ions will do this automatically.
>
> Mark
>
>
> >
> > Thank you,
> > Ellen
> >
> >
> > On Wed, Feb 26, 2020 at 9:25 AM
> > wrote:
> >
> >> -Original Message-
> >>> From: Mark Thomas
> >>> Sent: Wednes
, February 26, 2020 11:18 AM
To: users@tomcat.apache.org
Subject: Re: [OT] At wits end: Difficulties with IIS ISAPI connector and Tomcat
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Jon,
On 2/26/20 09:25, jonmcalexan...@wellsfargo.com.INVALID wrote:
> -Original Message-
>> From: Ma
m: Mark Thomas
>>> Sent: Wednesday, February 26, 2020 5:19 AM
>>> To: users@tomcat.apache.org
>>> Subject: Re: [OT] At wits end: Difficulties with IIS ISAPI connector
>> andTomcat
>>
>>> On 26/02/2020 09:00, Mark Thomas wrote:
>>> On 25/
Difficulties with IIS ISAPI connector andTomcat
>
>> On 26/02/2020 09:00, Mark Thomas wrote: On 25/02/2020 21:47,
>> Ellen Meiselman wrote:
>>> So it turned out that the logs were mostly set at FINE already,
>>> so
>> Johann’s suggestion was already done.
>&
To: users@tomcat.apache.org
> > Subject: Re: [OT] At wits end: Difficulties with IIS ISAPI connector
> andTomcat
>
> > On 26/02/2020 09:00, Mark Thomas wrote:
> > On 25/02/2020 21:47, Ellen Meiselman wrote:
> >> So it turned out that the logs were mostly set at FINE al
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Mark,
On 2/26/20 09:08, Mark Thomas wrote:
> On 26/02/2020 11:19, Mark Thomas wrote:
>> On 26/02/2020 09:00, Mark Thomas wrote:
>>> On 25/02/2020 21:47, Ellen Meiselman wrote:
So it turned out that the logs were mostly set at FINE
already,
day, February 26, 2020 5:19 AM
> > To: users@tomcat.apache.org
> > Subject: Re: [OT] At wits end: Difficulties with IIS ISAPI connector
> andTomcat
>
> > On 26/02/2020 09:00, Mark Thomas wrote:
> > On 25/02/2020 21:47, Ellen Meiselman wrote:
> >> So it turn
Hi,
On Wed, Feb 26, 2020 at 4:25 PM
wrote:
> -Original Message-
> > From: Mark Thomas
> > Sent: Wednesday, February 26, 2020 5:19 AM
> > To: users@tomcat.apache.org
> > Subject: Re: [OT] At wits end: Difficulties with IIS ISAPI connector
> andTomcat
&
-Original Message-
> From: Mark Thomas
> Sent: Wednesday, February 26, 2020 5:19 AM
> To: users@tomcat.apache.org
> Subject: Re: [OT] At wits end: Difficulties with IIS ISAPI connector andTomcat
> On 26/02/2020 09:00, Mark Thomas wrote:
> On 25/02/2020 21:47, Ell
On 26/02/2020 11:19, Mark Thomas wrote:
> On 26/02/2020 09:00, Mark Thomas wrote:
>> On 25/02/2020 21:47, Ellen Meiselman wrote:
>>> So it turned out that the logs were mostly set at FINE already, so
>> Johann’s suggestion was already done.
>>>
>>> But I think I now know where the problem lies. Sec
Thank you for that - I wasn't sure what patterns were allowed with that
attribute, so I couldn't test it. I'll check the isapi_redirect.log to see
if it records the exact requests.
On Wed, Feb 26, 2020 at 4:01 AM Mark Thomas wrote:
> On 25/02/2020 21:47, Ellen Meiselman wrote:
> > So it turned
On 26/02/2020 09:00, Mark Thomas wrote:
> On 25/02/2020 21:47, Ellen Meiselman wrote:
>> So it turned out that the logs were mostly set at FINE already, so
> Johann’s suggestion was already done.
>>
>> But I think I now know where the problem lies. Secure IIS request >
> to > non-secire AJP.
>>
>>
to take this opportunity to switch to HTTPS
and dump AJP.
Also I’ll have to figure out how to shut off port 8080 or require
SSL on tomcat once I get everything going. Actually I’d like to
limit Tomcat to responding to requests from the server itself.
