[ANN] Clustering broken 5.5.10-5.5.14
I've been getting a good amount of emails regarding the clustering system being broken in Tomcat 5.5, so I thought I make the announcement here so that we can clear the air once and for all. In tomcat 5.5.10 the underlying communication protocol for the clustering system changed, and not only made the release incompatible with any previous release, but also broke the system completely. This change should have never seen the codebase, but it did. We apologize for this error, it has been fixed in 5.5.15, in the future, we advise developers to not change protocol and low level code in dot-dot releases without complete regression testing. Filip - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to forward external-ip-facing requests from ApacheHTTPServer to Tomcat?
use mod_proxy, much easier, and in our tests has proven to scale better, and you will wanna look for a directive called ProxyHostPreserve so that request.getServerName returns the right name, then the IP address will be stored in x-forwarded-for header in the HTTP request. Filip > Hello Everyone, > > I have successfully configured Apache to forward requests to my Tomcat > instance. But it does so...only for requests whose IP resolves to > 127.0.0.1 > > If I try to access a page through apache server (that's actually on > tomcat) > with the outside-facing-ip of my computer it fails. > > For example: > 1) URL: "http://12.34.56.78:666/blah/serveMe.html";FAILS with a > 404 (apache does not forward properly) > > 2) URL: "http://12.34.56.78:8080/blah/serveMe.html"; SUCCEEDS > (tomcat seems to be ok when it gets the request directly, so it has to be > a > forwarding failure by apache in the previous case) > > 3) URL: "http://my.domain.com:666/blah/serveMe.html"; SUCCEEDS (I have > " > my.domain.com" mapped to "127.0.0.1" in my windows' hosts file) > > 4) URL: "http://localhost:666/blah/serveMe.html";SUCCEEDS > > I think this happens because the 1st request (the one with the outside > facing ip) is not forwarded to Tomcat by apache. > a) The apache error logs show that Apache is trying to look for the page > in > the wrong place > b) The access logs ofcourse show a 404 because it can't find the page to > serve > > Now, I have read a few threads and been on a few forums and apparently my > worker.properties file is supposed to be as simple as this: > > worker.list=ajp13 > worker.ajp13.port=8009 > worker.ajp13.host=my.domain.com > worker.ajp13.type=ajp13 > --- > > I also tried putting my outside-facing-ip and localhost as values for " > worker.ajp13.host" but it didn't seem to make any difference at all. > > In that case I must ask all of you: > Question 1: How do I go about configuring apache to forward the > outside-facing-ip requests to Tomcat? If it is not done in > workers.properties...then where is it handled? > Question 2: Or am I wrong and it is actually handled by > workers.properties? > Even then, how? > > Thanks in advance to all those who answer and all those who take the time > to > read this. > > Cheers, > - Pulkit > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Apache Cookie Buffer Overflow
you scanner "may not work so well", it thinks that Tomcat is Apache httpd, The warnings you see, and the suggested fix, are related to httpd.apache.org, not tomcat.apache.org two different prouducts > Hello, > > We just installed a JBOSS server in our production Environment... > Apparently JBOSS came bundled with Apache Tomcat/5.5.9 > > Our current environment is: > Windows 2003 SP1 > JBOSS 4.0.2 > JVM Version: 1.4.2_11-b06 > Apache Tomcat/5.5.9 > > Our security scanner has picked up 2 security vulnerabilities on this > server. > > "Apache Cookie Buffer Overflow" > "HTTP Buffer Overflows" > > Our security scanner indicated that we need to upgrade from Apache v1.1.1 > to v1.3.2... but since we are already on Apache Tomcat/5.5.9... I don't > think that is correct. > > The scanner also indicated that we may be able to change a field in Apache > called LimitRequestFieldsize... Thus far I have been unable to find this > LimitRequestFieldsize field in any of our config files... > > Is the LimitRequestFieldsize in Apache V.1.1.1 the same as > maxHttpHeaderSize in Apache Tomcat/5.5.9? > > Any suggestions would be appreciated. > Thank you > --Doug > > > > > > > > > CONFIDENTIALITY NOTICE: This message (including any attachments) may > contain Molex confidential information, protected by law. If this message > is confidential, forwarding it to individuals, other than those with a > need to know, without the permission of the sender, is prohibited. > > This message is also intended for a specific individual. If you are not > the intended recipient, you should delete this message and are hereby > notified that any disclosure, copying, or distribution of this message or > taking of any action based upon it, is strictly prohibited. > > Chinese Japanese > > www.molex.com/confidentiality.html > > - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: SSL Setup From Site
what version of Tomcat and what are the logs saying? Filip Quoting Jim Reynolds <[EMAIL PROTECTED]>: After creating a new Host, I now want to set up SSL on it. Following the docs I did the following: 1) create keystore E:\Tomcat\bin\DEVKEY>keytool -genkey -alias tomcat -keyalg RSA -keystore E:/Tomc at/bin/DEVKEY/devKeystore answered questions. 2) made sure passwords were same. (changeit) 3) uncomment out the // added above keystore location. 4) restarted tomcat, but I do not get ssl? http://devsite (still happy) https://devsite (canot connect) I am running all local here, no external hassles. Now while reading the docs for nth time, I am wondering if I need to create a certificate or not? It is hard to tell as they roll into discussing openSSL or verisign/Thawte. Anyway, If I am missing a step here, please let me know, Sincerely - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Incorrect cookie value in tomcat5.5.26
hi Sushil
that scenario works just fine for me. you would have to show your actual
code (and a test case) for me to analyze your actual problem
Filip
Sushil Vegad wrote:
> Hello Filip,
>
> Please let me know your thoughts on this.
