!
Hope it's the right place to ask for help or/and advice.
Few days ago I switched to latest Tomcat 10.1.42.
After deyploy POST is not working due to missing CSRF token.
When I inspect HTTP request, CSRF token is in a payload as "_csrf"
and
the
value is correct.
But at the backend s
m one minor release to another shouldn't break
> existing
> >>>> setup, it should only fix bugs.
> >>>>
> >>>> BR,
> >>>> Hrvoje Lončar
> >>>>
> >>>> On Fri, Jun 20, 2025 at 1:02 PM Mark Thomas wrote:
06/2025 02:07, Hrvoje Lončar wrote:
Hi!
Hope it's the right place to ask for help or/and advice.
Few days ago I switched to latest Tomcat 10.1.42.
After deyploy POST is not working due to missing CSRF token.
When I inspect HTTP request, CSRF token is in a payload as "_csrf&quo
e:
>> > > > Thank you very much
>> > > > Mark ThomasThat was the case :(
>> > > > Absolutely weird to make such a major change in a minor release from
>> > > > NN.MM.39 to NN.MM.42
>> > >
>> > > It was a response to a DoS
> > > > NN.MM.39 to NN.MM.42
> > >
> > > It was a response to a DoS security vulnerability.
> > >
> > > Feel free to add your views on what the defaults should be to the BZ
> > > discussion.
> > >
> > > Mark
> &
gt; > discussion.
> >
> > Mark
> >
> >
> > >
> > >
> > >
> > > On Fri, Jun 20, 2025 at 10:01 AM Mark Thomas wrote:
> > >
> > >> On 20/06/2025 02:07, Hrvoje Lončar wrote:
> > >>> Hi!
> > >>>
&g
On Fri, Jun 20, 2025 at 10:01 AM Mark Thomas wrote:
> >
> >> On 20/06/2025 02:07, Hrvoje Lončar wrote:
> >>> Hi!
> >>>
> >>> Hope it's the right place to ask for help or/and advice.
> >>> Few days ago I switched to latest Tomcat 10
to the BZ
discussion.
Mark
On Fri, Jun 20, 2025 at 10:01 AM Mark Thomas wrote:
On 20/06/2025 02:07, Hrvoje Lončar wrote:
Hi!
Hope it's the right place to ask for help or/and advice.
Few days ago I switched to latest Tomcat 10.1.42.
After deyploy POST is not working due to missing
the right place to ask for help or/and advice.
> > Few days ago I switched to latest Tomcat 10.1.42.
> > After deyploy POST is not working due to missing CSRF token.
> > When I inspect HTTP request, CSRF token is in a payload as "_csrf" and
> th
On 20/06/2025 02:07, Hrvoje Lončar wrote:
Hi!
Hope it's the right place to ask for help or/and advice.
Few days ago I switched to latest Tomcat 10.1.42.
After deyploy POST is not working due to missing CSRF token.
When I inspect HTTP request, CSRF token is in a payload as "_csrf"
Hi!
Hope it's the right place to ask for help or/and advice.
Few days ago I switched to latest Tomcat 10.1.42.
After deyploy POST is not working due to missing CSRF token.
When I inspect HTTP request, CSRF token is in a payload as "_csrf" and the
value is correct.
But at the bac
вс, 3 нояб. 2024 г. в 03:46, Frankowski, Adam :
>
> Hi,
>
>
>
> We have noticed an issue that occurred when we attempted to upgrade to Apache
> Tomcat 9.0.96. We found that the standard taglib did not properly
> escape XML strings anymore. This can lead to cross-site scripting (XSS)
> attacks
Hi,
We have noticed an issue that occurred when we attempted to upgrade to Apache
Tomcat 9.0.96. We found that the standard taglib did not properly
escape XML strings anymore. This can lead to cross-site scripting (XSS)
attacks if user input is not properly escaped.
Has anybody else noticed
Mark and Chuck,
On 5/9/24 09:35, Chuck Caldarale wrote:
You need the web.xml entries because you have extra configuration
items (the settings) that aren’t part of the
default JSP servlet definition.
+1
If you didn't need to upload files to your JSP, you wouldn't have needed
any of this in yo
> On May 9, 2024, at 01:25, Mark Foley wrote:
>
>> Does the JSP need to reference the "program" (servlet?) at all?
> The program, as shown above didn'twork at all until I put that servlet
> definition on WEB-INF/web.xml, so I suppose the answer is "yes". As to why, I
> have not a clue.
