Re: At wits end: Difficulties with IIS ISAPI connector and Tomcat

Tue, 25 Feb 2020 09:35:24 -0800 

The workers.properties below look good to me at first sight.

Just to eliminate something, could you try the following changes :

1) workers.properties :
remove the line
> worker.worker1.secret="mySecret".

2) AJP Connector in tomcat :

<Connector protocol="AJP/1.3"
                address="127.0.0.1"
                port="8009"
                secretRequired="false"
                redirectPort="8443" />

then restart tomcat and IIS.
What's happening then ?

Note : this is something new in tomcat 8.5.51 compared to 8.5.50 and earlier.
Before, by default, the "secret" was disabled. Since 8.5.51, by default, the secret is enabled, and you have to disable it explicitly if you don't want it (as I did above).
With the settings above, we are just trying to get back to a configuration without secret, to check if that works in your case. As indicated in the documentation (http://tomcat.apache.org/tomcat-8.5-doc/config/ajp.html#Standard_Implementations) you can do that in your case, because the communication between IIS and Tomcat is fairly secure, since it happens all within the same host. 


On 25.02.2020 18:06, Ellen Meiselman wrote:

Yes, everything is on the same server.

workers.properties:
# Set properties for worker1 (ajp13)
worker.worker1.type=ajp13
worker.worker1.host=127.0.0.1
worker.worker1.port=8009
worker.worker1.secret="mySecret".

On Tue, Feb 25, 2020 at 11:27 AM <jonmcalexan...@wellsfargo.com.invalid>
wrote:


-----Original Message-----
From: Ellen Meiselman <elle...@gmail.com>
Sent: Tuesday, February 25, 2020 10:01 AM
To: Tomcat Users List <users@tomcat.apache.org>
Subject: Re: At wits end: Difficulties with IIS ISAPI connector and Tomcat


Hi,



I've been testing, and so far, there is no change in the behavior. I am

still getting the same tomcat->based 403 error.


Based on what you said above...

secretRequired="true" (which is the default, so it can be removed)
secret="xxxxxxx"




...I removed secretRequired="true" and left secret. So the connector

definition now looks like this:

<Connector protocol="AJP/1.3"
               address="127.0.0.1"
               port="8009"
               secret="mySecret"
               redirectPort="8443" />


<SNIP>

I'm assuming that your web-front-end is on the same server as your Tomcat
instance, based on you having the address set to 127.0.0.1, correct? What
do you have in your workers.properties file?






---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to