Please see inline comments from previous message.
-Terence Bandoian
On 1/2/2015 9:45 PM, Terence M. Bandoian wrote:
On 1/1/2015 9:20 AM, Sandip Gaikwad wrote:
Hi,
Following are entries in files. Please let me know what is going wrong.
*workers.properties*
worker.list=worker1
# Set properties for worker1 (ajp13)
worker.worker1.type=ajp13
worker.worker1.host=localhost
worker.worker1.port=8009
worker.worker1.connection_pool_size=10
worker.worker1.connection_pool_timeout=600
worker.worker1.socket_keepalive=true
worker.worker1.socket_timeout=300
*httpd.conf*
LoadModule jk_module "C:/Apache24/modules/mod_jk.so"
JkWorkersFile "C:/tomcat-connectors-1.2.40-src/conf/workers.properties"
JkLogFile "C:/Apache24/logs/mod_jk.log"
JkLogLevel info
JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories
JkRequestLogFormat "%w %V %T"
JkMount /jenkins/* worker1
*server.xml*
<?xml version='1.0' encoding='utf-8'?>
<Server port="8005" shutdown="SHUTDOWN">
<Listener className="org.apache.jk.config.ApacheConfig"
modJk="C:/Apache24/modules/mod_jk.so"/>
<Listener
className="org.apache.catalina.startup.VersionLoggerListener" />
<Listener className="org.apache.catalina.core.AprLifecycleListener"
SSLEngine="on" />
<Listener
className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
<Listener
className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"
/>
<Listener
className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
<GlobalNamingResources>
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
pathname="conf/tomcat-users.xml" />
</GlobalNamingResources>
<Service name="Catalina">
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
If you don't want to allow direct access to Tomcat, the Connector
above should be removed.
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
The address attribute should probably be set on the Connector above.
Setting it 127.0.0.1 (address="127.0.0.1") will limit access to the
local host.
-Terence Bandoian
<Engine name="Catalina" defaultHost="localhost">
<Realm className="org.apache.catalina.realm.LockOutRealm">
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>
</Realm>
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true">
<Listener className="org.apache.jk.config.ApacheConfig"
modJk="C:/Apache24/modules/mod_jk.so"/>
<Valve className="org.apache.catalina.valves.AccessLogValve"
directory="logs"
prefix="localhost_access_log" suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" />
</Host>
</Engine>
</Service>
</Server>
Thanks,
Sandip
On Thu, Jan 1, 2015 at 7:45 PM, Christopher Schultz
<ch...@christopherschultz.net <mailto:ch...@christopherschultz.net>>
wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Sandip,
On 1/1/15 12:19 AM, Sandip Gaikwad wrote:
> Could you please let me know how to block direct access to tomcat
> and allow access through apache http server only?
>
> I used http://
>
http://www.slideshare.net/mohanraj_nagasamy/integrating-tomcat-and-apache-on-windows-presentation
>
>
for reference.
tl;dr
> What indicates that each request is coming from apache httpd only?
Nothing, really. There are ways to determine this, but you are
better
off solving the root problem.
> Example: i have added following code in httpd.conf # Send
> everything for context /example1 to worker named worker1 (ajp13)
> JkMount /example1/* worker1
>
> in tomcat i have two apps example1 and example2
>
> I am expecting to access only http://localhost/example1 . But i
can
> access http://localhost/example2 as well.
>
> How can i stop http://localhost/example2 from being accessed?
Only one process can bind to a single interface+port, so you need to
figure out whether Tomcat or httpd is using port 80.
If httpd is bound to port 80, then the only reasons why a request to
/example2 would hit your application are:
a) You have a JkMount somewhere for that
b) You have made your DocumentRoot = appbase
The first is easy to fix: just remove that JkMount.
The second is a horrible security problem that you'll need to fix
immediately.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org
iQIcBAEBCAAGBQJUpVaXAAoJEBzwKT+lPKRYY5AQAJ6+2NAhVtCWl1KMSQj2FGr8
TMh/cpFAUiFY8NYbxLhPLZnELf/PhoCZlBAHnUJN7j+ozr5YbjbBW7sVJ9kI3yu8
W1lB5zlxZKuVGBp3+GZsMdQcMDr/tg4Jkr8/TFKqUZOo5RPeTVoXxy+azdCNyMuy
BdogSIpqpxc1k6r1lQOGljiKzXiZJDdpkJwDau1mnzY8eO54pxZWHIJI63c4gu5y
akinaEncJDzI5dFwAQWiL/C+CtO8ujiUePH+FfpwfzoQozqIa+hpCaipwtOdc+0Z
V1qCSzLQDMAIKcuPWGnFrn9D8s24f8SasfAh83ca6oA8Ht4YoOEJILhCC81gRFhj
HGBLuVtAyfIKYza8Vn3QIoGDzqM/YqCdeOSrZKPkfnhma/lYy7JeuNfzXs8av3Eg
q0R8+4K1Bdl8I1J3rDZv/fuQMpWcYcuXpbdHJJ8Iwr7yeSVESrKT/HLtEZJIqBwI
F4FucgZUtkzgxodFqKrZBNgHNt0Bqnph04xVivqidhZvdE6SKap3/U5iSHXBNWcP
AGlWdWt2pqiWzCA0sHdQaw9AWlOB5RAGGebotnidu2V8PNiNwsjO5Llg0feagr9a
rikDkOpwChF3+u5z9yztCBgcNHBo1Nf4UW2eijqtsci+0OJ4cA75A4xjpd5AvrAj
Bz0SrueuRUKvwSEvJus7
=pJXZ
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
<mailto:users-unsubscr...@tomcat.apache.org>
For additional commands, e-mail: users-h...@tomcat.apache.org
<mailto:users-h...@tomcat.apache.org>
--
Sandip Gaikwad
9987626799
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
