Re: Preventing httpd from accessing WEB-INF contents

You're right I did misunderstand the Location directive. Its at the top of the config file now, working fine :) On Wed, Nov 25, 2009 at 1:31 PM, André Warnier wrote: > Jonathan Mast wrote: > >> My understanding of Location directives is that cannot be used with regex >> and if not then thats no

Re: Preventing httpd from accessing WEB-INF contents

Jonathan Mast wrote: My understanding of Location directives is that cannot be used with regex and if not then thats not what I'm looking for. Then your understanding of Location directives is wrong. Why don't you look up the original article ? http://httpd.apache.org/docs/2.2/mod/core.html#loc

Re: Preventing httpd from accessing WEB-INF contents

Thanks! I had to make a slight adjustment to get it to work fully: AllowOverride none deny from all Now foo.mysite.com/WEB-INF/* and foo.mysite.com/another_context/WEB-INF/*are blocked. I did get this message on httpd shutdown and startup: [warn] Useless use of AllowOveride ... Removing it

Re: Preventing httpd from accessing WEB-INF contents

On 25/11/2009 18:07, Tim Funk wrote: Equally well AllowOverride none deny from all The docs say AllowOverride is not allowed on regex's so I believe in reality - this could be overridden with effort. In that case a standard include containing the config for each virtual host, might be an i

Re: AD Authentication

Samuel Penn wrote: ... After all, if all software was Open Source and never charged for, what would we all be doing for a living ? Same as many of us probably already do - consultancy and support. Thinking about this forum, and the work of the Tomcat developers, I meant that part too of cours

Re: Preventing httpd from accessing WEB-INF contents

Equally well AllowOverride none deny from all The docs say AllowOverride is not allowed on regex's so I believe in reality - this could be overridden with effort. -Tim Pid wrote: On 25/11/2009 16:47, Nikolay Diulgerov wrote: Try AllowOverride None deny from all

Re: Preventing httpd from accessing WEB-INF contents

My understanding of Location directives is that cannot be used with regex and if not then thats not what I'm looking for. I have multiple contexts underneath multiple (virtual) hosts. I need a VirtualHost level directive that will block any attempts to access */WEB-INF/* on that host. Adding a n

Re: Preventing httpd from accessing WEB-INF contents

On 25/11/2009 16:47, Nikolay Diulgerov wrote: Try AllowOverride None deny from all Probably a better solution would be: AllowOverride None deny from all AllowOverride None deny from all ... but we're really just guessing what config is

mod_jk.log errors

Greetings, I'm setting up a new apache system using mod_jk to talk to 8 JBoss instances on a separate server and I'm seeing a lot of entries in the mod_jk.log that I find troubling. Here is a snippet: [Wed Nov 25 10:32:31.727 2009] [9435:2088340368] [info] ajp_send_request::jk_ajp_common.c (1402)

Re: Preventing httpd from accessing WEB-INF contents

Am Wed, 25 Nov 2009 11:13:19 -0500 schrieb Jonathan Mast : > I need something that will be apply globally and can't be overridden > by VirtualHost directives. Why don't you use a standard like Location/Order/Deny/Allow in the vhosts config to deny access to WEB-INF, etc.? Individual config-fil

Re: Preventing httpd from accessing WEB-INF contents

yes I am keeping the all the web-app stuff in place. I don't have the time to re-architect my entire system to your suggested format. I really need to just prevent httpd from accessing anything with "WEB-INF" in the url. On Wed, Nov 25, 2009 at 11:21 AM, Pid wrote: > On 25/11/2009 16:13, Jonat

Re: Preventing httpd from accessing WEB-INF contents

On 25/11/2009 16:13, Jonathan Mast wrote: Can someone please provide the magical httpd config-cantation that will block httpd from accessing anything in WEB-INF directories? I need something that will be apply globally and can't be overridden by VirtualHost directives. I've dug around the httpd

Preventing httpd from accessing WEB-INF contents

Can someone please provide the magical httpd config-cantation that will block httpd from accessing anything in WEB-INF directories? I need something that will be apply globally and can't be overridden by VirtualHost directives. I've dug around the httpd config documentation and I'm just not under

Re: AD Authentication

On Wed, 25 Nov 2009 12:47:34 +0100, "André Warnier" wrote: > Samuel Penn wrote: >> On Tue, 24 Nov 2009 19:50:59 +0100, "André Warnier" >> wrote: >>> Samuel Penn wrote: Hi all, I'm trying to get Tomcat to authenticate against Active Directory, but failing >>> ... >>> Not direct

RE: AD Authentication

> From: Samuel Penn [mailto:s...@glendale.org.uk] > Subject: RE: AD Authentication > > I take it I need to configure debug through log4j now then? No, set the desired level of information capture in conf/logging.properties. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE

