This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit bd5ebb63e438a253bbd9b035425ece915d3feb21
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Tue Jan 21 12:41:01 2020 +0000
Disable AJP connector by default
---
conf/server.xml | 3 ++-
res/tomcat.nsi | 21 ---------------------
webapps/docs/changelog.xml | 4 ++++
webapps/docs/manager-howto.xml | 2 --
webapps/docs/security-howto.xml | 8 ++++----
webapps/docs/setup.xml | 1 -
6 files changed, 10 insertions(+), 29 deletions(-)
diff --git a/conf/server.xml b/conf/server.xml
index 2cd78df..5d9d57a 100644
--- a/conf/server.xml
+++ b/conf/server.xml
@@ -113,8 +113,9 @@
-->
<!-- Define an AJP 1.3 Connector on port 8009 -->
+ <!--
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
-
+ -->
<!-- An Engine represents the entry point (within Catalina) that processes
every request. The Engine implementation for Tomcat stand alone
diff --git a/res/tomcat.nsi b/res/tomcat.nsi
index 60d1f09..c06df50 100644
--- a/res/tomcat.nsi
+++ b/res/tomcat.nsi
@@ -53,7 +53,6 @@ Var Arch
Var ResetInstDir
Var TomcatPortShutdown
Var TomcatPortHttp
-Var TomcatPortAjp
Var TomcatMenuEntriesEnable
Var TomcatShortcutAllUsers
Var TomcatServiceName
@@ -70,7 +69,6 @@ Var TomcatAdminRoles
Var CtlJavaHome
Var CtlTomcatPortShutdown
Var CtlTomcatPortHttp
-Var CtlTomcatPortAjp
Var CtlTomcatServiceName
Var CtlTomcatShortcutAllUsers
Var CtlTomcatAdminUsername
@@ -135,7 +133,6 @@ Var ServiceInstallLog
LangString TEXT_JVM_LABEL1 ${LANG_ENGLISH} "Please select the path of a Java
@MIN_JAVA_VERSION@ or later JRE installed on your system."
LangString TEXT_CONF_LABEL_PORT_SHUTDOWN ${LANG_ENGLISH} "Server Shutdown
Port"
LangString TEXT_CONF_LABEL_PORT_HTTP ${LANG_ENGLISH} "HTTP/1.1 Connector
Port"
- LangString TEXT_CONF_LABEL_PORT_AJP ${LANG_ENGLISH} "AJP/1.3 Connector Port"
LangString TEXT_CONF_LABEL_SERVICE_NAME ${LANG_ENGLISH} "Windows Service
Name"
LangString TEXT_CONF_LABEL_SHORTCUT_ALL_USERS ${LANG_ENGLISH} "Create
shortcuts for all users"
LangString TEXT_CONF_LABEL_ADMIN ${LANG_ENGLISH} "Tomcat Administrator Login
(optional)"
@@ -459,7 +456,6 @@ Function .onInit
StrCpy $JavaHome ""
StrCpy $TomcatPortShutdown "-1"
StrCpy $TomcatPortHttp "8080"
- StrCpy $TomcatPortAjp "8009"
StrCpy $TomcatMenuEntriesEnable "0"
StrCpy $TomcatShortcutAllUsers "0"
StrCpy $TomcatServiceDefaultName "Tomcat@VERSION_MAJOR@"
@@ -477,7 +473,6 @@ Function .onInit
${ReadFromConfigIni} $JavaHome "JavaHome" $R2
${ReadFromConfigIni} $TomcatPortShutdown "TomcatPortShutdown" $R2
${ReadFromConfigIni} $TomcatPortHttp "TomcatPortHttp" $R2
- ${ReadFromConfigIni} $TomcatPortAjp "TomcatPortAjp" $R2
${ReadFromConfigIni} $TomcatMenuEntriesEnable "TomcatMenuEntriesEnable"
$R2
${ReadFromConfigIni} $TomcatShortcutAllUsers "TomcatShortcutAllUsers" $R2
${ReadFromConfigIni} $TomcatServiceDefaultName "TomcatServiceDefaultName"
$R2
@@ -603,13 +598,6 @@ Function pageConfiguration
Pop $CtlTomcatPortHttp
${NSD_SetTextLimit} $CtlTomcatPortHttp 5
- ${NSD_CreateLabel} 0 36u 100u 14u "$(TEXT_CONF_LABEL_PORT_AJP)"
- Pop $R0
-
- ${NSD_CreateText} 150u 34u 50u 12u "$TomcatPortAjp"
- Pop $CtlTomcatPortAjp
- ${NSD_SetTextLimit} $CtlTomcatPortAjp 5
-
${NSD_CreateLabel} 0 57u 140u 14u "$(TEXT_CONF_LABEL_SERVICE_NAME)"
Pop $R0
@@ -647,7 +635,6 @@ FunctionEnd
Function pageConfigurationLeave
${NSD_GetText} $CtlTomcatPortShutdown $TomcatPortShutdown
${NSD_GetText} $CtlTomcatPortHttp $TomcatPortHttp
- ${NSD_GetText} $CtlTomcatPortAjp $TomcatPortAjp
