You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2020/02/04 18:45:55 UTC
[tomcat] 01/05: Disable AJP connector by default
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 86768e423a6ca0ae32e64acb65c9ae8dccf52256
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Tue Jan 21 12:41:01 2020 +0000
Disable AJP connector by default
---
TOMCAT-NEXT.txt | 2 --
conf/server.xml | 3 ++-
res/tomcat.nsi | 21 ---------------------
webapps/docs/manager-howto.xml | 2 --
webapps/docs/security-howto.xml | 8 ++++----
webapps/docs/setup.xml | 1 -
6 files changed, 6 insertions(+), 31 deletions(-)
diff --git a/TOMCAT-NEXT.txt b/TOMCAT-NEXT.txt
index 95d6376..3be3e12 100644
--- a/TOMCAT-NEXT.txt
+++ b/TOMCAT-NEXT.txt
@@ -47,8 +47,6 @@ New items for 10.0.0.x onwards:
7. Refactor DefaultServlet to use Ranges in parseRanges().
- 8. Consider disabling the AJP connector by default.
-
Deferred until 10.0.x:
diff --git a/conf/server.xml b/conf/server.xml
index 2cd78df..5d9d57a 100644
--- a/conf/server.xml
+++ b/conf/server.xml
@@ -113,8 +113,9 @@
-->
<!-- Define an AJP 1.3 Connector on port 8009 -->
+ <!--
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
-
+ -->
<!-- An Engine represents the entry point (within Catalina) that processes
every request. The Engine implementation for Tomcat stand alone
diff --git a/res/tomcat.nsi b/res/tomcat.nsi
index 60d1f09..c06df50 100644
--- a/res/tomcat.nsi
+++ b/res/tomcat.nsi
@@ -53,7 +53,6 @@ Var Arch
Var ResetInstDir
Var TomcatPortShutdown
Var TomcatPortHttp
-Var TomcatPortAjp
Var TomcatMenuEntriesEnable
Var TomcatShortcutAllUsers
Var TomcatServiceName
@@ -70,7 +69,6 @@ Var TomcatAdminRoles
Var CtlJavaHome
Var CtlTomcatPortShutdown
Var CtlTomcatPortHttp
-Var CtlTomcatPortAjp
Var CtlTomcatServiceName
Var CtlTomcatShortcutAllUsers
Var CtlTomcatAdminUsername
@@ -135,7 +133,6 @@ Var ServiceInstallLog
LangString TEXT_JVM_LABEL1 ${LANG_ENGLISH} "Please select the path of a Java @MIN_JAVA_VERSION@ or later JRE installed on your system."
LangString TEXT_CONF_LABEL_PORT_SHUTDOWN ${LANG_ENGLISH} "Server Shutdown Port"
LangString TEXT_CONF_LABEL_PORT_HTTP ${LANG_ENGLISH} "HTTP/1.1 Connector Port"
- LangString TEXT_CONF_LABEL_PORT_AJP ${LANG_ENGLISH} "AJP/1.3 Connector Port"
LangString TEXT_CONF_LABEL_SERVICE_NAME ${LANG_ENGLISH} "Windows Service Name"
LangString TEXT_CONF_LABEL_SHORTCUT_ALL_USERS ${LANG_ENGLISH} "Create shortcuts for all users"
LangString TEXT_CONF_LABEL_ADMIN ${LANG_ENGLISH} "Tomcat Administrator Login (optional)"
@@ -459,7 +456,6 @@ Function .onInit
StrCpy $JavaHome ""
StrCpy $TomcatPortShutdown "-1"
StrCpy $TomcatPortHttp "8080"
- StrCpy $TomcatPortAjp "8009"
StrCpy $TomcatMenuEntriesEnable "0"
StrCpy $TomcatShortcutAllUsers "0"
StrCpy $TomcatServiceDefaultName "Tomcat@VERSION_MAJOR@"
@@ -477,7 +473,6 @@ Function .onInit
${ReadFromConfigIni} $JavaHome "JavaHome" $R2
${ReadFromConfigIni} $TomcatPortShutdown "TomcatPortShutdown" $R2
${ReadFromConfigIni} $TomcatPortHttp "TomcatPortHttp" $R2
- ${ReadFromConfigIni} $TomcatPortAjp "TomcatPortAjp" $R2
${ReadFromConfigIni} $TomcatMenuEntriesEnable "TomcatMenuEntriesEnable" $R2
${ReadFromConfigIni} $TomcatShortcutAllUsers "TomcatShortcutAllUsers" $R2
${ReadFromConfigIni} $TomcatServiceDefaultName "TomcatServiceDefaultName" $R2
@@ -603,13 +598,6 @@ Function pageConfiguration
Pop $CtlTomcatPortHttp
${NSD_SetTextLimit} $CtlTomcatPortHttp 5
- ${NSD_CreateLabel} 0 36u 100u 14u "$(TEXT_CONF_LABEL_PORT_AJP)"