Re: ArrayIndexOutOfBoundsException

On 25/11/2009 14:05, geoff...@fileflow.com wrote: On 25 Nov 2009, at 14:34, Felix Schumacher wrote: Am Dienstag, den 24.11.2009, 17:57 +0100 schrieb geoff...@fileflow.com: Hi everyone. I'm stuck with a problem I don't understand. We have a tomcat server and after redeploying our war file,

Re: ArrayIndexOutOfBoundsException

Java is the same and no APR. On 25 Nov 2009, at 15:10, Pid wrote: > On 25/11/2009 14:04, geoff...@fileflow.com wrote: >> >> Hardware is different. The one working is a much older machine we use as >> development server (less memory, older CPU, less disk, etc). OS is the same >> and apache is

Re: ArrayIndexOutOfBoundsException

On 25/11/2009 14:04, geoff...@fileflow.com wrote: Hardware is different. The one working is a much older machine we use as development server (less memory, older CPU, less disk, etc). OS is the same and apache is 6.0.18 on dev and 6.0.20 on the problem server (but it doesn't work with 6.0.18

Re: ArrayIndexOutOfBoundsException

On 25 Nov 2009, at 14:34, Felix Schumacher wrote: > Am Dienstag, den 24.11.2009, 17:57 +0100 schrieb geoff...@fileflow.com: >> Hi everyone. >> >> >> I'm stuck with a problem I don't understand. We have a tomcat server >> and after redeploying our war file, we get this error: >> > ... > Are "i

Re: ArrayIndexOutOfBoundsException

On 25 Nov 2009, at 14:08, Pid wrote: > On 25/11/2009 13:03, geoff...@fileflow.com wrote: >> >> On 25 Nov 2009, at 13:26, Pid wrote: >> >>> On 25/11/2009 12:13, geoff...@fileflow.com wrote: On 25 Nov 2009, at 12:53, Pid wrote: > On 25/11/2009 11:30, geoff...@fileflow.com wr

Re: Tomcat Https loadbalancing??

Hello David, > Nice if you've got that sort of money. I will go further, I feel the price of the famous hardware load balancers is completely excessive in comparison with the other components we use on production. It is very common to see on production small servers (cheap dual x86 processors,

Re: ArrayIndexOutOfBoundsException

Am Dienstag, den 24.11.2009, 17:57 +0100 schrieb geoff...@fileflow.com: > Hi everyone. > > > I'm stuck with a problem I don't understand. We have a tomcat server > and after redeploying our war file, we get this error: > ... Are "in" and "out" instance variables? They should be method variables,

Re: ArrayIndexOutOfBoundsException

On 25/11/2009 13:03, geoff...@fileflow.com wrote: On 25 Nov 2009, at 13:26, Pid wrote: On 25/11/2009 12:13, geoff...@fileflow.com wrote: On 25 Nov 2009, at 12:53, Pid wrote: On 25/11/2009 11:30, geoff...@fileflow.com wrote: On 25 Nov 2009, at 11:10, Pid wrote: On 25/11/2009 08:17, geoff

Re: ArrayIndexOutOfBoundsException

On 25 Nov 2009, at 13:26, Pid wrote: > On 25/11/2009 12:13, geoff...@fileflow.com wrote: >> >> On 25 Nov 2009, at 12:53, Pid wrote: >> >>> On 25/11/2009 11:30, geoff...@fileflow.com wrote: On 25 Nov 2009, at 11:10, Pid wrote: > On 25/11/2009 08:17, geoff...@fileflow.com >

Re: Tomcat Https loadbalancing??

jkv wrote: Hello, We are using Tomcat 6.0 and running HTTPS (enabled SSL). The number of requests has grown up and we have decided to do go for clustering and loadbalancing. We have decided to go for Apache and mod_proxy/mod_jk loadbalacing. My certificate resides in Tomcat. In order to loadb

Re: ArrayIndexOutOfBoundsException

On 25/11/2009 12:13, geoff...@fileflow.com wrote: On 25 Nov 2009, at 12:53, Pid wrote: On 25/11/2009 11:30, geoff...@fileflow.com wrote: On 25 Nov 2009, at 11:10, Pid wrote: On 25/11/2009 08:17, geoff...@fileflow.com wrote: I changed the size to 4K, 50K and

Re: ArrayIndexOutOfBoundsException

On 25 Nov 2009, at 12:53, Pid wrote: > On 25/11/2009 11:30, geoff...@fileflow.com wrote: >> On 25 Nov 2009, at 11:10, Pid wrote: >> >>> On 25/11/2009 08:17, geoff...@fileflow.com >>> wrote: I changed the size to 4K, 50K and 1 byte without any luck. >>> >>> Wh

Re: ArrayIndexOutOfBoundsException

On 25/11/2009 11:30, geoff...@fileflow.com wrote: On 25 Nov 2009, at 11:10, Pid wrote: On 25/11/2009 08:17, geoff...@fileflow.com wrote: I changed the size to 4K, 50K and 1 byte without any luck. What about adding a byte counter to catch when the exception occu

Re: Tomcat Https loadbalancing??

