Hi Mark,
I was aware that mod_jk2 was deprecated I just did not know that our
provider setup the system using mod_jk2 until you prompted me to
investigate. Thanks for your help!
Best Regards,
Jacob
Mark Thomas wrote:
mod_jk2!!! Are you sure. That module has been deprecated for several
years.
mod_jk2 may be manipulating the URI. You should be aware of
CVE-2007-1860 (see http://tomcat.apache.org/security-jk.html). In
short mod_jk URI handling created a few security holes. We didn't
check mod_jk2 for this issue.
For further reading, see
http://tomcat.apache.org/connectors-doc/reference/apache.html
particularly the ForwardURIxxx directives.
HTH,
Mark
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
_________________________________________________
Jacob Rhoden
Application Architect
Systems Development and Integration
University of Melbourne
Phone: +61 3 8344 2884
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
