Home / server / Questions / 1005639
In Process
Thomas
Asked: 2020-03-05 16:38:38 +0800 CST

tomcat 7.0.100 AJP connector with mod_jk on another host

  • 772

After upgrading tomcat7 to 7.0.100, the AJP connector was only listening on 127.0.0.1. Initially I edited the wrong server.xml in /etc/tomcat7/server.xml which was not used. The right one is /var/lib/tomcat7/conf/server.xml at least for me. I added these two parameters:

address="0.0.0.0"
requiredSecret="false"

Now it listens on all interfaces, as before. However when I try to access it using mod_jk I get a 403. A sniffer conifrms that this is comming from the AJP connector. So I tried to set

allowedRequestAttributesPattern=".*"

Which does not solve the issue. Any ideas?

ajp mod-jk tomcat7

2 Answers

  1. try this:

    <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" address="0.0.0.0" allowedRequestAttributesPattern=".*" secretRequired="false" />

    https://tomcat.apache.org/tomcat-7.0-doc/changelog.html

    changes made in 7.0.100:

    Rename the requiredSecret attribute of the AJP/1.3 Connector to secret and add a new attribute secretRequired that defaults to true. When secretRequired is true the AJP/1.3 Connector will not start unless the secret attribute is configured to a non-null, non-zero length String. (markt)

    • 1

  2. The 403 went away when we set a password on AJP. So in server.xml section we put:

    <Connector port="8109" protocol="AJP/1.3" redirectPort="8443" secret="verysecure" secretRequired="true"/>

    And in worker_properties of mod_jk:

    worker.tomcat-06.secret=verysecure
    • 0