You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by rj...@apache.org on 2010/03/15 16:40:37 UTC

svn commit: r923303 - in /tomcat/jk/trunk/xdocs: miscellaneous/changelog.xml webserver_howto/iis.xml

Author: rjung
Date: Mon Mar 15 15:40:37 2010
New Revision: 923303

URL: http://svn.apache.org/viewvc?rev=923303&view=rev
Log:
Grammar and style improvements in the IIS howto.
Also some clarifications about serving static content by IIS.
Patch provided by André Warnier.

Modified:
    tomcat/jk/trunk/xdocs/miscellaneous/changelog.xml
    tomcat/jk/trunk/xdocs/webserver_howto/iis.xml

Modified: tomcat/jk/trunk/xdocs/miscellaneous/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/jk/trunk/xdocs/miscellaneous/changelog.xml?rev=923303&r1=923302&r2=923303&view=diff
==============================================================================
--- tomcat/jk/trunk/xdocs/miscellaneous/changelog.xml (original)
+++ tomcat/jk/trunk/xdocs/miscellaneous/changelog.xml Mon Mar 15 15:40:37 2010
@@ -55,6 +55,11 @@
         to prevent conversion of underscores '_' to hyphens '-' in header names.
         Old behaviour can be enabled by defining USE_CGI_HEADERS. (timw)
       </fix>
+      <update>
+        Docs: Grammar and style improvements and clarification about serving
+        static content by IIS.
+        Patch provided by Andr&#233; Warnier. (rjung)
+      </update>
       <fix>
         Docs: Update subversion paths used in docs. (rjung)
       </fix>

Modified: tomcat/jk/trunk/xdocs/webserver_howto/iis.xml
URL: http://svn.apache.org/viewvc/tomcat/jk/trunk/xdocs/webserver_howto/iis.xml?rev=923303&r1=923302&r2=923303&view=diff
==============================================================================
--- tomcat/jk/trunk/xdocs/webserver_howto/iis.xml (original)
+++ tomcat/jk/trunk/xdocs/webserver_howto/iis.xml Mon Mar 15 15:40:37 2010
@@ -142,7 +142,7 @@ filter function for each in-coming reque
 <li>
 The filter then tests the request URL against a list of URI-paths held inside uriworkermap.properties, 
 If the current request matches one of the entries in the list of URI-paths, 
-the filter transfer the request to the extension.
+the filter transfers the request to the extension.
 </li>
 <li>
 The extension collects the request parameters and forwards them to the appropriate worker using the defined
@@ -202,7 +202,7 @@ Adding more contexts to the configuratio
 <p>
 In this document I will assume that isapi_redirect.dll is placed in 
 <b>c:\tomcat\bin\win32\i386\isapi_redirect.dll</b> and 
-that you created the properties files are in <b>c:\tomcat\conf</b>.
+that the properties files which you created are in <b>c:\tomcat\conf</b>.
 </p>
 <p>
 <ol>
@@ -312,36 +312,28 @@ uriworkermap.properties will be:
 </source>
 
 After saving uriworkermap.properties restart IIS and it will serve the new context.
-
-<p>
-A feature is present till Tomcat 3.2, where a uriworkermap.properties-auto is automatically 
-written each time Tomcat is started. This file includes settings for each of the contexts that 
-Tomcat will serve during its run. 
-</p>
-<p>
-Each context has settings to have Tomcat handle servlet and JSP requests, 
-but by default static content is left to be served by IIS. 
-</p>
 <p>
-Each context also has a commented out setting to have Tomcat handle all requests to the context. 
-You can rename this file (so it won't be overwritten the next time Tomcat is started) and 
-uncomment this setting or make other customisations. 
-</p>
-<p>
-You may also use this file as is in your worker_mount_file setting.
+The above should be all you need for IIS to pass through to Tomcat any request for any URI which corresponds
+to a Tomcat context (webapp).
 </p>
 </subsection>
 
