This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit bd5ebb63e438a253bbd9b035425ece915d3feb21 Author: Mark Thomas <ma...@apache.org> AuthorDate: Tue Jan 21 12:41:01 2020 +0000 Disable AJP connector by default --- conf/server.xml | 3 ++- res/tomcat.nsi | 21 --------------------- webapps/docs/changelog.xml | 4 ++++ webapps/docs/manager-howto.xml | 2 -- webapps/docs/security-howto.xml | 8 ++++---- webapps/docs/setup.xml | 1 - 6 files changed, 10 insertions(+), 29 deletions(-) diff --git a/conf/server.xml b/conf/server.xml index 2cd78df..5d9d57a 100644 --- a/conf/server.xml +++ b/conf/server.xml @@ -113,8 +113,9 @@ --> <!-- Define an AJP 1.3 Connector on port 8009 --> + <!-- <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" /> - + --> <!-- An Engine represents the entry point (within Catalina) that processes every request. The Engine implementation for Tomcat stand alone diff --git a/res/tomcat.nsi b/res/tomcat.nsi index 60d1f09..c06df50 100644 --- a/res/tomcat.nsi +++ b/res/tomcat.nsi @@ -53,7 +53,6 @@ Var Arch Var ResetInstDir Var TomcatPortShutdown Var TomcatPortHttp -Var TomcatPortAjp Var TomcatMenuEntriesEnable Var TomcatShortcutAllUsers Var TomcatServiceName @@ -70,7 +69,6 @@ Var TomcatAdminRoles Var CtlJavaHome Var CtlTomcatPortShutdown Var CtlTomcatPortHttp -Var CtlTomcatPortAjp Var CtlTomcatServiceName Var CtlTomcatShortcutAllUsers Var CtlTomcatAdminUsername @@ -135,7 +133,6 @@ Var ServiceInstallLog LangString TEXT_JVM_LABEL1 ${LANG_ENGLISH} "Please select the path of a Java @MIN_JAVA_VERSION@ or later JRE installed on your system." LangString TEXT_CONF_LABEL_PORT_SHUTDOWN ${LANG_ENGLISH} "Server Shutdown Port" LangString TEXT_CONF_LABEL_PORT_HTTP ${LANG_ENGLISH} "HTTP/1.1 Connector Port" - LangString TEXT_CONF_LABEL_PORT_AJP ${LANG_ENGLISH} "AJP/1.3 Connector Port" LangString TEXT_CONF_LABEL_SERVICE_NAME ${LANG_ENGLISH} "Windows Service Name" LangString TEXT_CONF_LABEL_SHORTCUT_ALL_USERS ${LANG_ENGLISH} "Create shortcuts for all users" LangString TEXT_CONF_LABEL_ADMIN ${LANG_ENGLISH} "Tomcat Administrator Login (optional)" @@ -459,7 +456,6 @@ Function .onInit StrCpy $JavaHome "" StrCpy $TomcatPortShutdown "-1" StrCpy $TomcatPortHttp "8080" - StrCpy $TomcatPortAjp "8009" StrCpy $TomcatMenuEntriesEnable "0" StrCpy $TomcatShortcutAllUsers "0" StrCpy $TomcatServiceDefaultName "Tomcat@VERSION_MAJOR@" @@ -477,7 +473,6 @@ Function .onInit ${ReadFromConfigIni} $JavaHome "JavaHome" $R2 ${ReadFromConfigIni} $TomcatPortShutdown "TomcatPortShutdown" $R2 ${ReadFromConfigIni} $TomcatPortHttp "TomcatPortHttp" $R2 - ${ReadFromConfigIni} $TomcatPortAjp "TomcatPortAjp" $R2 ${ReadFromConfigIni} $TomcatMenuEntriesEnable "TomcatMenuEntriesEnable" $R2 ${ReadFromConfigIni} $TomcatShortcutAllUsers "TomcatShortcutAllUsers" $R2 ${ReadFromConfigIni} $TomcatServiceDefaultName "TomcatServiceDefaultName" $R2 @@ -603,13 +598,6 @@ Function pageConfiguration Pop $CtlTomcatPortHttp ${NSD_SetTextLimit} $CtlTomcatPortHttp 5 - ${NSD_CreateLabel} 0 36u 100u 14u "$(TEXT_CONF_LABEL_PORT_AJP)" - Pop $R0 - - ${NSD_CreateText} 150u 34u 50u 12u "$TomcatPortAjp" - Pop $CtlTomcatPortAjp - ${NSD_SetTextLimit} $CtlTomcatPortAjp 5 - ${NSD_CreateLabel} 0 57u 140u 14u "$(TEXT_CONF_LABEL_SERVICE_NAME)" Pop $R0 @@ -647,7 +635,6 @@ FunctionEnd Function pageConfigurationLeave ${NSD_GetText} $CtlTomcatPortShutdown $TomcatPortShutdown ${NSD_GetText} $CtlTomcatPortHttp $TomcatPortHttp - ${NSD_GetText} $CtlTomcatPortAjp $TomcatPortAjp ${NSD_GetText} $CtlTomcatServiceName $TomcatServiceName ${If} $TomcatMenuEntriesEnable == "1" ${NSD_GetState} $CtlTomcatShortcutAllUsers $TomcatShortcutAllUsers @@ -670,12 +657,6 @@ Function pageConfigurationLeave Goto exit ${EndIf} - ${If} $TomcatPortAjp == "" - MessageBox MB_ICONEXCLAMATION|MB_OK 'The AJP port may not be empty' - Abort "Config not right" - Goto exit - ${EndIf} - ${If} $TomcatServiceName == "" MessageBox MB_ICONEXCLAMATION|MB_OK 'The Service Name may not be empty' Abort "Config not right" @@ -1064,7 +1045,6 @@ Function configure IfErrors SERVER_XML_LEAVELOOP ${StrRep} $R4 $R3 "8005" "$TomcatPortShutdown" ${StrRep} $R3 $R4 "8080" "$TomcatPortHttp" - ${StrRep} $R4 $R3 "8009" "$TomcatPortAjp" FileWrite $R2 $R4 Goto SERVER_XML_LOOP SERVER_XML_LEAVELOOP: @@ -1082,7 +1062,6 @@ Function configure DetailPrint 'Server shutdown listener configured on port "$TomcatPortShutdown"' DetailPrint 'HTTP/1.1 Connector configured on port "$TomcatPortHttp"' - DetailPrint 'AJP/1.3 Connector configured on port "$TomcatPortAjp"' DetailPrint "server.xml written" StrCpy $R5 '' diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index b470b42..6cc6001 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -179,6 +179,10 @@ to <code>rejectIllegalHeader</code> and expand the underlying implementation to include header values as well as names. (markt) </fix> + <update> + Disable (comment out in server.xml) the AJP/1.3 connector by default. + (markt) + </update> </changelog> </subsection> <subsection name="Jasper"> diff --git a/webapps/docs/manager-howto.xml b/webapps/docs/manager-howto.xml index 4120aa9..77c7429 100644 --- a/webapps/docs/manager-howto.xml +++ b/webapps/docs/manager-howto.xml @@ -904,8 +904,6 @@ currently configured for each virtual host.</p> <source>OK - Connector / Trusted Certificate information Connector[HTTP/1.1-8080] SSL is not enabled for this connector -Connector[AJP/1.3-8009] -SSL is not enabled for this connector Connector[HTTP/1.1-8443]-_default_ [ [ diff --git a/webapps/docs/security-howto.xml b/webapps/docs/security-howto.xml index 16d685a..a9b2ec8 100644 --- a/webapps/docs/security-howto.xml +++ b/webapps/docs/security-howto.xml @@ -246,12 +246,12 @@ </subsection> <subsection name="Connectors"> - <p>By default, an HTTP and an AJP connector are configured. Connectors - that will not be used should be removed from server.xml.</p> + <p>By default, a non-TLS, HTTP/1.1 connector is configured on port 8080. + Connectors that will not be used should be removed from server.xml.</p> <p>The <strong>address</strong> attribute may be used to control which IP - address the connector listens on for connections. By default, the - connector listens on all configured IP addresses.</p> + address a connector listens on for connections. By default, a connector + listens on all configured IP addresses.</p> <p>The <strong>allowTrace</strong> attribute may be used to enable TRACE requests which can be useful for debugging. Due to the way some browsers diff --git a/webapps/docs/setup.xml b/webapps/docs/setup.xml index 3655063..8daf5c1 100644 --- a/webapps/docs/setup.xml +++ b/webapps/docs/setup.xml @@ -85,7 +85,6 @@ <li>JavaHome</li> <li>TomcatPortShutdown</li> <li>TomcatPortHttp</li> - <li>TomcatPortAjp</li> <li>TomcatMenuEntriesEnable</li> <li>TomcatShortcutAllUsers</li> <li>TomcatServiceDefaultName</li> --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org