-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Florian,
On 3/19/20 07:43, Fritze, Florian wrote: > since the Tomcat release with the Ghostcat security fix (Tomcat > 8.5.51) me as an admin have the problem using the > https://httpd.apache.org/docs/2.4/mod/mod_proxy_ajp.html module to > connect the Apache HTTPD with the Tomcat running on localhost. The > attribute secretRequired must be set to „true“ or „false“ with > „false“ set the connection is not possible between Tomcat and > Apache HTTPD. When you have set secretRequired="false", it's not possible to connect? When you try to connect, what DOES happen? > With „true“ the Apache development is not ready in the current > version to work with the „secret“ attribute. Only the next version > of Apache 2.4 supports this attribute. Correct. Support for secret= in mod_proxy_ajp was evidently never really a priority for anybody until now. > So I want to use the newest Tomcat version and an AJP connector > but after the Ghostcat fix release there is this attribute which > does not work in my configuration. > > Are there any suggestions or solutions available that you can > deliver me (links or documentation, etc.) secretRequired="false" should be all you need. Of course, to be truly secure, you need to make sure that not just anybody can make requests through your AJP interface. Have you secured that interface from potential evildoers? - -chris -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl5zxHsACgkQHPApP6U8 pFjf7Q/+Ixbc10KYI07Wb1pdzQajVtw88BcfSZ3dfam2Q9aj2IhZJD5GUTzszAGC bs6eySKEh5vqaHq+oy2ZOuv2f1xxukPQ3/XfmIEUb83G7QScwlMf0r5dth9uslcq cUgHFkpGhSQghB2yhZSzKMzF7gjRY9QI0S5EpEHTQ45CUvREWr4GRyLndkjTbu2C rhdB+8ud4iErWJe1Er0NEqOgoVL8Ceed4BGRYzoT7+lN1dRE4MFIn8ALdVzAvo4L 9ZIm+zawSkx7jUTAGDi4wHd2KrewR9kqJybovZaACx/yc6IF1Sv+DaWlTUDdabE2 qrSl45mA4EdLCeH1wfbZ62IhErbxvLahygAwgYSeMfhv02vzBbmn8bXY4yg359ln aO2AV3xNbxFrF56XatRGIJ+3/ETh2oIv0PLnJEr8xc3CcwdJ+rn8c9i84ZZLnHb6 iTl+Gx9pCUbtH0qCILzLzj7Js9yl13o9AVu3UQ9UxY9BNxkFiKKBe4YfGUev2iiB Vx1Zw6S6/ByjhUpzaSEciSYCkr+pR61iOJpCN9B3tnpv4cRgkqwPWEPgMFDtvFT9 ciwpDuN+O2YPPE0Z39tSy64Ge2QWyPkvb8hVZUEZGVMRmQ1W5LhDJhNxECklxKOh sZPFkji5aVOxj6TT5vwqQDov+FyU2pV5/HRD4fe/vr8vdKj+vec= =CYi0 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