 <subsection name="Advanced Context Configuration">
 <p>
-Sometimes it is better to have IIS serve the static pages (html, gif, jpeg etc.) 
-even if these files are part of a context served by Tomcat. 
+If your webiste is very busy (more than 100 requests/second, or more than 100 simultaneous client connections),
+it might sometimes be desirable to have IIS serve static content (html, gif, jpeg etc.) directly, 
+even if these files are part of a context served by Tomcat.  Allowing IIS to serve such files directly may
+ avoid the small overhead consisting of passing the request to Tomcat via the redirector, and may free up
+ Tomcat somewhat, by using it only to process requests that only Tomcat can handle (e.g. requests to JSP pages and java servlets).
 </p>
 <p>
-For example, consider the html and gif files in the examples context, there is no need 
-to serve them from the Tomcat process, IIS will suffice.
-</p>
-
+For example, consider the html and gif files in the examples context : you could serve these files directly
+with IIS; there is no need to serve them from the Tomcat process.
+</p>
+<warn>However, you should be very careful when you implement the following configuration style, because by doing so you are
+in fact providing a "back-door" to IIS, and allowing it to serve files out of a Tomcat context without Tomcat's knowledge,
+thus bypassing any security
+restrictions which Tomcat itself and the Tomcat context (webapp) may place on those files.</warn>
 <p>
 Making IIS serve static files that are part of the Tomcat contexts requires the following:
 <ol>
@@ -361,7 +353,7 @@ For example adding a /example IIS virtua
 
 <p>
 Configuring the redirector is somewhat harder, you will need to specify the exact 
-URL-Path pattern(s) that you want Tomcat to handle (usually only JSP files and servlets). 
+URL-Path pattern(s) which you want Tomcat to handle (usually only JSP files and servlets). 
 This requires a change to the uriworkermap.properties : 
 
 <source>
@@ -377,7 +369,6 @@ This requires a change to the uriworkerm
 As you can see the second configuration is more explicit, it actually instruct the redirector 
 to redirect only requests to resources under /examples/servlet/ and resources under /examples/ 
 whose name ends with .jsp. 
-This is similar to what is automatically written to the uriworkermap.properties-auto file for each context.
 </p>
 
 <p>
@@ -389,40 +380,42 @@ You can even be more explicit and provid
 </p>
 
 <p>
-that instructs the redirector to redirect request whose URL-Path equals /example/servletname 
+that instructs the redirector to redirect all requests whose URL-path matches the leading string "/example/servletname" 
 to the worker named defworker.
 </p>
 
 </subsection>
 
-<subsection name="Protecting the WEB-INF Directory">
-<p>
-Each servlet application (context) has a special directory named WEB-INF, 
-this directory contains sensitive configurations data and Java classes and must be kept hidden from web users. 
-Using the IIS management console it is possible to protect the WEB-INF directory from user access, 
-this however requires the administrator to remember that. 
+<subsection name="Protecting the content of your Tomcat contexts">
+<p>Once again, be aware that by allowing IIS to access the content of your Tomcat context directly, you are
+potentially bypassing Tomcat's protection of that content.  You should thus make sure to protect this content
+at the IIS level if needed, by using the corresponding IIS management console functions. 
 </p>
 <p>
-To avoid this need the redirector plugin automatically protects your WEB-INF directories by rejecting 
-any request that contains WEB-INF in its URL-Path.
+In particular, each servlet application (context) has a special directory named WEB-INF, 
+which contains sensitive configuration data and Java classes, and which should always be kept hidden from web users. 
+Using the IIS management console it is possible to protect the WEB-INF directory from user access, but considering that
+this is a general requirement, and considering that it is easy to forget to implement this protection
+at the IIS level, the redirector plugin does it automatically for you, and it will reject any request
+which contains WEB-INF in its URL-path. 
 </p>
 </subsection>
 
 <subsection name="Advanced Worker Configuration">
 <p>
-Sometimes you want to serve different contexts with different Tomcat processes 
+Sometimes you may want to serve different contexts with different Tomcat processes 
 (for example to spread the load among different machines). 
-To achieve such goal you will need to define several workers and assign each context with its own worker.
+To achieve such a goal you will need to define several workers and assign each context to its own worker.
 </p>
 <p>
-Defining workers is done in workers.properties, this file includes two types of entries:
+Defining additional workers is done in the workers.properties file. This file includes two types of entries:
 </p>
 
 <p>
 <source>
   # An entry that lists all the workers defined
   worker.list=worker1, worker2
-  # Entries that define the host and port associated with these workers
+  # Entries that define the host and port associated with each of these workers
   worker.worker1.host=localhost
   worker.worker1.port=8009
   worker.worker1.type=ajp13
@@ -458,8 +451,8 @@ and in the <a href="../reference/workers
 
 <section name="Building ISAPI redirector">
 <p>
-The redirector was developed using Visual C++ Ver.6.0, so having this environment is a prereq if you want 
-to perform a custom build. You should also have IIS developer SDK
+The redirector was developed using Visual C++ Ver.6.0, so having this environment is a prerequisite if you want 
+to perform a custom build. You should also have the IIS developer SDK.
 
 The steps that you need to take are:
 <ul>



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org