Re: t5: when running tomcat behind Apache

Mon, 12 Jan 2009 11:59:54 -0800

But as I understand it X-Forwarded-For is not a secure header.. Anyone along the way could add/modify that header, so you should use that information with a grain of salt.. 

Peter Stavrinides wrote:

Since version 2.6 Apache mod_proxy has native support for the AJP protocol 
(proxy_ajp), which is the equivalent of mod_jk. It is switched on by 
configuring a single directive in Apache... AJP is enabled by default in newer 
versions of Tomcat through this directive:
 <!-- Define an AJP 1.3 Connector on port 8009 -->

    <Connector port="8009" protocol="AJP/1.3" 
     	connectionTimeout="20000"
     	enableLookups="false" 
     	redirectPort="8443" maxThreads="300"/>



The X-FORWARDED* headers are inserted by proxies to identify the IP 
address/host/server etc. of the original client request. If these headers 
exists then Tapestry can safely determine the request is proxied, but this 
should be a manual switch of some kind.

cheers,
Peter

----- Original Message -----
From: "Olle Hallin" <olle.hal...@gmail.com>
To: "Tapestry users" <users@tapestry.apache.org>
Sent: Monday, 12 January, 2009 1:40:59 PM GMT +02:00 Athens, Beirut, Bucharest, 
Istanbul
Subject: Re: t5: when running tomcat behind Apache

There are options in Tomcat that work in concert with Apache's mod_proxy.

I have done this, but unfortunately I cannot remember the exact details...

Olle


2009/1/12 Peter Stavrinides <p.stavrini...@albourne.com>


Should Tapestry assume it is running behind Apache and correctly
operate on those special headers?

I agree with Massimo absolutely not. This configuration is far too
implementation specific... IMHO there are other options you could explore,
for instance checking if this header is being used or not, or using a start
up configuration parameter to switch it on manually.

regards,
Peter

----- Original Message -----
From: "Massimo Lusetti" <mluse...@gmail.com>
To: "Tapestry users" <users@tapestry.apache.org>
Sent: Monday, 12 January, 2009 10:00:25 AM GMT +02:00 Athens, Beirut,
Bucharest, Istanbul
Subject: Re: t5: when running tomcat behind Apache

On Mon, Jan 12, 2009 at 8:53 AM, Howard Lewis Ship <hls...@gmail.com>
wrote:


Should Tapestry assume it is running behind Apache and correctly
operate on those special headers?

By my point of view, not at all. There are plenty of installation
where tomcat/jetty/whatever is running as a direct front end as there
are plenty where apache is used.

As there's a way from Request to get the header that's fine for me.

--
Massimo
http://meridio.blogspot.com

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org







---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org























					Reply via email to