On 13/02/2020 12:41, Mark Thomas wrote:
On 13/02/2020 09:57, Olivier Jaquemet wrote:
I understand the need to introduce a "secured by default" AJP
configuration.
However, I question one choice that was made for this change : the
default behavior of the AJP connector to listen only on the loopback
address.
[...]
You can specify "0.0.0.0" (IPv4) or "::" (IPv6) to restore the behaviour
of listening on any address.
Mark
Thank you Mark. This should address this use case.
Would you consider adding this binding information to the documentation
(in the documentation of the address attribute) ?
To sum up :
When migrating to Tomcat 8.5.51, 9.0.31 (and probably the next 7.0.x as
I saw you had also backported this change to the 7.0.x branch),
if your server architecture is to expose tomcat with an AJP connector,
to a remote distant front server, you can :
either, *secure your installation* (obviously the recommended way on
untrusted network) :
- by specifying the valid IP address on which the connector must bind;
This is done with address attribute of the AJP connector.
- by specifying a shared secret between the front server and the
connector ; This is done with the secret attribute of the AJP connector
or else, if you want your server.xml to be agnostic to the running host
and remote front server, change your configuration back to the previous
behavior, *BUT ONLY IF AND ONLY IF you are on trusted network* :
- by removing explicit bind of AJP connector, by specifying "0.0.0.0"
(IPv4) or "::" (IPv6) in the address attribute of the AJP connector
- by removing need for shared secret between front and tomcat ; This is
done with the secretRequired="false" attribute of the AJP connector.
Olivier
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
