You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2020/02/05 11:28:06 UTC
[tomcat] branch 7.0.x updated: Disable AJP connector by default
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 7.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/7.0.x by this push:
new 0f725b3 Disable AJP connector by default
0f725b3 is described below
commit 0f725b323a74b64cdb35fce04b54427582ad6063
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Tue Jan 21 12:41:01 2020 +0000
Disable AJP connector by default
---
conf/server.xml | 3 ++-
res/tomcat.nsi | 21 ---------------------
webapps/docs/changelog.xml | 4 ++++
webapps/docs/security-howto.xml | 8 ++++----
webapps/docs/setup.xml | 1 -
5 files changed, 10 insertions(+), 27 deletions(-)
diff --git a/conf/server.xml b/conf/server.xml
index 502858c..b1afebb 100644
--- a/conf/server.xml
+++ b/conf/server.xml
@@ -90,8 +90,9 @@
-->
<!-- Define an AJP 1.3 Connector on port 8009 -->
+ <!--
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
-
+ -->
<!-- An Engine represents the entry point (within Catalina) that processes
every request. The Engine implementation for Tomcat stand alone
diff --git a/res/tomcat.nsi b/res/tomcat.nsi
index e9eef97..2948015 100644
--- a/res/tomcat.nsi
+++ b/res/tomcat.nsi
@@ -53,7 +53,6 @@ Var Arch
Var ResetInstDir
Var TomcatPortShutdown
Var TomcatPortHttp
-Var TomcatPortAjp
Var TomcatMenuEntriesEnable
Var TomcatShortcutAllUsers
Var TomcatServiceName
@@ -70,7 +69,6 @@ Var TomcatAdminRoles
Var CtlJavaHome
Var CtlTomcatPortShutdown
Var CtlTomcatPortHttp
-Var CtlTomcatPortAjp
Var CtlTomcatServiceName
Var CtlTomcatShortcutAllUsers
Var CtlTomcatAdminUsername
@@ -135,7 +133,6 @@ Var ServiceInstallLog
LangString TEXT_JVM_LABEL1 ${LANG_ENGLISH} "Please select the path of a Java @MIN_JAVA_VERSION@ or later JRE installed on your system."
LangString TEXT_CONF_LABEL_PORT_SHUTDOWN ${LANG_ENGLISH} "Server Shutdown Port"
LangString TEXT_CONF_LABEL_PORT_HTTP ${LANG_ENGLISH} "HTTP/1.1 Connector Port"
- LangString TEXT_CONF_LABEL_PORT_AJP ${LANG_ENGLISH} "AJP/1.3 Connector Port"
LangString TEXT_CONF_LABEL_SERVICE_NAME ${LANG_ENGLISH} "Windows Service Name"
LangString TEXT_CONF_LABEL_SHORTCUT_ALL_USERS ${LANG_ENGLISH} "Create shortcuts for all users"
LangString TEXT_CONF_LABEL_ADMIN ${LANG_ENGLISH} "Tomcat Administrator Login (optional)"
@@ -458,7 +455,6 @@ Function .onInit
StrCpy $JavaHome ""
StrCpy $TomcatPortShutdown "-1"
StrCpy $TomcatPortHttp "8080"
- StrCpy $TomcatPortAjp "8009"
StrCpy $TomcatMenuEntriesEnable "0"
StrCpy $TomcatShortcutAllUsers "0"
StrCpy $TomcatServiceDefaultName "Tomcat@VERSION_MAJOR@"
@@ -476,7 +472,6 @@ Function .onInit
${ReadFromConfigIni} $JavaHome "JavaHome" $R2
${ReadFromConfigIni} $TomcatPortShutdown "TomcatPortShutdown" $R2
${ReadFromConfigIni} $TomcatPortHttp "TomcatPortHttp" $R2
- ${ReadFromConfigIni} $TomcatPortAjp "TomcatPortAjp" $R2
${ReadFromConfigIni} $TomcatMenuEntriesEnable "TomcatMenuEntriesEnable" $R2
${ReadFromConfigIni} $TomcatShortcutAllUsers "TomcatShortcutAllUsers" $R2
${ReadFromConfigIni} $TomcatServiceDefaultName "TomcatServiceDefaultName" $R2
@@ -602,13 +597,6 @@ Function pageConfiguration
Pop $CtlTomcatPortHttp
${NSD_SetTextLimit} $CtlTomcatPortHttp 5
- ${NSD_CreateLabel} 0 36u 100u 14u "$(TEXT_CONF_LABEL_PORT_AJP)"
- Pop $R0
-
- ${NSD_CreateText} 150u 34u 50u 12u "$TomcatPortAjp"