Nothing should be talking to Tomcat but the isap
On 25/02/2020 21:47, Ellen Meiselman wrote:
> So it turned out that the logs were mostly set at FINE already, so
Johann’s suggestion was already done.
>
> But I think I now know where the problem lies. Secure IIS request >
to > non-secire AJP.
>
> I don’t think this was a problem on the other serve
gt; WILL need to deal with keys and certs.
>
> But are you sure you need encryption?
>
> If you are using localhost, it's worthless IMHO. If you are traversing
> a network -- even a "trusted" one -- it's a hard requirement also IMHO.
>
> My recommendation wo
AJP.
> Also I’ll have to figure out how to shut off port 8080 or require
> SSL on tomcat once I get everything going. Actually I’d like to
> limit Tomcat to responding to requests from the server itself.
> Nothing should be talking to Tomcat but the isapi connector.
Bind to address="12
SSL on tomcat once I get everything going. Actually I’d like to
> limit Tomcat to responding to requests from the server itself.
> Nothing should be talking to Tomcat but the isapi connector.
-BEGIN PGP SIGNATURE-
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
iQI
080 or require SSL on tomcat
once I get everything going. Actually I’d like to limit Tomcat to responding to
requests from the server itself. Nothing should be talking to Tomcat but the
isapi connector.
Thanks,
Ellen
I
> On Feb 25, 2020, at 4:07 PM, js84 wrote:
>
> Hello!
>
L on tomcat
once I get everything going. Actually I’d like to limit Tomcat to responding to
requests from the server itself. Nothing should be talking to Tomcat but the
isapi connector.
Thanks,
Ellen
I
> On Feb 25, 2020, at 4:07 PM, js84 wrote:
>
> Hello!
>
> What for are
Meiselman
Sent: Tuesday, February 25, 2020 3:12 PM
To: Tomcat Users List
Subject: Re: [OT] At wits end: Difficulties with IIS ISAPI connector andTomcat
Hi Johann,
I’ve been trying both ways - with and without secret. Happy to have it set up
any way it works that won’t arouse the ire of our security
a Windows machine.)
>
> Best regards,
> Johann
>
> Von: Christopher Schultz
> Gesendet: Dienstag, 25. Februar 2020 21:42
> An: users@tomcat.apache.org
> Betreff: Re: [OT] At wits end: Difficulties with IIS ISAPI connector andTomcat
>
> -BEGIN PGP SIGNED M
regards,
Johann
Von: Christopher Schultz
Gesendet: Dienstag, 25. Februar 2020 21:42
An: users@tomcat.apache.org
Betreff: Re: [OT] At wits end: Difficulties with IIS ISAPI connector andTomcat
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Ellen,
On 2/25/20 13:10, Ellen Meiselman wrote:
> No, j
regards,
Johann
Von: Christopher Schultz
Gesendet: Dienstag, 25. Februar 2020 21:42
An: users@tomcat.apache.org
Betreff: Re: [OT] At wits end: Difficulties with IIS ISAPI connector andTomcat
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Ellen,
On 2/25/20 13:10, Ellen Meiselman wrote:
> No, j
>> On 2/25/20 12:06, Ellen Meiselman wrote:
>>>>>>>> Yes, everything is on the same server.
>>>>>>>>
>>>>>>>> workers.properties: # Set properties for worker1
>>>>>>>> (ajp13) worker.worker1.type=
gt;
>>>>>>> workers.properties: # Set properties for worker1
>>>>>>> (ajp13) worker.worker1.type=ajp13
>>>>>>> worker.worker1.host=127.0.0.1 worker.worker1.port=8009
>>>>>>> worker.worker1.secret="mySecret".
&g
nt: Tuesday, February 25, 2020 12:27 PM
>> To: Tomcat Users List
>> Subject: Re: At wits end: Difficulties with IIS ISAPI connector and Tomcat
>
>> Hi Jon,
>
>> The best information I have about the error is from the localhost log:
>
>> 10.00.00.00 - - [25/
-Original Message-
> From: Ellen Meiselman
> Sent: Tuesday, February 25, 2020 12:27 PM
> To: Tomcat Users List
> Subject: Re: At wits end: Difficulties with IIS ISAPI connector and Tomcat
> Hi Jon,
> The best information I have about the error is from the localhost l
bject: Re: At wits end: Difficulties with IIS ISAPI connector and Tomcat
>
> The directory containing the dll is at $TomcatHome/isapi/
>
> I opened that wide up for testing after more secure configurations did not
> work. Don't worry - this will absolutely NOT be use
-Original Message-
From: Ellen Meiselman
Sent: Tuesday, February 25, 2020 12:04 PM
To: Tomcat Users List
Subject: Re: At wits end: Difficulties with IIS ISAPI connector and Tomcat
The directory containing the dll is at $TomcatHome/isapi/
I opened that wide up for testing after more
neither
> > quotes nor the trailing period.
