You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by kk...@apache.org on 2011/09/21 23:54:35 UTC

svn commit: r1173883 - in /tomcat/site/trunk: docs/security-5.html docs/security-6.html xdocs/security-5.xml xdocs/security-6.xml

Author: kkolinko
Date: Wed Sep 21 21:54:34 2011
New Revision: 1173883

URL: http://svn.apache.org/viewvc?rev=1173883&view=rev
Log:
Clarify how AJP connector implementation is configured in Tomcat 5.5 and 6.0.

Modified:
    tomcat/site/trunk/docs/security-5.html
    tomcat/site/trunk/docs/security-6.html
    tomcat/site/trunk/xdocs/security-5.xml
    tomcat/site/trunk/xdocs/security-6.xml

Modified: tomcat/site/trunk/docs/security-5.html
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-5.html?rev=1173883&r1=1173882&r2=1173883&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-5.html (original)
+++ tomcat/site/trunk/docs/security-5.html Wed Sep 21 21:54:34 2011
@@ -474,18 +474,31 @@
 
     <p>Affects: 5.5.0-5.5.33</p>
     
-    <p>Mitigation options:</p>  
+    <p>Mitigation options:</p>
     <ul>
-      <li>Upgrade to Tomcat 5.5.34</li>
-      <li>Apply the appropriate <a href=" http://svn.apache.org/viewvc?rev=1162960&amp;view=rev">patch</a>
+      <li>Upgrade to Tomcat 5.5.34.</li>
+      <li>Apply the appropriate <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=1162960">patch</a>.</li>
+      <li>Configure both Tomcat and the reverse proxy to use a shared secret.<br/>
+        (It is "<code>request.secret</code>" attribute in AJP &lt;Connector&gt;,
+        "<code>worker.<i>workername</i>.secret</code>" directive for mod_jk.
+        The mod_proxy_ajp module currently does not support shared secrets).
+      </li>
+      <li>Use the org.apache.jk.server.JkCoyoteHandler (BIO) AJP connector
+        implementation.<br/>
+        (It is automatically selected if you do not have Tomcat-Native library
+        installed. It can be also selected explicitly:
+        <code>&lt;Connector protocol="org.apache.jk.server.JkCoyoteHandler"&gt;</code>).
+      </li>
+    </ul>
+
+    <p>References:</p>
+    <ul>
+      <li>
+<a href="/tomcat-5.5-doc/config/ajp.html">AJP Connector documentation (Tomcat 5.5)</a>
+</li>
+      <li>
+<a href="/connectors-doc/reference/workers.html">workers.properties configuration (mod_jk)</a>
 </li>
-      <li>Configure both Tomcat and the reverse proxy to use a shared secret
-      ("request.secret" attribute in
-      <a href="/tomcat-5.5-doc/config/ajp.html">&lt;Connector&gt;</a>;
-      "worker.<i>workername</i>.secret" directive for
-      <a href="/connectors-doc/reference/workers.html">mod_jk</a>;
-      mod_proxy_ajp currently does not support shared secrets)</li>
-      <li>Use the org.apache.jk.server.JkCoyoteHandler (BIO) AJP connector</li>
     </ul>
   </blockquote>
 </p>

Modified: tomcat/site/trunk/docs/security-6.html
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-6.html?rev=1173883&r1=1173882&r2=1173883&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-6.html (original)
+++ tomcat/site/trunk/docs/security-6.html Wed Sep 21 21:54:34 2011
@@ -367,16 +367,29 @@
   
     <p>Mitigation options:</p>  
     <ul>
-      <li>Upgrade to Tomcat 6.0.34</li>
-      <li>Apply the appropriate <a href="http://svn.apache.org/viewvc?rev=1162959&amp;view=rev">patch</a>
+      <li>Upgrade to Tomcat 6.0.34.</li>
+      <li>Apply the appropriate <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=1162959">patch</a>.</li>
+      <li>Configure both Tomcat and the reverse proxy to use a shared secret.<br/>
+        (It is "<code>request.secret</code>" attribute in AJP &lt;Connector&gt;,
+        "<code>worker.<i>workername</i>.secret</code>" directive for mod_jk.
+        The mod_proxy_ajp module currently does not support shared secrets).
+      </li>
+      <li>Use the org.apache.jk.server.JkCoyoteHandler (BIO) AJP connector
+        implementation.<br/>
+        (It is automatically selected if you do not have Tomcat-Native library
+        installed. It can be also selected explicitly:
+        <code>&lt;Connector protocol="org.apache.jk.server.JkCoyoteHandler"&gt;</code>).
+      </li>
+    </ul>
+
+    <p>References:</p>
+    <ul>
+      <li>
+<a href="/tomcat-6.0-doc/config/ajp.html">AJP Connector documentation (Tomcat 6.0)</a>
+</li>
+      <li>
+<a href="/connectors-doc/reference/workers.html">workers.properties configuration (mod_jk)</a>
 </li>
-      <li>Configure both Tomcat and the reverse proxy to use a shared secret
-      ("request.secret" attribute in 
-      <a href="/tomcat-6.0-doc/config/ajp.html">&lt;Connector&gt;</a>;
-      "worker.<i>workername</i>.secret" directive for
-      <a href="/connectors-doc/reference/workers.html">mod_jk</a>;
-      mod_proxy_ajp currently does not support shared secrets)</li>
-      <li>Use the org.apache.jk.server.JkCoyoteHandler (BIO) AJP connector</li>
     </ul>
   </blockquote>
 </p>