${NSD_GetText} $CtlTomcatServiceName $TomcatServiceName
${If} $TomcatMenuEntriesEnable == "1"
${NSD_GetState} $CtlTomcatShortcutAllUsers $TomcatShortcutAllUsers
@@ -670,12 +657,6 @@ Function pageConfigurationLeave
Goto exit
${EndIf}
- ${If} $TomcatPortAjp == ""
- MessageBox MB_ICONEXCLAMATION|MB_OK 'The AJP port may not be empty'
- Abort "Config not right"
- Goto exit
- ${EndIf}
-
${If} $TomcatServiceName == ""
MessageBox MB_ICONEXCLAMATION|MB_OK 'The Service Name may not be empty'
Abort "Config not right"
@@ -1064,7 +1045,6 @@ Function configure
IfErrors SERVER_XML_LEAVELOOP
${StrRep} $R4 $R3 "8005" "$TomcatPortShutdown"
${StrRep} $R3 $R4 "8080" "$TomcatPortHttp"
- ${StrRep} $R4 $R3 "8009" "$TomcatPortAjp"
FileWrite $R2 $R4
Goto SERVER_XML_LOOP
SERVER_XML_LEAVELOOP:
@@ -1082,7 +1062,6 @@ Function configure
DetailPrint 'Server shutdown listener configured on port
"$TomcatPortShutdown"'
DetailPrint 'HTTP/1.1 Connector configured on port "$TomcatPortHttp"'
- DetailPrint 'AJP/1.3 Connector configured on port "$TomcatPortAjp"'
DetailPrint "server.xml written"
StrCpy $R5 ''
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index b470b42..6cc6001 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -179,6 +179,10 @@
to <code>rejectIllegalHeader</code> and expand the underlying
implementation to include header values as well as names. (markt)
</fix>
+ <update>
+ Disable (comment out in server.xml) the AJP/1.3 connector by default.
+ (markt)
+ </update>
</changelog>
</subsection>
<subsection name="Jasper">
diff --git a/webapps/docs/manager-howto.xml b/webapps/docs/manager-howto.xml
index 4120aa9..77c7429 100644
--- a/webapps/docs/manager-howto.xml
+++ b/webapps/docs/manager-howto.xml
@@ -904,8 +904,6 @@ currently configured for each virtual host.</p>
<source>OK - Connector / Trusted Certificate information
Connector[HTTP/1.1-8080]
SSL is not enabled for this connector
-Connector[AJP/1.3-8009]
-SSL is not enabled for this connector
Connector[HTTP/1.1-8443]-_default_
[
[
diff --git a/webapps/docs/security-howto.xml b/webapps/docs/security-howto.xml
index 16d685a..a9b2ec8 100644
--- a/webapps/docs/security-howto.xml
+++ b/webapps/docs/security-howto.xml
@@ -246,12 +246,12 @@
</subsection>
<subsection name="Connectors">
- <p>By default, an HTTP and an AJP connector are configured. Connectors
- that will not be used should be removed from server.xml.</p>
+ <p>By default, a non-TLS, HTTP/1.1 connector is configured on port 8080.
+ Connectors that will not be used should be removed from server.xml.</p>
<p>The <strong>address</strong> attribute may be used to control which IP
- address the connector listens on for connections. By default, the
- connector listens on all configured IP addresses.</p>
+ address a connector listens on for connections. By default, a connector
+ listens on all configured IP addresses.</p>
<p>The <strong>allowTrace</strong> attribute may be used to enable TRACE
requests which can be useful for debugging. Due to the way some browsers
diff --git a/webapps/docs/setup.xml b/webapps/docs/setup.xml
index 3655063..8daf5c1 100644
--- a/webapps/docs/setup.xml
+++ b/webapps/docs/setup.xml
@@ -85,7 +85,6 @@
<li>JavaHome</li>
<li>TomcatPortShutdown</li>
<li>TomcatPortHttp</li>
- <li>TomcatPortAjp</li>
<li>TomcatMenuEntriesEnable</li>
<li>TomcatShortcutAllUsers</li>
<li>TomcatServiceDefaultName</li>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