On 25/11/2009 11:03, David Cassidy wrote: Pid, there is no need to have a commercial grade cert between your httpd and tomcat as thats in essence a private comms channel between your 2 servers the client won't know / see / care Use a self sign - as long as httpd has your cert all should be well

Re: AD Authentication

Samuel Penn wrote: On Tue, 24 Nov 2009 19:50:59 +0100, "André Warnier" wrote: Samuel Penn wrote: Hi all, I'm trying to get Tomcat to authenticate against Active Directory, but failing ... Not directly related to what your current issue is, but just as information : http://www.ioplex.com/jes

RE: Tomcat Https loadbalancing??

We use network appliances that sit above Apache Web Server and takes care of all SSL encryption/decryption. This ensures all border<->client communication is secured whilst traffic within our estate is purely http/ajp. The level of security in our virtual circuits and inter-segment firewalls ensu

Re: ArrayIndexOutOfBoundsException

On 25 Nov 2009, at 11:10, Pid wrote: > On 25/11/2009 08:17, geoff...@fileflow.com wrote: >> I changed the size to 4K, 50K and 1 byte without any luck. > > What about adding a byte counter to catch when the exception occurs? It happens totally at random. Sometimes after 200KB sometimes after 250M

Re: Tomcat Https loadbalancing??

Cyrille, Nice if you've got that sort of money. it is quite cool because you can off-load the https part so some custom hardware - again cool if you've got the money Personally i prefer mod_proxy_ajp with the balancing as well. D On 25/11/09 10:57, Cyrille Le Clerc wrote: Hello, As R

Re: Tomcat Https loadbalancing??

On 25/11/09 10:36, Peter Crowther wrote: 2009/11/25 jkv: I got one small doubt in the last point that you said. In this environment, you only want your "public" certificate on httpd. Tomcat will not be doing anything that uses it, so don't put a copy on those machines. this means that I

Re: Tomcat Https loadbalancing??

Pid, there is no need to have a commercial grade cert between your httpd and tomcat as thats in essence a private comms channel between your 2 servers the client won't know / see / care Use a self sign - as long as httpd has your cert all should be well D On 25/11/09 10:32, Pid wrote: On 2

Re: Tomcat Https loadbalancing??

Hello, As Ronald said, we made some drawings on a detailed document "Tomcat, SSL, secure communications and X-Forwarded-Proto" (1) that explains solutions to handle HTTPS at the Tomcat, Apache Httpd and Load Balancer layers. The document is written in french but the google translation is qu

Re: Tomcat Https loadbalancing??

Always make a drawing. client -> https -> tcp-loadbalancer -> still same https connection-> multiple tomcats client -> https -> http-loadbalancer (Apache, proxy) -> new ajp/http(s) connection-> multiple tomcats Normally the loadbalancer and tomcats are in the same private network. It is your

Re: Tomcat Https loadbalancing??

2009/11/25 jkv : > I got one small doubt in the last point that you said. > > In this environment, you only want your "public" certificate on httpd. > Tomcat will not be doing anything that uses it, so don't put a copy > on those machines. > > this means that I will not enable SSL in my tomcat.. I

Re: Tomcat Https loadbalancing??

On 25/11/2009 10:28, jkv wrote: Thanks David, I would imagine that with mod_proxy you could load balance https requests so that the https request goes to httpd then its load balanced between https requests to multiple tomcats. What you'll loose over the ajp protocol i'm sure someone will let us

Re: Advise on configuring SSL

On 25/11/2009 08:43, CBy wrote: Hi, In my current working environment, Tomcat 6.0.18 is behind Apache. I don't know why they chose this setup, because Apache only acts as a proxy, it doesn't host anything. I do have experience in setting up SSL for stand-alone Tomcat, but have no experience with

Re: Tomcat Https loadbalancing??

Thanks David, I would imagine that with mod_proxy you could load balance https requests so that the https request goes to httpd then its load balanced between https requests to multiple tomcats. What you'll loose over the ajp protocol i'm sure someone will let us know That sounds good but when

Re: Tomcat Https loadbalancing??

