Hi Dave, On Thu, Mar 5, 2020 at 1:22 PM Dave Ford <abs...@bath.ac.uk.invalid> wrote:
> On Wed, 2020-03-04 at 13:19 -0500, Christopher Schultz wrote: > > > > > We're in the same position as you. External web servers talking > > > to Tomcat servers on other boxes via AJP. > > > > Are those connections properly secured? > > That's not a tremendously helpful question. Which connections are you > talking about? How do you propose 'securing' an AJP connection? > > > If your connections are properly-secured, simply set > > secretRequired="false" and move on. If they aren't properly-secured, > > then you need to fix that (and you had to fix that before this recent > > announcement). > > Can you point the ill-informed amongst us to any helpful resources you > may have that describe what you mean by 'properly secured'? > Properly secured would mean that AJP port is visible and usable only by its supposed users, i.e. the proxy in front of it. You should apply standard network security policies as: 1) bind AJP port only to the network interfaces where it is supposed to be found If the proxy is running on the same host then bind AJP only on localhost. If the proxy is on a different machine then bind AJP only on a network interface used for the internal network 1.1) you can create an internal sub-network just for the proxy and Tomcat/AJP 2) apply firewall rules so that only the proxy machine can reach and use the AJP port 3) use the "secret" configuration setting so that only the proxy could communicate with AJP > > Regards > Dave > >
