Thanks, Mark. When I first saw that security notice, I thought, "this is it!". I don't think it is my problem, though, because I don't allow direct SSL requests to get to the web servers. All HTTPS gets terminated to HTTP at the load balancer. The load balancer sends the HTTP requests to Apache 2 on the web server which sends it to Tomcat via mod_jk.
<VirtualHost 10.10.1.1:80> # ... JkMount / ajp13 JkMount /* ajp13 DocumentRoot "/usr/share/tomcat5/webapps/ROOT" </VirtualHost> Also, in server.xml, I have the ajp connector on 8009 (protocol AJP/1.3) with redirectPort to 8443, but never define a connector on 8443. Furthermore, I spent the last hour trying reproduce the issue with netcat and was unable to. Thanks, Dave Mark Thomas-18 wrote: > > Rainer Jung wrote: >> Hi David, >> >> dave.smith schrieb: >>> Hi Rainer, >>> >>> Thanks a lot for the reply. >>> >>> I am using Tomcat 5.5.25 (rpm from jpackage.org). CentOS Linux 2.6.18. > > Could you be seeing CVE-2007-6286 ? > > See http://tomcat.apache.org/security-5.html for info. > > Mark > > > > --------------------------------------------------------------------- > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > -- View this message in context: http://www.nabble.com/Apache-mod_jk-serves-random-files-from-tomcat-tp18385568p18468376.html Sent from the Tomcat - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
