-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Ellen,
On 2/24/20 17:33, Ellen Meiselman wrote: > Wow, I think I’ve gotten more help in 10 minutes from this users > group than in 2 weeks from anywhere else I’ve tried. Welcome to the community :) There are tons of real people here who want others to succeed. So please stick around. Thanks, - -chris >> On Feb 24, 2020, at 3:42 PM, Mark Thomas <ma...@apache.org> >> wrote: >> >> On 24/02/2020 20:19, Ellen Meiselman wrote: >>> Hi, >>> >>> I’m having a lot of trouble configuring the isapi_redirect >>> connector between IIS and Tomcat. I am running out of ideas so >>> it’s time to ask for help from the experts. I think the >>> problems remaining are in the tomcat configuration area, not >>> the IIS area anymore. >>> >>> What’s wrong: The ISAPI module appears to be working and >>> correctly sending AJP requests to Tomcat on port 8009, at which >>> point Tomcat refuses those requests with a 403 error. The >>> isapi_redirect.log shows the complete content of the tomcat >>> response, and no longer shows any errors - in other words, it >>> thinks it is working. >> >> I'd agree. If you see a response back from Tomcat then IIS is >> working. >> >> You should also see an entry in the access log. >> >>> Text of the 403 error: >>> >>> HTTP Status 403 – Forbidden Type Status Report Description The >>> server understood the request but refuses to authorize it. >>> Apache Tomcat/8.5.51 >> >> OK. That also indicates that IIS is passing the request to >> Tomcat correctly processing the response. >> >> <snip/> >> >>> This Windows 2019 setup has the following versions of tomcat, >>> windows, etc: >>> >>> Tomcat version 8.5.51 Isapi_redirect.dll version 1.2.46.0 IIS >>> 10/Windows server 2019 >> >> Thank you. It really helps when people provide that information. >> It saves a lot of time. >> >> <snip/> >> >>> My theories at the moment: 1. Maybe >>> allowedRequestAttributesPattern is a problem? I saw a note >>> about the allowedRequestAttributesPattern attribute for the AJP >>> connector possibly causing a 403 error, but I don’t understand >>> how to use it or if it is needed. 2. It’s possible that >>> something in the Tomcat permissions settings are wrong, but I >>> really don’t know where to look. >> >> You shouldn't need to set allowedRequestAttributesPattern. >> >> I think it might be Tomcat configuration. Any again, very >> helpfully, we have ... >> >>> Relevant configuration settings in server.xml, >>> workers.properties and uriworkermap.properties: >>> >>> server.xml >>> >>> <Connector port="8080" protocol="HTTP/1.1” >>> connectionTimeout=“20000" redirectPort="8443" /> <Connector >>> protocol="AJP/1.3” address=“127.0.0.1" port="8009" >>> requiredSecret="true" secret=“xxxxxxxx" redirectPort="8443" /> >>> >>> >>> <Host name="localhost" appBase=“webapps" unpackWARs="true" >>> autoDeploy="true"> <Valve >>> className="org.apache.catalina.valves.AccessLogValve" >>> directory="logs" prefix="localhost_access_log" suffix=".txt" >>> pattern="%h %l %u %t "%r" %s %b" /> </Host> >>> >>> <Host name="127.0.0.1" appBase=“webapps” unpackWARs="true" >>> autoDeploy="true"> <Valve >>> className="org.apache.catalina.valves.AccessLogValve" >>> directory="logs" prefix="127_0_01_access_log" suffix=".txt" >>> pattern="%h %l %u %t "%r" %s %b" /> </Host> >>> >>> >>> workers.properties >>> >>> # Set properties for worker1 (ajp13) worker.worker1.type=ajp13 >>> worker.worker1.host=127.0.0.1 worker.worker1.port=8009 >>> worker.worker1.secret=xxxxxxxx >>> >>> >>> uriworkermap.properties /exposedApplication/*=worker1 >>> >>> >>> Any suggestions or new directions will be welcome. >> >> My best guess would be that the value for secret is not the same >> between workers.properties and Tomcat. >> >> I have a 2019 server test environment. I'll try and replicate >> what you have with a clean 8.5.51 install and the examples >> application and see what happens. >> >> Mark >> >> --------------------------------------------------------------------- >> >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl5VO80ACgkQHPApP6U8 pFhuzQ/+JYVtD1P1XglBw9xwRFIXNS7oQDQshHuVctwciI9oWmxwAUJLixcQf1/y /fZhGvFmPlxZEELkgPiISqnS5jQja7MgbXZupX4wFFnC0gi6SxFJ+i7z6XOwwFt7 C8tN43rlmALrkUDTaGsbZrIJ/E7hS5SSizk1c+HadY8jimbC+tQ0uR9gQIDhbiiP nW0MHlRgv7DRZzQcfzFIzLOxTt6hcpeM6FDnmH4I0E47l2224zwlWD5vYGtqZ4jU F7tk1WDr6BSUXi5s8jJrTeGtoOjTQvvKiQfrCi3N8YGqnqDrl6BJG736Dpdv2yYH Hq/+nPgw6DAR4kBccTdHS+1AFAIp3g+NzbcK9Mgh0YJbE5F8WvNxpqYGeRv0JQkW dDDw4FwCZlyJva8eyqUiPd2nUwPlDaRWKTZUrEnRJH7om5Ke+AZ7LCWBWSrm6+q+ sqUt0uOLO0BAu+KBZbJc6i47+501Wm2VBX06xvRMFgoXldgFVTuI+44VnpS5blZ3 lC34b4XvqJgRbZ8IBdwVUky1R5ny8ae08pWXDr4bzniWcSxnbc6uFj07q4JfFaMw eNDmWNLwT5OxHQYwqQCAYgGp9CV+njCUSXJdP3vW4kWoRK1rz+HrBP66XSmiLNdO XGSBPffgEBe0Oi3eybaE9KmIYE75pyNZwOlea6YmFwOr5K5egYk= =mHOe -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
