Re: Problem with tomcat connector in IIS using tomcat 9.0.31

Thanks Christopher, Am 12.03.2020 um 16:11 schrieb Christopher Schultz: > The complete new default pattern is: > > > (javax\.servlet\.request\.(cipher_suite|key_size|ssl_session|X509Certifi > cate)|CERT_(ISSUER|SUBJECT|COOKIE|FLAGS|SERIALNUMBER)|HTTPS_(SERVER_SUBJ > ECT|SECRETKEYSIZE|SERVER_ISSUER

Re: Problem with tomcat connector in IIS using tomcat 9.0.31

Hi Christopher, Am 09.03.2020 um 22:50 schrieb Christopher Schultz: > That's not a super-secure solution. You really should specify a > correct whitelist pattern instead of "accept all". thanks for your comment. You are fully right, but as this seem to will be fixed with the next tomcat version,

Re: Problem with tomcat connector in IIS using tomcat 9.0.31

Am 04.03.2020 um 09:17 schrieb Martin Grigorov: > Please read this discussion: > https://lists.apache.org/thread.html/r9f3a2ea48f2e76f7c092ea2dc4caec7d15c86f7773281ef6c8cdb817%40%3Cusers.tomcat.apache.org%3E > > The problem and a workaround are explai

Problem with tomcat connector in IIS using tomcat 9.0.31

Dear all, as tomcat version 9.0.31 has some security fixes included I tried to do an upgrade. On the IIS tomcat connector version 1.2.46 is installed. As secret I use a 32 character long alpha numeric string, I name it here token. In the workers.properties I tried to define it on the load bal