Rainer Jung wrote:
I added a comment with a non spec compliant workaround to BZ41263.
We'll seee, whether we can make the AJP Tomcat connectors "hack aware",
i.e. allow them to get the remotePort from the REMOTE_PORT env var when
set.
Only if you make sure that the REMOTE_PORT is always mod_jk/tomcat
private. Any REMOTE_PORT in the incoming request must be rewritten.
... and there is a backward compatibility problem if you use new
tomcat with old mod_jk. This would be security risk in that case.
Someone could easily set that value to anything and tomcat would
think it came from mod_jk. Very bad :)
Regards
--
^(TM)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
