On 24/02/2020 20:19, Ellen Meiselman wrote: > Hi, > > I’m having a lot of trouble configuring the isapi_redirect connector between > IIS and Tomcat. I am running out of ideas so it’s time to ask for help from > the experts. I think the problems remaining are in the tomcat configuration > area, not the IIS area anymore. > > What’s wrong: > The ISAPI module appears to be working and correctly sending AJP requests to > Tomcat on port 8009, at which point Tomcat refuses those requests with a 403 > error. The isapi_redirect.log shows the complete content of the tomcat > response, and no longer shows any errors - in other words, it thinks it is > working.
I'd agree. If you see a response back from Tomcat then IIS is working. You should also see an entry in the access log. > Text of the 403 error: > > HTTP Status 403 – Forbidden > Type Status Report > Description The server understood the request but refuses to authorize > it. > Apache Tomcat/8.5.51 OK. That also indicates that IIS is passing the request to Tomcat correctly processing the response. <snip/> > This Windows 2019 setup has the following versions of tomcat, windows, etc: > > Tomcat version 8.5.51 > Isapi_redirect.dll version 1.2.46.0 > IIS 10/Windows server 2019 Thank you. It really helps when people provide that information. It saves a lot of time. <snip/> > My theories at the moment: > 1. Maybe allowedRequestAttributesPattern is a problem? I saw a note about the > allowedRequestAttributesPattern attribute for the AJP connector possibly > causing a 403 error, but I don’t understand how to use it or if it is needed. > 2. It’s possible that something in the Tomcat permissions settings are wrong, > but I really don’t know where to look. You shouldn't need to set allowedRequestAttributesPattern. I think it might be Tomcat configuration. Any again, very helpfully, we have ... > Relevant configuration settings in server.xml, workers.properties and > uriworkermap.properties: > > server.xml > > <Connector port="8080" protocol="HTTP/1.1” connectionTimeout=“20000" > redirectPort="8443" /> > <Connector protocol="AJP/1.3” address=“127.0.0.1" port="8009" > requiredSecret="true" secret=“xxxxxxxx" redirectPort="8443" /> > > <Host name="localhost" appBase=“webapps" unpackWARs="true" > autoDeploy="true"> > <Valve className="org.apache.catalina.valves.AccessLogValve" > directory="logs" > prefix="localhost_access_log" suffix=".txt" > pattern="%h %l %u %t "%r" %s %b" /> > </Host> > > <Host name="127.0.0.1" appBase=“webapps” unpackWARs="true" > autoDeploy="true"> > <Valve className="org.apache.catalina.valves.AccessLogValve" > directory="logs" > prefix="127_0_01_access_log" suffix=".txt" > pattern="%h %l %u %t "%r" %s %b" /> > </Host> > > > workers.properties > > # Set properties for worker1 (ajp13) > worker.worker1.type=ajp13 > worker.worker1.host=127.0.0.1 > worker.worker1.port=8009 > worker.worker1.secret=xxxxxxxx > > > uriworkermap.properties > /exposedApplication/*=worker1 > > > Any suggestions or new directions will be welcome. My best guess would be that the value for secret is not the same between workers.properties and Tomcat. I have a 2019 server test environment. I'll try and replicate what you have with a clean 8.5.51 install and the examples application and see what happens. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
