On Wed, 2020-03-04 at 13:19 -0500, Christopher Schultz wrote: > > > We're in the same position as you. External web servers talking > > to Tomcat servers on other boxes via AJP. > > Are those connections properly secured?
That's not a tremendously helpful question. Which connections are you talking about? How do you propose 'securing' an AJP connection? > If your connections are properly-secured, simply set > secretRequired="false" and move on. If they aren't properly-secured, > then you need to fix that (and you had to fix that before this recent > announcement). Can you point the ill-informed amongst us to any helpful resources you may have that describe what you mean by 'properly secured'? Regards Dave
