On 13/02/2020 15:31, Christopher Schultz wrote:
My question would be "why do so many have AJP connectors where no
'address' attribute was specifically configured?"
The answer to the question "why change the default?" is: "because the
default was essentially insecure, in a way that wasn't
On 13/02/2020 12:41, Mark Thomas wrote:
On 13/02/2020 09:57, Olivier Jaquemet wrote:
I understand the need to introduce a "secured by default" AJP
configuration.
However, I question one choice that was made for this change : the
default behavior of the AJP connector to l
On 13/02/2020 10:32, Rémy Maucherat wrote:
On Thu, Feb 13, 2020 at 9:33 AM Olivier Jaquemet wrote:
On 13/02/2020 01:02, Stefan Mayr wrote:
- AJP defaults changed to listen the loopback address, require a secret
and to be disabled in the sample server.xml
[snip]
Am I correct ? Why
On 13/02/2020 01:02, Stefan Mayr wrote:
Hi,
- AJP defaults changed to listen the loopback address, require a secret
and to be disabled in the sample server.xml
What was the motivation behind this breaking change to require a secret
or to explitly disable it? What makes an open AJP
On 16/12/2019 16:06, Christopher Schultz wrote:
Hello all,
I would like to systematically hide a request header to web
applications hosted by Tomcat.
[...]
I took a look at Tomcat's rewrite valve[1] and also at the venerable
url-rewrite[2] and I didn't see any options for munging headers. I
On 16/12/2019 12:25, M. Manna wrote:
I would like to systematically hide a request header to web applications
hosted by Tomcat.
"Blanking" or "Unsetting" a header is not the same as "Hiding". By
hiding, you are essentially asking for the Header to be available under
certain elevated privilege
Hello all,
I would like to systematically hide a request header to web applications
hosted by Tomcat.
- If Apache HTTPD is used in front of Tomcat, you can use the
RequestHeader directive [0]:
RequestHeader unset Some-Header-Name
- If NGINX is used in front of Tomcat, you can use the
On 26/04/2019 09:56, Mark Thomas wrote:
There was an extra copy but Chris's suggestion got me thinking and I
found a much better solution.
The patch has been applied to 9.0.x and 8.5.x and will be in the next
release of both. 7.0.x is not affected.
The patch fixes the OutOfMemoryError and the
On 23/04/2019 16:12, Christopher Schultz wrote:
Olivier,
Hi Christopher,
Thanks for you answer.
On 4/23/19 05:58, Olivier Jaquemet wrote:
Hi all,
We were able to reproduce a OutOfMemory error when using AJP and
the Resources cachingAllowed=false directive. It looks like a bug
of AJP
Hi all,
We were able to reproduce a OutOfMemory error when using AJP and the
Resources cachingAllowed=false directive.
It looks like a bug of AJP connector(s), as it does not occurs with
other HTTP connectors.
Could you confirm the behavior described below is indeed bug ? (if you
do, I'll
On 01/09/2016 08:09, Mark Thomas wrote:
On 31 August 2016 13:22:34 BST, Olivier Jaquemet <olivier.jaque...@jalios.com>
wrote:
Hi all,
We are encountering a weird but frequent exception when users try to
access AVI video playback on IE11.
My analysis is that it's a bad behavior of Tomca
Hi all,
We are encountering a weird but frequent exception when users try to
access AVI video playback on IE11.
My analysis is that it's a bad behavior of Tomcat when using
HttpServletResponseWrapper.
I did not want to immediately create a bug report, first because you
might have other
Tomcat 8.5 : Java SE 7, README.html mistake ?
Hello all,
As far as I know, Tomcat 8.5 requires Java SE 7, as indicated in many
official sources (see below).
However, one quite visible source is stating otherwise and may requires
an update to prevent confusion, the README.html displayed on
13 matches
Mail list logo