A re
On 5/7/2024 4:52 PM, Christopher Schultz wrote:
Mark,
On 5/3/24 12:16, Mark Foley wrote:
On 4/23/24 18:44, Chuck Caldarale wrote:
uploadfile
uploadfile
/schDistImportResults.jsp
The first servlet is named “uploadfile”.
On Apr 23, 2024, at 12:42, Mark Foley wrote:
Now I nee
Mark,
On 5/3/24 12:16, Mark Foley wrote:
On 4/23/24 18:44, Chuck Caldarale wrote:
uploadfile
uploadfile
/schDistImportResults.jsp
The first servlet is named “uploadfile”.
On Apr 23, 2024, at 12:42, Mark Foley wrote:
Now I need to add another program to the system that doe
On 4/23/24 18:44, Chuck Caldarale wrote:
uploadfile
uploadfile
/schDistImportResults.jsp
The first servlet is named “uploadfile”.
On Apr 23, 2024, at 12:42, Mark Foley wrote:
Now I need to add another program to the system that does file uploads. I
created another definiti
>>>
>>> uploadfile
>>>
>>>
>>> uploadfile
>>> /schDistImportResults.jsp
>>>
The first servlet is named “uploadfile”.
> On Apr 23, 2024, at 12:42, Mark Foley wrote:
>
> Now I need to add another program to the system that does file uploads. I
> created another definition in WEB-
Mark,
On 4/23/24 13:42, Mark Foley wrote:
I'm back with a related issue.
I was able to get the java class jakarta.servlet.annotation.MultipartConfig
working back last November by adding the definition shown in the
included message below to my WEB-INF/web.xml file.
Now I need to add another pr
I'm back with a related issue.
I was able to get the java class jakarta.servlet.annotation.MultipartConfig
working back last November by adding the definition shown in the
included message below to my WEB-INF/web.xml file.
Now I need to add another program to the system that does file uploads.
Never mind. 😳
Human error. 😛
On 2024-03-12 6:27 a.m., Arbol One wrote:
Hello.
This morning I woke up to find that Tomcat is not working, I tried
restarting the server, but to no avail. Then, manually, I shutdown and
started Tomcat, again, to no avail.
systemctl status tomcat says
Hello.
This morning I woke up to find that Tomcat is not working, I tried
restarting the server, but to no avail. Then, manually, I shutdown and
started Tomcat, again, to no avail.
systemctl status tomcat says:
× tomcat.service - Tomcat
Loaded: loaded (/etc/systemd/system
h I don't get the include error, contents of the
include file are not getting included. Trying to figure out why. At
least now status code has changed from 500 to 200. Not working yet but
progress never the less.
Regards,
Niranjan
On 12/5/23 11:09, Rob Sargent wrote:
On 12/5
Thank you Rob, but doubtful. We're a Ubuntu shop and always mindful of
case sensitivity.
On 12/5/23 11:09, Rob Sargent wrote:
On 12/5/23 12: 01, Niranjan Rao wrote: > Greetings, > > I'm missing
something obvious and hoping that someone can point my > nose in right
direction. > > > We have a a
On 12/5/23 12:01, Niranjan Rao wrote:
Greetings,
I'm missing something obvious and hoping that someone can point my
nose in right direction.
We have a application WAR file that works fine on tomcat 7.0.78. We're
trying to migrate this application to 9.0.82. When trying to hit the
pages,
Greetings,
I'm missing something obvious and hoping that someone can point my nose
in right direction.
We have a application WAR file that works fine on tomcat 7.0.78. We're
trying to migrate this application to 9.0.82. When trying to hit the
pages, I'm getting error JSP file not found at W
Mark,
On 11/18/23 07:52, Mark Thomas wrote:
On 17/11/2023 19:36, Christopher Schultz wrote:
Is there any reason why SHA-256 is the default? MD5 is the historical
default / only implementation for HTTP DIGEST.
RFC 7616 (2015)
Chrome will choose SHA-256 if presented with a choice of SHA-256 a
On 17/11/2023 19:36, Christopher Schultz wrote:
Is there any reason why SHA-256 is the default? MD5 is the historical
default / only implementation for HTTP DIGEST.
RFC 7616 (2015)
Chrome will choose SHA-256 if presented with a choice of SHA-256 and MD5.
Mark
---
Mark,
On 11/17/23 03:55, Mark Thomas wrote:
On 16/11/2023 18:06, Peter Otto wrote:
1. Configure BASIC auth with clear-text passwords in the Realm and
get
that working.
2. Switch to DIGEST auth with clear-text passwords in the Realm
and get
that working.
3. Then configure DIGEST a
Ok thanks.
Got it is now working.
This step was missing.
We didn’t have to do this before.
