This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 2becbfd3228942a18b663ca715ee9c9b80743120 Author: Mark Thomas <ma...@apache.org> AuthorDate: Tue Jan 21 15:18:04 2020 +0000 Add security information for the AJP Connector. --- webapps/docs/changelog.xml | 3 +++ webapps/docs/config/ajp.xml | 10 +++++++++- webapps/docs/security-howto.xml | 8 ++++++++ 3 files changed, 20 insertions(+), 1 deletion(-) diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 7538af1..1f6c84d 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -237,6 +237,9 @@ example includes ii18n support, the Locale used should be based on the request locale and not the server locale. (markt) </fix> + <add> + Add additional information on securing AJP/1.3 Connectors. (markt) + </add> </changelog> </subsection> <subsection name="Other"> diff --git a/webapps/docs/config/ajp.xml b/webapps/docs/config/ajp.xml index 3fa0203..6189f23 100644 --- a/webapps/docs/config/ajp.xml +++ b/webapps/docs/config/ajp.xml @@ -44,6 +44,13 @@ contained in the web application, and/or utilize Apache's SSL processing.</p> + <p>Use of the AJP protocol requires additional security considerations because + it allows greater direct manipulation of Tomcat's internal data structures + than the HTTP connectors. Particular attention should be paid to the values + used for the <code>address</code>, <code>secret</code>, + <code>secretRequired</code> and <code>allowedArbitraryRequestAttributes</code> + attributes.</p> + <p>This connector supports load balancing when used in conjunction with the <code>jvmRoute</code> attribute of the <a href="engine.html">Engine</a>.</p> @@ -468,7 +475,8 @@ <p>If this attribute is <code>true</code>, the AJP Connector will only start if the <strong>secret</strong> attribute is configured with a non-null, non-zero length value. The default value is <code>true</code>. - </p> + This attributue should only be set to <code>false</code> when the + Connector is used on a trusted network.</p> </attribute> <attribute name="tcpNoDelay" required="false"> diff --git a/webapps/docs/security-howto.xml b/webapps/docs/security-howto.xml index a9b2ec8..5961cd0 100644 --- a/webapps/docs/security-howto.xml +++ b/webapps/docs/security-howto.xml @@ -249,6 +249,14 @@ <p>By default, a non-TLS, HTTP/1.1 connector is configured on port 8080. Connectors that will not be used should be removed from server.xml.</p> + <p>AJP Connectors should only be used on trusted networks or be + appropriately secured with a suitable <code>secret</code> attribute.</p> + + <p>AJP Connectors block forwarded requests with unknown request + attributes. Known safe and/or expected attributes may be allowed by + configuration an appropriate regular expression for the + <code>allowedArbitraryRequestAttributes</code> attribute.</p> + <p>The <strong>address</strong> attribute may be used to control which IP address a connector listens on for connections. By default, a connector listens on all configured IP addresses.</p> --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org