> >
> > Are those literally in your ISS config file?
> >
> > -chris
> >
> >>>> On Tue, Feb 25, 2020 at 11:27 AM
> >>>> wrote:
> >>>>
> >>>&g
nder immediately by reply e-mail and delete this
> message. Thank you for your cooperation.
>
>
> -Original Message-
> From: Ellen Meiselman
> Sent: Tuesday, February 25, 2020 11:51 AM
> To: Tomcat Users List
> Subject: Re: At wits end: Difficulties with IIS ISAP
ker1.secret="mySecret".
>
> Just so there is no confusion: your "mySecret" should have neither
> quotes nor the trailing period.
>
> Are those literally in your ISS config file?
>
> -chris
>
>>>> On Tue, Feb 25, 2020 at 11:27 AM
>&
n: your "mySecret" should have neither
> quotes nor the trailing period.
>
> Are those literally in your ISS config file?
>
> - -chris
>
> > On Tue, Feb 25, 2020 at 11:27 AM
> > wrote:
> >
> >> -Original Message- From: Ellen Meiselman
Message-
From: Ellen Meiselman
Sent: Tuesday, February 25, 2020 11:51 AM
To: Tomcat Users List
Subject: Re: At wits end: Difficulties with IIS ISAPI connector and Tomcat
Thank you - when I remove the secret line, save and restart Tomcat, it results
in the same 403 error.
On Tue, Feb 25, 2020 at
009
> > worker.worker1.secret="mySecret".
> >
> > On Tue, Feb 25, 2020 at 11:27 AM
> > wrote:
> >
> >> -Original Message-
> >> From: Ellen Meiselman
> >> Sent: Tuesday, February 25, 2020 10:01 AM
&
gt; From: Ellen Meiselman
> > Sent: Tuesday, February 25, 2020 10:01 AM
> > To: Tomcat Users List
> > Subject: Re: At wits end: Difficulties with IIS ISAPI connector and
> Tomcat
> >
> >> Hi,
> >
> >> I've been testing, and so far, there is no change
ssage- From: Ellen Meiselman
>> Sent: Tuesday, February 25, 2020 10:01 AM To:
>> Tomcat Users List Subject: Re: At wits
>> end: Difficulties with IIS ISAPI connector and Tomcat
>>
>>> Hi,
>>
>>> I've been testing, and so far, there is no chang
9
worker.worker1.secret="mySecret".
On Tue, Feb 25, 2020 at 11:27 AM
wrote:
-Original Message-
From: Ellen Meiselman
Sent: Tuesday, February 25, 2020 10:01 AM
To: Tomcat Users List
Subject: Re: At wits end: Difficulties with IIS ISAPI connector and Tomcat
Hi,
I've bee
> From: Ellen Meiselman
> Sent: Tuesday, February 25, 2020 10:01 AM
> To: Tomcat Users List
> Subject: Re: At wits end: Difficulties with IIS ISAPI connector and Tomcat
>
> >Hi,
>
> >I've been testing, and so far, there is no change in the behavior. I am
On 25.02.2020 17:26, jonmcalexan...@wellsfargo.com.INVALID wrote:
-Original Message-
From: Ellen Meiselman
Sent: Tuesday, February 25, 2020 10:01 AM
To: Tomcat Users List
Subject: Re: At wits end: Difficulties with IIS ISAPI connector and Tomcat
Hi,
I've been testing, and s
-Original Message-
From: Ellen Meiselman
Sent: Tuesday, February 25, 2020 10:01 AM
To: Tomcat Users List
Subject: Re: At wits end: Difficulties with IIS ISAPI connector and Tomcat
>Hi,
>I've been testing, and so far, there is no change in the behavior. I am still
>ge
Hi,
I've been testing, and so far, there is no change in the behavior. I am
still getting the same tomcat-based 403 error.
Based on what you said above...