No mention of having to edit Digest inside context.xml here
https://tomcat.apache.org/tomcat-9.0-doc/realm-howto.html
Tried SHA-256, couldn’t get it to work. But MD5 does.
Thanks again.
This e-mail a
Mark,
On 11/17/23 03:55, Mark Thomas wrote:
On 16/11/2023 18:06, Peter Otto wrote:
1. Configure BASIC auth with clear-text passwords in the Realm and
get
that working.
2. Switch to DIGEST auth with clear-text passwords in the Realm
and get
that working.
3. Then configure DIGEST a
On 16/11/2023 18:06, Peter Otto wrote:
1. Configure BASIC auth with clear-text passwords in the Realm and get
that working.
2. Switch to DIGEST auth with clear-text passwords in the Realm and get
that working.
3. Then configure DIGEST auth and digested passwords in the Realm.
Hi Chris
Peter,
On 11/16/23 13:06, Peter Otto wrote:
1. Configure BASIC auth with clear-text passwords in the Realm and get
that working.
2. Switch to DIGEST auth with clear-text passwords in the Realm and get
that working.
3. Then configure DIGEST auth and digested passwords in the Realm.
Hi
Mark,
Apologies for not replying earlier; looks like you have made good
progress. See below.
On 11/14/23 12:19, Mark Foley wrote:
Anyway, enough griping! I have gotten it partially working thanks to your
suggested link, and particulary you suggestion to put the servlet info in
web.xml. I've
1. Configure BASIC auth with clear-text passwords in the Realm and get
that working.
2. Switch to DIGEST auth with clear-text passwords in the Realm and get
that working.
3. Then configure DIGEST auth and digested passwords in the Realm.
Hi Chris,
Step 1 & 2 work
Step 3 will not work with
n: users@tomcat.apache.org
> > Betreff: Re: AW: FileUpload class not working with Tomcat 10.1
> >
> > On Tue Nov 14 01:46:09 2023 "Thomas Hoffmann (Speed4Trade GmbH)"
> > wrote:
> > >
> > > Hello Mark,
> > >
> > > > -Ur
Hi Mark!
> -Ursprüngliche Nachricht-
> Von: Mark Foley
> Gesendet: Dienstag, 14. November 2023 18:20
> An: users@tomcat.apache.org
> Betreff: Re: AW: FileUpload class not working with Tomcat 10.1
>
> On Tue Nov 14 01:46:09 2023 "Thomas Hoffmann (S
on the popup box.
From: Peter Otto
Date: Monday, November 13, 2023 at 11:05 AM
To: Tomcat Users List
Subject: Re: CredentialHandler not working for MD5
Chris,
Running the debugger, I found out the DigestAuthenticator wants to use SHA-256.
8 months ago there was a change for RFC 7616.
https://u
On Tue Nov 14 01:46:09 2023 "Thomas Hoffmann (Speed4Trade GmbH)"
wrote:
>
> Hello Mark,
>
> > -Ursprüngliche Nachricht-
> > Von: Mark Foley
> > Gesendet: Montag, 13. November 2023 23:12
> > An: users@tomcat.apache.org
> > Betreff: Re:
Hello Mark,
> -Ursprüngliche Nachricht-
> Von: Mark Foley
> Gesendet: Montag, 13. November 2023 23:12
> An: users@tomcat.apache.org
> Betreff: Re: AW: FileUpload class not working with Tomcat 10.1
>
> On Mon Nov 13 02:18:49 2023 "Thomas Hoffmann (Speed4Trade
digest equals the
clientDigest, then it works.
The way I understand it, the clientDigest comes from the client entering in the
username/pwd on the popup box.
From: Peter Otto
Date: Monday, November 13, 2023 at 11:05 AM
To: Tomcat Users List
Subject: Re: CredentialHandler not working for MD5
On Mon Nov 13 02:18:49 2023 "Thomas Hoffmann (Speed4Trade GmbH)"
wrote:
> Hello,
>
> > -Ursprüngliche Nachricht-
> > Von: Mark Foley
> > Gesendet: Sonntag, 12. November 2023 19:04
> > An: users@tomcat.apache.org
> > Betreff: Re: FileUpload
: users@tomcat.apache.org
Subject: Re: CredentialHandler not working for MD5
Peter,
On 11/10/23 16:30, Peter Otto wrote:
> With 9.0.82, and the latest version 10, I get the same problem.
