Mark, On 9/8/2011 11:47 AM, Mark Thomas wrote: > On 08/09/2011 16:13, Christopher Schultz wrote: >> All, https://issues.apache.org/bugzilla/show_bug.cgi?id=51698 >> >> Mark's official report to the users' list indicates that setting a >> "secret" for the AJP connection does the trick. (I tried this >> myself before digging-up his message and can confirm that the >> sample code fails when a "secret" is set). >> >> Should we mention this on the Security page directly for those who >> didn't read the announcement on the users' list? > > No reason why not. Go for it.
Okay. Any idea if mod_proxy_ajp supports the shared secret? The
documentation is so light on actually using mod_proxy_ajp that it might
be supported ("ProxyPass /foo ajp://bar secret=changeit"?) but
completely undocumented in the httpd documentation.
This is all I could find:
http://www.google.com/url?sa=t&source=web&cd=1&ved=0CBcQFjAA&url=http%3A%2F%2Fwww.gossamer-threads.com%2Flists%2Fapache%2Fdev%2F332363&rct=j&q=mod_proxy_ajp%20secret&ei=fCFpTtWRAuPL0QGUo-CDDA&usg=AFQjCNHOT2d5i5zlmL06G4eoMG5skYTkVw&cad=rja
Thanks,
-chris
signature.asc
Description: OpenPGP digital signature