- Pop $R0
-
- ${NSD_CreateText} 150u 34u 50u 12u "$TomcatPortAjp"
- Pop $CtlTomcatPortAjp
- ${NSD_SetTextLimit} $CtlTomcatPortAjp 5
-
${NSD_CreateLabel} 0 57u 140u 14u "$(TEXT_CONF_LABEL_SERVICE_NAME)"
Pop $R0
@@ -647,7 +635,6 @@ FunctionEnd
Function pageConfigurationLeave
${NSD_GetText} $CtlTomcatPortShutdown $TomcatPortShutdown
${NSD_GetText} $CtlTomcatPortHttp $TomcatPortHttp
- ${NSD_GetText} $CtlTomcatPortAjp $TomcatPortAjp
${NSD_GetText} $CtlTomcatServiceName $TomcatServiceName
${If} $TomcatMenuEntriesEnable == "1"
${NSD_GetState} $CtlTomcatShortcutAllUsers $TomcatShortcutAllUsers
@@ -670,12 +657,6 @@ Function pageConfigurationLeave
Goto exit
${EndIf}
- ${If} $TomcatPortAjp == ""
- MessageBox MB_ICONEXCLAMATION|MB_OK 'The AJP port may not be empty'
- Abort "Config not right"
- Goto exit
- ${EndIf}
-
${If} $TomcatServiceName == ""
MessageBox MB_ICONEXCLAMATION|MB_OK 'The Service Name may not be empty'
Abort "Config not right"
@@ -1064,7 +1045,6 @@ Function configure
IfErrors SERVER_XML_LEAVELOOP
${StrRep} $R4 $R3 "8005" "$TomcatPortShutdown"
${StrRep} $R3 $R4 "8080" "$TomcatPortHttp"
- ${StrRep} $R4 $R3 "8009" "$TomcatPortAjp"
FileWrite $R2 $R4
Goto SERVER_XML_LOOP
SERVER_XML_LEAVELOOP:
@@ -1082,7 +1062,6 @@ Function configure
DetailPrint 'Server shutdown listener configured on port "$TomcatPortShutdown"'
DetailPrint 'HTTP/1.1 Connector configured on port "$TomcatPortHttp"'
- DetailPrint 'AJP/1.3 Connector configured on port "$TomcatPortAjp"'
DetailPrint "server.xml written"
StrCpy $R5 ''
diff --git a/webapps/docs/manager-howto.xml b/webapps/docs/manager-howto.xml
index ba445ca..351e89b 100644
--- a/webapps/docs/manager-howto.xml
+++ b/webapps/docs/manager-howto.xml
@@ -918,8 +918,6 @@ currently configured for each virtual host.</p>
<source>OK - Connector / Trusted Certificate information
Connector[HTTP/1.1-8080]
SSL is not enabled for this connector
-Connector[AJP/1.3-8009]
-SSL is not enabled for this connector
Connector[HTTP/1.1-8443]-_default_
[
[
diff --git a/webapps/docs/security-howto.xml b/webapps/docs/security-howto.xml
index b54a7dc..4d5726d 100644
--- a/webapps/docs/security-howto.xml
+++ b/webapps/docs/security-howto.xml
@@ -246,12 +246,12 @@
</subsection>
<subsection name="Connectors">
- <p>By default, an HTTP and an AJP connector are configured. Connectors
- that will not be used should be removed from server.xml.</p>
+ <p>By default, a non-TLS, HTTP/1.1 connector is configured on port 8080.
+ Connectors that will not be used should be removed from server.xml.</p>
<p>The <strong>address</strong> attribute may be used to control which IP
- address the connector listens on for connections. By default, the
- connector listens on all configured IP addresses.</p>
+ address a connector listens on for connections. By default, a connector
+ listens on all configured IP addresses.</p>
<p>The <strong>allowTrace</strong> attribute may be used to enable TRACE
requests which can be useful for debugging. Due to the way some browsers
diff --git a/webapps/docs/setup.xml b/webapps/docs/setup.xml
index 3655063..8daf5c1 100644
--- a/webapps/docs/setup.xml
+++ b/webapps/docs/setup.xml
@@ -85,7 +85,6 @@
<li>JavaHome</li>
<li>TomcatPortShutdown</li>
<li>TomcatPortHttp</li>
- <li>TomcatPortAjp</li>
<li>TomcatMenuEntriesEnable</li>
<li>TomcatShortcutAllUsers</li>
<li>TomcatServiceDefaultName</li>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org