>
> secretRequired="true" (which is the default, so it can be removed)
> secret="xxx"
...I removed secretRequired="true" and left secret
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Ellen,
On 2/24/20 17:33, Ellen Meiselman wrote:
> Wow, I think I’ve gotten more help in 10 minutes from this users
> group than in 2 weeks from anywhere else I’ve tried.
Welcome to the community :)
There are tons of real people here who want other
Wow, I think I’ve gotten more help in 10 minutes from this users group than in
2 weeks from anywhere else I’ve tried.
I’ll try to respond as quickly as I can but I want to test your various
suggestions, so it might be tomorrow before I can do them justice.
Thank you all so much!
Ellen Meiselm
-Original Message-
From: André Warnier (tomcat/perl)
Sent: Monday, February 24, 2020 3:33 PM
To: users@tomcat.apache.org
Subject: Re: At wits end: Difficulties with IIS ISAPI connector and Tomcat
On 24.02.2020 22:04, Christopher Schultz wrote:
> With 8.5.51, requiredSecret is rena
On 24.02.2020 22:04, Christopher Schultz wrote:
With 8.5.51, requiredSecret is renamed "secret" but "requiredSecret"
is still an alias of the same configuration property. If #2 happens
after #1 above, then your actual secret will be the literal string
"true" (oops).
We apologize for this confusi
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Chris,
On 2/24/20 15:53, Chris Cheshire wrote:
> On Mon, Feb 24, 2020 at 3:19 PM Ellen Meiselman
> wrote:
>>
>> Hi,
>>
>> I’m having a lot of trouble configuring the isapi_redirect
>> connector between IIS and Tomcat. I am running out of ideas so
>
On 24/02/2020 20:53, Chris Cheshire wrote:
> On Mon, Feb 24, 2020 at 3:19 PM Ellen Meiselman wrote:
>>
>> Hi,
>>
>> I’m having a lot of trouble configuring the isapi_redirect connector between
>> IIS and Tomcat. I am running out of ideas so it’s time to ask for help from
>> the experts. I think
On Mon, Feb 24, 2020 at 3:19 PM Ellen Meiselman wrote:
>
> Hi,
>
> I’m having a lot of trouble configuring the isapi_redirect connector between
> IIS and Tomcat. I am running out of ideas so it’s time to ask for help from
> the experts. I think the problems remaining are in the tomcat configurat
On 24/02/2020 20:44, calder wrote:
> On Mon, Feb 24, 2020, 14:19 Ellen Meiselman wrote:
>
>> Hi,
>>
>> I’m having a lot of trouble configuring the isapi_redirect connector
>> between IIS and Tomcat. I am running out of ideas so it’s time to ask for
>> help from the experts. I think the problems r
On Mon, Feb 24, 2020, 14:19 Ellen Meiselman wrote:
> Hi,
>
> I’m having a lot of trouble configuring the isapi_redirect connector
> between IIS and Tomcat. I am running out of ideas so it’s time to ask for
> help from the experts. I think the problems remaining are in the tomcat
> configuration a
On 24/02/2020 20:19, Ellen Meiselman wrote:
> Hi,
>
> I’m having a lot of trouble configuring the isapi_redirect connector between
> IIS and Tomcat. I am running out of ideas so it’s time to ask for help from
> the experts. I think the problems remaining are in the tomcat configuration
> area,
Hi,
I’m having a lot of trouble configuring the isapi_redirect connector between
IIS and Tomcat. I am running out of ideas so it’s time to ask for help from the
experts. I think the problems remaining are in the tomcat configuration area,
not the IIS area anymore.
What’s wrong:
The ISAPI mo
CVE-2018-1323 Apache Tomcat JK ISAPI Connector path traversal
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
- Apache Tomcat JK ISAPI Connector 1.2.0 to 1.2.42
Description
The IIS/ISAPI specific code that normalised the requested path before
matching it to the
2016-10-07 18:02 GMT+03:00 Markus Koschany :
> Hello,
>
> the recent security announcement for Apache Tomcat JK (CVE-2016-6808)
> mentions that only IIS/ISAPI specific code is vulnerable. This issue was
> apparently fixed in [1]. The vulnerable code is in the
> map_uri_to_worker_ext function which
Hello,
the recent security announcement for Apache Tomcat JK (CVE-2016-6808)
mentions that only IIS/ISAPI specific code is vulnerable. This issue was
apparently fixed in [1]. The vulnerable code is in the
map_uri_to_worker_ext function which is used by the IIS, Apache 1.3 and
Apache 2.0 implementa
CVE-2016-6808 Apache Tomcat JK ISAPI Connector buffer overflow
Severity: Moderate
Vendor: The Apache Software Foundation
Versions Affected:
- Apache Tomcat JK ISAPI Connector 1.2.0 to 1.2.41
Description
The IIS/ISAPI specific code implements special handling when a virtual
host is present. The
Hello Konstantin Kolinko and André Warnier,
thank you both for your replies.