>
> Our scenario is:
> We set the username in the cookie when the user logs in. I open a new
> browser instance, log-in and the cookie is set. If I logout of the
> application and return to login screen (on the same browser instance) the
> cookie is found.
>
> PROBLEM:
> If I use a NEW browser instance to go to the login page, the cookie is NOT
> found.
>
> On login submit, we set the cookie -
> Cookie cookie = new Cookie(Constants.REMEMBERME, username);
> cookie.setVersion(1);
> cookie.setMaxAge(Integer.MAX_VALUE);
> response.addCookie(cookie);
>
>
> On requesting the login page, we check if the cookie was set -
>
> Cookie cookies[] = request.getCookies();
> String username = "";
> for (int i = 0; i < cookies.length; i++) {
> Cookie c = cookies[i];
> if (c.getName().equals(Constants.REMEMBERME)) {
> username = c.getValue();//Set username in the login field
> break;
> }
> }
>
> This code did not have an issue with tomcat 5.0
> Thanks,
> Sushil
>
>
> -Original Message-
> From: Filip Hanik - Dev Lists [mailto:[EMAIL PROTECTED]
> Sent: Monday, February 25, 2008 6:54 PM
> To: Tomcat Users List
> Subject: Re: Incorrect cookie value in tomcat5.5.26
>
> what is your scenario,
>
> the following code worked for me, even though the browser doesn't send
> up cookie version
>
> <%
> javax.servlet.http.Cookie[] cs = request.getCookies();
> String value = null;
> for (Cookie co : cs) {
> if ("test".equals(co.getName())) value = co.getValue();
>
> }
>
> javax.servlet.http.Cookie c = new
> javax.servlet.http.Cookie("test","someemail=somedomain.com");
> c.setVersion(1);
> c.setMaxAge(100);
> response.addCookie(c);
>
> %>
> done!
> <%=value%>
>
>
>
> Sushil Vegad wrote:
>
>> Hello,
>>
>> cookie.setVersion(1) remembers the cookie only for the browser session. A
>> new browser does not have access to the cookie
>>
>> We did cookie.setMaxAge(Integer.MAX_VALUE) but that doesn't help.
>>
>> Any thoughts please?
>>
>> Thanks,
>> Sushil Vegad
>> Technical Lead, Scheduling Project
>> Serebrum Corporation - translating strategy into results
>> Work: 609.777.3563
>> Cell: 732.216.4908
>> Email: [EMAIL PROTECTED]
>> Conference Dial-in: 1-218-486-1300, Bridge: 427526
>>
>>
>> -Original Message-
>> From: Filip Hanik - Dev Lists [mailto:[EMAIL PROTECTED]
>> Sent: Monday, February 11, 2008 11:54 AM
>> To: Tomcat Users List
>> Subject: Re: Incorrect cookie value in tomcat5.5.26
>>
>> not broken, corrected. the java doc says
>>
>>
>> setValue
>>
>> public void *setValue*(String
>> newValue)
>>
>> Assigns a new value to a cookie after the cookie is created. If you
>> use a binary value, you may want to use BASE64 encoding.
>>
>> With Version 0 cookies, values should not contain white space,
>> brackets, parentheses, equals signs, commas, double quotes, slashes,
>> question marks, at signs, colons, and semicolons. Empty values may
>> not behave the same way on all browsers.
>>
>> *Parameters:*
>> |newValue| - a |String| specifying the new value
>>
>>
>> to fix this, all you need to do is
>>
>> cookie.setVersion(1);
>>
>> Filip
>>
>> Konstantin Kolinko wrote:
>>
>>
>>> I guess the cause is the same as for tomcat 6.0.16.
>>> See messages entitles "Cookies are broken in 6.0.16?".
>>>
>>> http://www.nabble.com/Cookies-are-broken-in-6.0.16--to15369118.html
>>>
>>> -
>>> To start a new topic, e-mail: users@tomcat.apache.org
>>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>>> For additional commands, e-mail: [EMAIL PROTECTED]
>>>
>>>
>>>
>>>
>>>
>>>
>> -
>> To start a new topic, e-mail: users@tomcat.apache.org
>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> For additional commands, e-mail: [EMAIL PROTECTED]
>>
>>
>>
>>
>>
>> -
>> To start a new topic, e-mail: users@tomcat.apache.org
>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> For additional commands, e-mail: [EMAIL PROTECTED]
>>
>>
>>
>>
>>
>
>
> -
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>
>
>
> -
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>
>
---
