would be worth creating an enhancement request for this in Bugzilla > to ensure the request doesn't get forgotten about. > > Mark > > > On 16/04/2024 01:06,

RE: [EXT]Re: [EXT]Re: Tomcat 10 skipping state transfer. No members active in cluster group

Chuck, So you mean we use the VM's IP as the address value below Instead or using the value of auto ? Rick Noel Systems Programmer | Westwood One rn...@westwoodone.com -Original Message- From: Chuck Caldarale Sent: Monday, April 22, 2024 6:20 PM To: Tomcat Users List

Re: [EXT]Re: Tomcat 10 skipping state transfer. No members active in cluster group

> On Apr 22, 2024, at 16:33, Rick Noel wrote: > > Tomcats are two different VMs Which explains why they can’t talk to each other over 127.0.0.1. > What do you mean each containers published IP Each VM or container will have an assigned, individual IP address so it can communicate with

RE: [EXT]Re: Tomcat 10 skipping state transfer. No members active in cluster group

Rick Noel Systems Programmer | Westwood One rn...@westwoodone.com -Original Message- From: Chuck Caldarale Sent: Monday, April 22, 2024 4:41 PM To: Tomcat Users List Subject: [EXT]Re: Tomcat 10 skipping state transfer. No members active in cluster group > On Apr 22, 2024, at

Re: Tomcat 10 skipping state transfer. No members active in cluster group

> On Apr 22, 2024, at 09:54, Rick Noel wrote: > > Could someone please explain why I am getting the error > > skipping state transfer. No members active in cluster group Need a bit more information. > On one sever the reciever is bound to >

Re: Tomcat 10 skipping state transfer. No members active in cluster group

Would you please take me off of this list On Mon, Apr 22, 2024 at 9:01 AM Rick Noel wrote: > Hello, > > Could someone please explain why I am getting the error > > skipping state transfer. No members active in cluster group > > On one sever the reciever is bound to >

Tomcat 10 skipping state transfer. No members active in cluster group

Hello, Could someone please explain why I am getting the error skipping state transfer. No members active in cluster group On one sever the reciever is bound to 127.0.0.1:4002 And on the other server the receiver is bound to 127.0.0.1:4001 But both

Re: Regarding Tomcat url redirection

Hi Chris, I have already a Root folder /git/app/apache-tomcat-10.1.11/webapps, I see the files index.jsp and index.jsp has below configuration. So should I add server.xml under ROOT folder aswell with localhost and example.com such that both the urls are accessible. ? Please suggest <%

Re: Regarding Tomcat url redirection

Hi Chris, Could you please explain, what you exactly mean ? So here redirect is not a solution right ? "You'd have to use a glob/regex if you wanted to check for [anything and maybe nothing.]example.com." Thanks, ammu On Fri, Apr 19, 2024 at 3:03 PM Christopher Schultz <

Re: Tomcat closes connections on unexpected status codes

https://github.com/apache/tomcat/pull/723 is a draft PR of the idea I was talking about earlier, i.e close the connection on a bad request but otherwise allow it to be configurable by the user. Currently you need to subclass Http11Processor and override statusDropsConnections, but this is just to

Re: Regarding Tomcat url redirection

Ammu, On 4/19/24 08:32, lavanya tech wrote: Thank you very much. I removed for example.com as well as adding an in server.xml I copied context.xml file /git/app/apache-tomcat-10.1.11/webapps/towl/META-INF/context.xml Removed < in rewrite.config files. But still I dont redirect the URL. If

Re: Tomcat closes connections on unexpected status codes

Harri, On 4/19/24 08:10, Harri Pesonen wrote: I have developed a restful web service, which uses HTTP response codes 200 OK, 201 Created, 204 No Content and 404 Not Found. It does not use 400 Bad Request or 500 Internal Server Error normally. 400 Bad Request is more common than 500 Internal

Re: Regarding Tomcat url redirection

Hi Chris, Thank you very much. I removed for example.com as well as adding an in server.xml I copied context.xml file /git/app/apache-tomcat-10.1.11/webapps/towl/META-INF/context.xml Removed < in rewrite.config files. But still I dont redirect the URL. For your information *nslookup

RE: Tomcat closes connections on unexpected status codes

I have developed a restful web service, which uses HTTP response codes 200 OK, 201 Created, 204 No Content and 404 Not Found. It does not use 400 Bad Request or 500 Internal Server Error normally. 400 Bad Request is more common than 500 Internal Server Error, which should basically never happen.

Re: Tomcat closes connections on unexpected status codes

Pawel, On 4/18/24 20:21, Pawel Veselov wrote: On 18/04/2024 15:18, Stefan Ansing wrote: Hi Rémy, Mark, I just want to make sure that we’re understanding each other. I can see that the connection needs to be closed in certain conditions to prevent request smuggling attacks. I certainly don’t

Re: Tomcat closes connections on unexpected status codes

Pawel, On 4/18/24 20:32, Pawel Veselov wrote: On Thu, Apr 18, 2024 at 9:40 AM Adwait Kumar Singh wrote: I'm not (yet) convinced distinguishing between those scenarios is always going to be possible. I have a Tomcat patch which we use at work to do this, i.e always close the connection if

Re: Tomcat closes connections on unexpected status codes

Mark, On 4/18/24 11:38, Mark Thomas wrote: On 18/04/2024 15:16, Adwait Kumar Singh wrote: I think we should *always* close connections in cases where it can lead to request smuggling vulnerabilities like when there is an error during header or request line parsing, but allowing the user to