> -Original Message-
> From: André Warnier [mailto:a...@ice-sa.com]
> Sent: Sunday, March 11, 2012 12:14 AM
> To: Tomcat Users List
> Subject: Re: Some questions about Tomcat ISAPI Co
2012/3/11 Konstantin Preißer :
> Hi all,
>
> I have some questions about the documentation of the ISAPI Connector 1.2.32
> (and about the connector itself).
>
>
> 1. In the Reference Guide for IIS
> (http://tomcat.apache.org/connectors-doc/reference/iis.html), the regist
Konstantin Preißer wrote:
...
2. I observed that when a request is made to IIS which is mapped to Tomcat, and the
request path contains the string "WEB-INF", like
http://www.example.com/test/asdf/blahblah/blah/WEB-INF/blahbla/asdf
then the ISAPI connector logs a statement like this:
Hi all,
I have some questions about the documentation of the ISAPI Connector 1.2.32
(and about the connector itself).
1. In the Reference Guide for IIS
(http://tomcat.apache.org/connectors-doc/reference/iis.html), the registry
options are listed. For the option "enable_chunked_enc
t: Re: 64bit IIS 7 and ISAPI Connector Question
To clarify, did you get the 64-bit connector working with IIS7.5 and
W2k8 64-bit?
Thanks for taking the time to post this. =)
Warm regards,
Jordan Michaels
Vivio Technologies
http://www.viviotech.net/
Open BlueDragon Steering Committee
Railo Comm
mcat Users List
Subject: Re: 64bit IIS 7 and ISAPI Connector Question
You're welcome. Let us know how it goes. =)
Warm regards,
Jordan Michaels
Vivio Technologies
http://www.viviotech.net/
Open BlueDragon Steering Committee
Railo Community Distributions
Luis Esquivel wrote:
Thank you for y
To: Tomcat Users List
Subject: Re: 64bit IIS 7 and ISAPI Connector Question
You're welcome. Let us know how it goes. =)
Warm regards,
Jordan Michaels
Vivio Technologies
http://www.viviotech.net/
Open BlueDragon Steering Committee
Railo Community Distributions
Luis Esquivel wrote:
> Thank y
ordan Michaels [mailto:jor...@viviotech.net]
Sent: Monday, February 01, 2010 4:47 PM
To: Tomcat Users List
Subject: Re: 64bit IIS 7 and ISAPI Connector Question
Not personally, no (which was disappointing). I'd suggest giving the
32-bit version of the connector a try. I got that one to wor
Thank you for your answer. We are trying that.
-Original Message-
From: Jordan Michaels [mailto:jor...@viviotech.net]
Sent: Monday, February 01, 2010 4:47 PM
To: Tomcat Users List
Subject: Re: 64bit IIS 7 and ISAPI Connector Question
Not personally, no (which was disappointing). I&#
, the 32-bit
version should be just fine.
Warm regards,
Jordan Michaels
Vivio Technologies
http://www.viviotech.net/
Open BlueDragon Steering Committee
Railo Community Distributions
Luis Esquivel wrote:
Hello,
Has anyone gotten the above combination to work together? (64bit IIS 7 and
Hello,
Has anyone gotten the above combination to work together? (64bit IIS 7 and
ISAPI connector)
I get the following error:
HTTP Error 500.0 - Internal Server Error
Calling GetFilterVersion on ISAPI Filter "c:\\isapi_redirect.dll" failed
...
Error Code 0x80070002
Any help on
My server is organize as follows
c:\webserver
\isapi
\Website1
\Website2
Now the server.xml are configured differently in both website1 and website2.
Website1 AJP13 = 8009
Website2 AJP13 = 8109
worker.list=ajp13w
worker.ajp13w.type=ajp13
worker.ajp13w.host=localhost
worker.ajp13w.port=8009
If
69 matches
Mail list logo