On 25/11/2009 10:18, jkv wrote: Thanks Peter, That really helps me a lot. I got one small doubt in the last point that you said. In this environment, you only want your "public" certificate on httpd. Tomcat will not be doing anything that uses it, so don't put a copy on those machines. this

Re: Tomcat Https loadbalancing??

Thanks Peter, That really helps me a lot. I got one small doubt in the last point that you said. In this environment, you only want your "public" certificate on httpd. Tomcat will not be doing anything that uses it, so don't put a copy on those machines. this means that I will not enable SSL i

Re: ArrayIndexOutOfBoundsException

On 25/11/2009 08:17, geoff...@fileflow.com wrote: I changed the size to 4K, 50K and 1 byte without any luck. What about adding a byte counter to catch when the exception occurs? p Best Regards Geoffrey Phone Norway: +47 45 86 53 83 Fileflow Technologies AS Ole Deviks vei 35, 0668 Oslo,

Re: Tomcat Https loadbalancing??

2009/11/25 jkv : > We are using Tomcat 6.0 and running HTTPS (enabled SSL). The number of > requests has grown up and we have decided to do go for clustering and > loadbalancing. We have decided to go for Apache and mod_proxy/mod_jk > loadbalacing. My certificate resides in Tomcat. > > In order to

Re: Tomcat Https loadbalancing??

Hey Yes if you want httpd to load balance https requests you do need it to handle the https connection - and hence it needs the keys, certs etc Sadly the ajp protocol is in fact insecure if you have the httpd and tomcat on separate boxes you do have a security issue as the connection is transp

Re: Advise on configuring SSL

Hello CBy, My preference to handle SSL at the Apache Httpd level is to insert a header "x-forwarded-proto=http|https" in Apache with mod_header, to transmit the request in clear http to tomcat and then to intercept this "x-forwarded-proto" header in Tomcat with the RemoteIpValve. This val

Re: Redirecting a port to a webapp

On 25/11/2009 07:24, Looijmans, Mike wrote: I think so too. My personal doubt is still about how Tomcat would try map a request that comes in as "/", "" being variable and being NOT "myapp". Since it does not find a match with "/myapp", and since obviously there cannot be an infinity of

RE: AD Authentication

On Tue, 24 Nov 2009 13:04:34 -0600, "Caldarale, Charles R" wrote: >> From: Samuel Penn [mailto:s...@glendale.org.uk] >> Subject: AD Authentication > >> >connectionURL="ldap://172.17.10.100:389"; >>connectionName="cn=SvcUser,cn=users,dc=myorg,dc=local" >>connectionPassword=

Tomcat Https loadbalancing??

Hello, We are using Tomcat 6.0 and running HTTPS (enabled SSL). The number of requests has grown up and we have decided to do go for clustering and loadbalancing. We have decided to go for Apache and mod_proxy/mod_jk loadbalacing. My certificate resides in Tomcat. In order to loadbalance HTTPS

Re: AD Authentication

On Tue, 24 Nov 2009 19:50:59 +0100, "André Warnier" wrote: > Samuel Penn wrote: >> Hi all, >> >> I'm trying to get Tomcat to authenticate against Active Directory, but >> failing > ... > Not directly related to what your current issue is, but just as > information : http://www.ioplex.com/jespa.h

Re: ArrayIndexOutOfBoundsException

You can compile Tomcat yourself and insert some debug statements at the location of the exception. Ronald. Op dinsdag, 24 november 2009 18:17 schreef geoff...@fileflow.com: The bytesRead returns the size of the buffer (8KB) every time. I also debug and I can't find anything wrong. Input

Advise on configuring SSL

Hi, In my current working environment, Tomcat 6.0.18 is behind Apache. I don't know why they chose this setup, because Apache only acts as a proxy, it doesn't host anything. I do have experience in setting up SSL for stand-alone Tomcat, but have no experience with Apache whatsoever. Since I d

Re: ArrayIndexOutOfBoundsException

On 25 Nov 2009, at 04:14, Konstantin Kolinko wrote: > 2009/11/24 : >> HTTP connector. I'll attach the conf folder from tomcat. >> >> >> >> >> >> Best Regards >> >> Geoffrey >> >> Phone Norway: +47 45 86 53 83 >> Fileflow Technologies AS >> Ole Deviks vei 35, 0668 Oslo, Norway >> >>

Re: ArrayIndexOutOfBoundsException

I changed the size to 4K, 50K and 1 byte without any luck. Best Regards Geoffrey Phone Norway: +47 45 86 53 83 Fileflow Technologies AS Ole Deviks vei 35, 0668 Oslo, Norway - On 25 Nov 2009, at 00:28, Pid wrote: > On 24/11/2009 20:03, Konstantin Kolink