svn commit: r752691 - /tomcat/connectors/trunk/jk/xdocs/generic_howto/proxy.xml

Wed, 11 Mar 2009 16:29:08 -0700 

Author: rjung
Date: Wed Mar 11 23:28:42 2009
New Revision: 752691

URL: http://svn.apache.org/viewvc?rev=752691&view=rev
Log:
Add a few tweaks to the new proxy docs page.

Modified:
    tomcat/connectors/trunk/jk/xdocs/generic_howto/proxy.xml

Modified: tomcat/connectors/trunk/jk/xdocs/generic_howto/proxy.xml
URL: 
http://svn.apache.org/viewvc/tomcat/connectors/trunk/jk/xdocs/generic_howto/proxy.xml?rev=752691&r1=752690&r2=752691&view=diff
==============================================================================
--- tomcat/connectors/trunk/jk/xdocs/generic_howto/proxy.xml (original)
+++ tomcat/connectors/trunk/jk/xdocs/generic_howto/proxy.xml Wed Mar 11 
23:28:42 2009
@@ -92,9 +92,13 @@
 </li>
 <li>SSL cipher: <code>getAttribute(javax.servlet.request.cipher_suite)</code>
 </li>
-<li>SSL key size: <code>getAttribute(javax.servlet.request.key_size)</code>
+<li>SSL key size: <code>getAttribute(javax.servlet.request.key_size)</code>.
+Can be disabled using <code>JkOptions -ForwardKeySize</code>.
 </li>
-<li>SSL client certificate: 
<code>getAttribute(javax.servlet.request.X509Certificate)</code>
+<li>SSL client certificate: 
<code>getAttribute(javax.servlet.request.X509Certificate)</code>.
+If you want the whole certificate chain, then you need to also set 
<code>JkOptions ForwardSSLCertChain</code>.
+It is likely, that in this case you also need to adjust the maximal AJP packet 
size
+using the worker attribute <a 
href="../reference/workers.html">max_packet_size</a>.
 </li>
 <li>SSL session ID: 
<code>getAttribute(javax.servlet.request.ssl_session)</code>.
 This is for Tomcat, it has not yet been standardized.
@@ -169,6 +173,11 @@
 </p>
 <p>All variables, that are not SSL-related have only been introduced in 
version 1.2.27.
 </p>
+<p>Finally there is a shortcut to forward the local IP of the web server as 
the remote IP.
+This can be useful, e.g. when using the Tomcat remote address valve for 
allowing connections
+only from registered Apache web servers. This feature is activated by setting
+<code>JkOptions ForwardLocalAddress</code>.
+</p>
 </section>
 <section name="Tomcat AJP Connector Settings">
 <br/>



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to