Re: Tomcat closes connections on unexpected status codes

All, On 4/18/24 10:16, Adwait Kumar Singh wrote: I think we should *always* close connections in cases where it can lead to request smuggling vulnerabilities like when there is an error during header or request line parsing, but allowing the user to control connection close when the status is

Re: Regarding Tomcat url redirection

Ammu, On 4/18/24 09:34, lavanya tech wrote: I am attaching server.xml and context.xml and rewrite.config files. The paths are /git/app/apache-tomcat-10.1.11/webapps/towl/context.xml This file ^^^ is in the wrong place. It should be in

Reminder: Community Over Code Asia 2024 CFP closes on Apr 22nd

Hi All, The CFP for Community Over Code Asia, including the Web server and Tomcat track, is closing very soon - at 4:00 PM on 22 Apr 2024 Beijing time. Details: https://sessionize.com/communityovercode-asia-2024 Please do not wait until the last minute. We hope to see you in Hangzhou! --

Re: Tomcat closes connections on unexpected status codes

On Thu, Apr 18, 2024 at 9:40 AM Adwait Kumar Singh wrote: > > I'm not (yet) convinced distinguishing between those scenarios is always > > going to be possible. > I have a Tomcat patch which we use at work to do this, i.e always close the > connection if HTTP parsing fails but not if it's a user

Re: Tomcat closes connections on unexpected status codes

> On 18/04/2024 15:18, Stefan Ansing wrote: > > Hi Rémy, Mark, > > I just want to make sure that we’re understanding each other. I can see > > that the connection needs to be closed in certain conditions to prevent > > request smuggling attacks. I certainly don’t want to change that behaviour. > >

Re: Tomcat closes connections on unexpected status codes

> > I'm not (yet) convinced distinguishing between those scenarios is always > going to be possible. I have a Tomcat patch which we use at work to do this, i.e always close the connection if HTTP parsing fails but not if it's a user set status. I can create a PR for feedback. On Thu, Apr 18,

Re: Tomcat closes connections on unexpected status codes

On 18/04/2024 15:18, Stefan Ansing wrote: Hi Rémy, Mark, I just want to make sure that we’re understanding each other. I can see that the connection needs to be closed in certain conditions to prevent request smuggling attacks. I certainly don’t want to change that behaviour. However, I’m

Re: Tomcat closes connections on unexpected status codes

On 18/04/2024 15:16, Adwait Kumar Singh wrote: I think we should *always* close connections in cases where it can lead to request smuggling vulnerabilities like when there is an error during header or request line parsing, but allowing the user to control connection close when the status is

Re: Tomcat closes connections on unexpected status codes

On 18/04/2024 14:41, Rémy Maucherat wrote: On Thu, Apr 18, 2024 at 1:17 PM Mark Thomas wrote: On 18/04/2024 09:07, Stefan Ansing wrote: Hi, We've observed some unexpected behaviour in Apache Tomcat (version 10.1.19) where we see that HTTP/1.1 connections are closed whenever a servlet

Re: Tomcat closes connections on unexpected status codes

Op do 18 apr 2024 om 15:41 schreef Rémy Maucherat : > On Thu, Apr 18, 2024 at 1:17 PM Mark Thomas wrote: > > > > On 18/04/2024 09:07, Stefan Ansing wrote: > > > Hi, > > > > > > We've observed some unexpected behaviour in Apache Tomcat (version > 10.1.19) > > > where we see that HTTP/1.1

Re: Tomcat closes connections on unexpected status codes

I think we should *always* close connections in cases where it can lead to request smuggling vulnerabilities like when there is an error during header or request line parsing, but allowing the user to control connection close when the status is being set by the user, should be safe? It allows

clustering logging erors Tomcat10 with Java 17

Hello, Can someone try to explain what this Catalina.log snippet is saying in regards to clustering status? It looks like to me, this machine successfully sent a session data state msg to the other machine in the cluster, but 60 sec later the other machine did not respond with with its

Re: Tomcat closes connections on unexpected status codes

On Thu, Apr 18, 2024 at 1:17 PM Mark Thomas wrote: > > On 18/04/2024 09:07, Stefan Ansing wrote: > > Hi, > > > > We've observed some unexpected behaviour in Apache Tomcat (version 10.1.19) > > where we see that HTTP/1.1 connections are closed whenever a servlet > > application returns the

Re: Regarding Tomcat url redirection

Hi Chris, Thanks for message, I am attaching server.xml and context.xml and rewrite.config files. The paths are /git/app/apache-tomcat-10.1.11/webapps/towl/context.xml /git/app/apache-tomcat-10.1.11/webapps/towl/WEB-INF/rewrite.config https://www.example.com:/example [R=301,L]

Re: Regarding Tomcat url redirection

Ammu, On 4/18/24 07:45, lavanya tech wrote: I added classname rewrite valeus in contex.xml file . created rewrite.config so both of them is located under conf under apache-tomcat. https://www.example.com:/example [R=301,L] So according to the

Re: Question on the ErrorReportValve

Jon, On 4/17/24 13:26, Mcalexander, Jon J. wrote: Thank you. The documentation makes it somewhat confusing because it starts out that a Valve can exist in Engine, Host, and Context Containers, and then in the subsequent valve list is the ErrorReportValve, but it doesn’t make it clear as to

Re: Regarding Tomcat url redirection

Hi Thomas, Thanks for the fast response. I added classname rewrite valeus in contex.xml file . created rewrite.config so both of them is located under conf under apache-tomcat. https://www.example.com:/example [R=301,L] So according to the

<    1   2   3   4   5   6   7   8   9   10   >