- Pop $CtlTomcatPortAjp
- ${NSD_SetTextLimit} $CtlTomcatPortAjp 5
-
${NSD_CreateLabel} 0 57u 140u 14u "$(TEXT_CONF_LABEL_SERVICE_NAME)"
Pop $R0
@@ -646,7 +634,6 @@ FunctionEnd
Function pageConfigurationLeave
${NSD_GetText} $CtlTomcatPortShutdown $TomcatPortShutdown
${NSD_GetText} $CtlTomcatPortHttp $TomcatPortHttp
- ${NSD_GetText} $CtlTomcatPortAjp $TomcatPortAjp
${NSD_GetText} $CtlTomcatServiceName $TomcatServiceName
${If} $TomcatMenuEntriesEnable == "1"
${NSD_GetState} $CtlTomcatShortcutAllUsers $TomcatShortcutAllUsers
@@ -669,12 +656,6 @@ Function pageConfigurationLeave
Goto exit
${EndIf}
- ${If} $TomcatPortAjp == ""
- MessageBox MB_ICONEXCLAMATION|MB_OK 'The AJP port may not be empty'
- Abort "Config not right"
- Goto exit
- ${EndIf}
-
${If} $TomcatServiceName == ""
MessageBox MB_ICONEXCLAMATION|MB_OK 'The Service Name may not be empty'
Abort "Config not right"
@@ -1063,7 +1044,6 @@ Function configure
IfErrors SERVER_XML_LEAVELOOP
${StrRep} $R4 $R3 "8005" "$TomcatPortShutdown"
${StrRep} $R3 $R4 "8080" "$TomcatPortHttp"
- ${StrRep} $R4 $R3 "8009" "$TomcatPortAjp"
FileWrite $R2 $R4
Goto SERVER_XML_LOOP
SERVER_XML_LEAVELOOP:
@@ -1081,7 +1061,6 @@ Function configure
DetailPrint 'Server shutdown listener configured on port "$TomcatPortShutdown"'
DetailPrint 'HTTP/1.1 Connector configured on port "$TomcatPortHttp"'
- DetailPrint 'AJP/1.3 Connector configured on port "$TomcatPortAjp"'
DetailPrint "server.xml written"
StrCpy $R5 ''
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index aaf2f39..584867a 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -139,6 +139,10 @@
to <code>rejectIllegalHeader</code> and expand the underlying
implementation to include header values as well as names. (markt)
</fix>
+ <update>
+ Disable (comment out in server.xml) the AJP/1.3 connector by default.
+ (markt)
+ </update>
</changelog>
</subsection>
<subsection name="Jasper">
diff --git a/webapps/docs/security-howto.xml b/webapps/docs/security-howto.xml
index e6199bc..6f97025 100644
--- a/webapps/docs/security-howto.xml
+++ b/webapps/docs/security-howto.xml
@@ -245,12 +245,12 @@
</subsection>
<subsection name="Connectors">
- <p>By default, an HTTP and an AJP connector are configured. Connectors
- that will not be used should be removed from server.xml.</p>
+ <p>By default, a non-TLS, HTTP/1.1 connector is configured on port 8080.
+ Connectors that will not be used should be removed from server.xml.</p>
<p>The <strong>address</strong> attribute may be used to control which IP
- address the connector listens on for connections. By default, the
- connector listens on all configured IP addresses.</p>
+ address a connector listens on for connections. By default, a connector
+ listens on all configured IP addresses.</p>
<p>The <strong>allowTrace</strong> attribute may be used to enable TRACE
requests which can be useful for debugging. Due to the way some browsers
diff --git a/webapps/docs/setup.xml b/webapps/docs/setup.xml
index d241811..e5c9d51 100644
--- a/webapps/docs/setup.xml
+++ b/webapps/docs/setup.xml
@@ -85,7 +85,6 @@
<li>JavaHome</li>
<li>TomcatPortShutdown</li>
<li>TomcatPortHttp</li>
- <li>TomcatPortAjp</li>
<li>TomcatMenuEntriesEnable</li>
<li>TomcatShortcutAllUsers</li>
<li>TomcatServiceDefaultName</li>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org