Modified: tomcat/site/trunk/xdocs/security-5.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-5.xml?rev=1173883&r1=1173882&r2=1173883&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-5.xml (original)
+++ tomcat/site/trunk/xdocs/security-5.xml Wed Sep 21 21:54:34 2011
@@ -164,17 +164,27 @@
 
     <p>Affects: 5.5.0-5.5.33</p>
     
-    <p>Mitigation options:</p>  
+    <p>Mitigation options:</p>
     <ul>
-      <li>Upgrade to Tomcat 5.5.34</li>
-      <li>Apply the appropriate <a href=" http://svn.apache.org/viewvc?rev=1162960&amp;view=rev">patch</a></li>
-      <li>Configure both Tomcat and the reverse proxy to use a shared secret
-      ("request.secret" attribute in
-      <a href="/tomcat-5.5-doc/config/ajp.html">&lt;Connector&gt;</a>;
-      "worker.<i>workername</i>.secret" directive for
-      <a href="/connectors-doc/reference/workers.html">mod_jk</a>;
-      mod_proxy_ajp currently does not support shared secrets)</li>
-      <li>Use the org.apache.jk.server.JkCoyoteHandler (BIO) AJP connector</li>
+      <li>Upgrade to Tomcat 5.5.34.</li>
+      <li>Apply the appropriate <revlink rev="1162960">patch</revlink>.</li>
+      <li>Configure both Tomcat and the reverse proxy to use a shared secret.<br />
+        (It is "<code>request.secret</code>" attribute in AJP &lt;Connector&gt;,
+        "<code>worker.<i>workername</i>.secret</code>" directive for mod_jk.
+        The mod_proxy_ajp module currently does not support shared secrets).
+      </li>
+      <li>Use the org.apache.jk.server.JkCoyoteHandler (BIO) AJP connector
+        implementation.<br />
+        (It is automatically selected if you do not have Tomcat-Native library
+        installed. It can be also selected explicitly:
+        <code>&lt;Connector protocol="org.apache.jk.server.JkCoyoteHandler"&gt;</code>).
+      </li>
+    </ul>
+
+    <p>References:</p>
+    <ul>
+      <li><a href="/tomcat-5.5-doc/config/ajp.html">AJP Connector documentation (Tomcat 5.5)</a></li>
+      <li><a href="/connectors-doc/reference/workers.html">workers.properties configuration (mod_jk)</a></li>
     </ul>
   </section>
 

Modified: tomcat/site/trunk/xdocs/security-6.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-6.xml?rev=1173883&r1=1173882&r2=1173883&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-6.xml (original)
+++ tomcat/site/trunk/xdocs/security-6.xml Wed Sep 21 21:54:34 2011
@@ -66,15 +66,25 @@
   
     <p>Mitigation options:</p>  
     <ul>
-      <li>Upgrade to Tomcat 6.0.34</li>
-      <li>Apply the appropriate <a href="http://svn.apache.org/viewvc?rev=1162959&amp;view=rev">patch</a></li>
-      <li>Configure both Tomcat and the reverse proxy to use a shared secret
-      ("request.secret" attribute in 
-      <a href="/tomcat-6.0-doc/config/ajp.html">&lt;Connector&gt;</a>;
-      "worker.<i>workername</i>.secret" directive for
-      <a href="/connectors-doc/reference/workers.html">mod_jk</a>;
-      mod_proxy_ajp currently does not support shared secrets)</li>
-      <li>Use the org.apache.jk.server.JkCoyoteHandler (BIO) AJP connector</li>
+      <li>Upgrade to Tomcat 6.0.34.</li>
+      <li>Apply the appropriate <revlink rev="1162959">patch</revlink>.</li>
+      <li>Configure both Tomcat and the reverse proxy to use a shared secret.<br />
+        (It is "<code>request.secret</code>" attribute in AJP &lt;Connector&gt;,
+        "<code>worker.<i>workername</i>.secret</code>" directive for mod_jk.
+        The mod_proxy_ajp module currently does not support shared secrets).
+      </li>
+      <li>Use the org.apache.jk.server.JkCoyoteHandler (BIO) AJP connector
+        implementation.<br />
+        (It is automatically selected if you do not have Tomcat-Native library
+        installed. It can be also selected explicitly:
+        <code>&lt;Connector protocol="org.apache.jk.server.JkCoyoteHandler"&gt;</code>).
+      </li>
+    </ul>
+
+    <p>References:</p>
+    <ul>
+      <li><a href="/tomcat-6.0-doc/config/ajp.html">AJP Connector documentation (Tomcat 6.0)</a></li>
+      <li><a href="/connectors-doc/reference/workers.html">workers.properties configuration (mod_jk)</a></li>
     </ul>
   </section>
   



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org