On Thu, Feb 13, 2020 at 9:33 AM Olivier Jaquemet < olivier.jaque...@jalios.com> wrote:
> On 13/02/2020 01:02, Stefan Mayr wrote: > > Hi, > > > >> - AJP defaults changed to listen the loopback address, require a secret > >> and to be disabled in the sample server.xml > > What was the motivation behind this breaking change to require a secret > > or to explitly disable it? What makes an open AJP connector more unsafe > > than an open HTTP connector? > > > > We have hundreds of Tomcats behind Apache httpd with mod_jk. My > > interpretation is that upgrading Tomcat 8.5 or 9.0 will break that setup > > until we disable the secret in all of them (or add a secret in mod_jk > > and Tomcat). > > I would understand that for a new major version 10.x but not in the > > lifecycle of an existing major version. > > Hi, > > I second those questions. > > We also have many tomcat instances behind Apache HTTPD, most of them are > not the same server. > It is my understanding that the new default listening behavior on the > loopback address would break our installation, as the AJP connector > would no longer be reachable to our remote Apache HTTP server. It would > requires that we update all our tomcat's server.xml configuration to > explicitely listen to an additional address by specifying the "address" > attribute of the AJP connector. > Am I correct ? Why such a change ? Why no bugzilla issue for proper > tracking and context ? > What are your recommendations regarding AJP connector configuration ? > It is obviously best to keep default configurations as stable as possible. But sometimes things have to change ... As a result, you'll indeed need to adjust your server.xml according to your deployment and AJP usage. The documentation for the new attributes and updated defaults is here: http://tomcat.apache.org/tomcat-9.0-doc/config/ajp.html#Standard_Implementations Rémy