Tomcat 7.0.100 AJP connector with mod_jk on another host

ajpmod-jktomcat7

After upgrading tomcat7 to 7.0.100, the AJP connector was only listening on 127.0.0.1. Initially I edited the wrong server.xml in /etc/tomcat7/server.xml which was not used. The right one is /var/lib/tomcat7/conf/server.xml at least for me. I added these two parameters:

address="0.0.0.0"
requiredSecret="false"

Now it listens on all interfaces, as before. However when I try to access it using mod_jk I get a 403. A sniffer conifrms that this is comming from the AJP connector. So I tried to set

allowedRequestAttributesPattern=".*"

Which does not solve the issue. Any ideas?

Best Answer

try this:

<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" address="0.0.0.0" allowedRequestAttributesPattern=".*" secretRequired="false" />

https://tomcat.apache.org/tomcat-7.0-doc/changelog.html

changes made in 7.0.100:

Rename the requiredSecret attribute of the AJP/1.3 Connector to secret and add a new attribute secretRequired that defaults to true. When secretRequired is true the AJP/1.3 Connector will not start unless the secret attribute is configured to a non-null, non-zero length String. (markt)

Related Topic