It is possible to replace AJP with normal HTTP or HTTPs. AJP has an advantage, it needs less bandwidth. But it shouldn't make too much difference with today's computer networks. If you need the bandwidth advantage, you can certainly use the module ModSecurity for Apache HTTPD to protect your application server. But an advanced solution would be to protect AJP with the IPTables firewall. AJP is mostly used in conjunction with HTTPD and if you only allow access to these, it should be pretty secure.
Am Freitag, den 10.04.2020, 15:45 +0000 schrieb David Cleary: > Some of our customers are currently using the AJP connector. Given > the vulnerability and breaking change to address it, now may be a > good time to prompt them look at alternatives. One requirement is > HTTPS support. What are the alternatives when hosting Tomcat behind > Apache httpd, nginx, or IIS? I do remember a presentation I thought > was pretty good at Apachecon in Miami on connectors a few years ago. > Has there been anything new that has come out since then? Are there > any recommendations on what is best to replace AJP13? > > Thanks > Dave --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
