On Wed, Mar 4, 2020 at 10:30 AM Stephen Hames <stephen.ha...@cloudpay.net.invalid> wrote:
> Hi Matthias, > > I suspect your issue is: address="::" You probably want > address="0.0.0.0" or the ipv4 IP address that your tomcat instance is > listening on. :: allows any on IPv6, but for IPv4 I suspect that tomcat > would still be listening only on 127.0.0.1 > Some users reported that by using 127.0.0.1 there were some latency issues. Using ::1 resolved these issues for them. But this issue sounds to me like some problem in the network stack, not in Tomcat. > > Regards, > Stephen > > > On Wed, 4 Mar 2020 at 15:20, Matthias Fechner <ide...@fechner.net> wrote: > > > Dear all, > > > > as tomcat version 9.0.31 has some security fixes included I tried to do > > an upgrade. > > On the IIS tomcat connector version 1.2.46 is installed. > > > > As secret I use a 32 character long alpha numeric string, I name it here > > token. > > In the workers.properties I tried to define it on the load balancer > > line: > > worker.loadbalancer.secret=token > > > > And/or on each node: > > worker.node1.secret=token > > ... > > worker.node2.secret=token > > > > For the tomcat configuration I defined in server.xml the following AJP > > connector: > > <Connector protocol="AJP/1.3" > > address="::" > > port="8009" > > tomcatAuthentication="false" > > enableLookups="false" > > secret="token" > > redirectPort="8443" /> > > > > But it does not work. It seems that tomcat does not answer here. > > If I downgrade to tomcat 9.0.29 it works without any problems. > > > > I started then wireshark and had a look into the traffic coming from the > > IIS. > > From IIS is see a AJP13 connection with the following content in "Apache > > JServ Protocol v1.3" part in wireshark: > > ... > > Sec-Fetch-User: ?1 > > token > > INTERNAL\user > > Negotiate > > ... > > > > as the token is here included the secret configuration is maybe correct. > > The token is here equal to the token define on IIS-tomcat-connector and > > the tomcat server.xml AJP definition. > > Tomcat is sending back a "0:RSP:SEND HEADERS:403 403" > > > > The IIS is doing authentication is is then just sending the user to > > tomcat. > > > > Regarding the documentation everything seems to be configured correctly, > > but it does not work. > > Could anyone help me here, please? > > > > -- > > Thanks a lot > > Matthias > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > > For additional commands, e-mail: users-h...@tomcat.apache.org > > > > > > -- > _________________________________________________ > Stephen Hames, Systems Architect & Release Manager > Singapore | +65 6403 5900 > CloudPay <https://www.cloudpay.net/> > -- > _________________________________________________ > Stephen Hames, Systems Architect & Release Manager > Singapore | +65 6403 5900 > CloudPay <https://www.cloudpay.net/> > > -- > > > This message may > contain confidential and privileged information. If it > has been sent to you in > error, please reply to advise the sender of the > error and then immediately > delete this message. >
