I am trying to install Tomcat 9.0.35 using JDK 11 on Windows 2012 R2 VM. This will an upgrade from Tomcat 9.0.11 and JDK 10. I am having issues with ISAPI Redirect. I see the following errors in ISAPI logs:
[2912:2028] [info] jk_open_socket::jk_connect.c (815): connect to 10.49.53.55:7009 failed (errno=61)
[2912:2028] [info] ajp_connect_to_endpoint::jk_ajp_common.c (1064): (tom9) Failed opening socket to (10.49.53.55:7009) (errno=61)
[2912:2028] [error] ajp_send_request::jk_ajp_common.c (1724): (tom9) connecting to backend failed. Tomcat is probably not started or is listening on the wrong port (errno=61)
[2912:2028] [info] ajp_service::jk_ajp_common.c (2774): (tom9) sending request to tomcat failed (recoverable), because of error during request sending (attempt=2)
[2912:2028] [error] ajp_service::jk_ajp_common.c (2795): (tom9) connecting to tomcat failed (rc=-3, errors=3, client_errors=0).
[2912:2028] [error] HttpExtensionProc::jk_isapi_plugin.c (2123): service() failed with http error 503
My AJP connector in Server.XML looks like this:
<Connector port="7009" redirectPort="8443" protocol="AJP/1.3" secretRequired="false" address="::1"/>
Does anyone know what changed in latest version of Tomcat and/or JDK?
Best Answer
You now have to add additional parameters to connector settings in Server.xml [Connector port="8009" protocol="AJP/1.3" redirectPort="8443" address="YOUR_TOMCAT_IP_ADDRESS" requiredSecret="tomcat" ] and update worker.properties 'worker.tom9.secret=tomcat' parameter.
You can use whatever secret key you want to use instead of tomcat.
https://blog.vulcan.io/fix-available-for-new-apache-tomcat-vulnerability-ghostcat-cve-2020-1938