> So I assume it stopped working since 9.0.74 all the way up to 9.0.82
>
> Removing the Realm Lock
Hello,
> -Ursprüngliche Nachricht-
> Von: Mark Foley
> Gesendet: Sonntag, 12. November 2023 19:04
> An: users@tomcat.apache.org
> Betreff: Re: FileUpload class not working with Tomcat 10.1
>
> On Fri Nov 10 15:57:50 2023 Christopher Schultz
> wrote:
> >
&g
On Fri Nov 10 15:57:50 2023 Christopher Schultz
wrote:
>
> Mark,
>
> On 11/10/23 12:53, Mark Foley wrote:
> > On Fri, 10 Nov 2023 17:11:59 Mark Thomas >>
> >> On 10/11/2023 16:49, Mark Foley wrote:
> >>> I recently upgraded from Tomcat 10.0.17 to 10.1.13. ...
> >>>
> >>> [deleted]
> >>>
> >>>
g done when you try to authenticate.
-chris
From: Christopher Schultz
Date: Friday, November 10, 2023 at 12:35 PM
To: users@tomcat.apache.org
Subject: Re: CredentialHandler not working for MD5
Peter,
On 11/10/23 13:27, Peter Otto wrote:
Logging into manager using MD5 works in 9.0.73 but now
@tomcat.apache.org
Subject: Re: CredentialHandler not working for MD5
Peter,
On 11/10/23 13:27, Peter Otto wrote:
> Logging into manager using MD5 works in 9.0.73 but now fails in
> 9.0.74->current
> Steps to reproduce.
>
> Step 1. Run C:\tomcat\bin> .\digest
Mark,
On 11/10/23 12:53, Mark Foley wrote:
On Fri, 10 Nov 2023 17:11:59 Mark Thomas
On 10/11/2023 16:49, Mark Foley wrote:
I recently upgraded from Tomcat 10.0.17 to 10.1.13. When I previously upgraded
from 9.0.41 to 10.0.17 (back in 2/22) the FileUpload class broke. I fixed that
thanks to p
Peter,
On 11/10/23 13:27, Peter Otto wrote:
Logging into manager using MD5 works in 9.0.73 but now fails in 9.0.74->current
Steps to reproduce.
Step 1. Run C:\tomcat\bin> .\digest.bat -a md5 -s 0 -i 1
tomcat:UserDatabase:nobueno
tomcat:UserDatabase:nobueno:bb6c1c32b9b6df4f707c0e58f2c900e0
S
Logging into manager using MD5 works in 9.0.73 but now fails in 9.0.74->current
Steps to reproduce.
Step 1. Run C:\tomcat\bin> .\digest.bat -a md5 -s 0 -i 1
tomcat:UserDatabase:nobueno
tomcat:UserDatabase:nobueno:bb6c1c32b9b6df4f707c0e58f2c900e0
Step 2. Use the digest # and place it in tomcat-
On Fri, 10 Nov 2023 17:11:59 Mark Thomas
> On 10/11/2023 16:49, Mark Foley wrote:
> > I recently upgraded from Tomcat 10.0.17 to 10.1.13. When I previously
> > upgraded
> > from 9.0.41 to 10.0.17 (back in 2/22) the FileUpload class broke. I fixed
> > that
> > thanks to postings on stackoverflow
On 10/11/2023 16:49, Mark Foley wrote:
I recently upgraded from Tomcat 10.0.17 to 10.1.13. When I previously upgraded
from 9.0.41 to 10.0.17 (back in 2/22) the FileUpload class broke. I fixed that
thanks to postings on stackoverflow, but now that I've
upgraded to 10.1.13 it is broken again! Here
I recently upgraded from Tomcat 10.0.17 to 10.1.13. When I previously upgraded
from 9.0.41 to 10.0.17 (back in 2/22) the FileUpload class broke. I fixed that
thanks to postings on stackoverflow, but now that I've
upgraded to 10.1.13 it is broken again! Here's the error I get:
An error occurred at
On Wed, Sep 13, 2023 at 8:21 AM Christopher Schultz
wrote:
>
> Aryeh,
>
> On 9/12/23 17:50, Aryeh Friedman wrote:
> > On Tue, Sep 12, 2023 at 1:51 PM Christopher Schultz
> > wrote:
> >>
> >> Aryeh,
> >>
> >> On 9/12/23 12:42, Aryeh Friedman wrote:
> >>> On Tue, Sep 12, 2023 at 11:42 AM Christophe
Aryeh,
On 9/12/23 17:50, Aryeh Friedman wrote:
On Tue, Sep 12, 2023 at 1:51 PM Christopher Schultz
wrote:
Aryeh,
On 9/12/23 12:42, Aryeh Friedman wrote:
On Tue, Sep 12, 2023 at 11:42 AM Christopher Schultz
wrote:
Aryeh,
On 9/11/23 10:05, Aryeh Friedman wrote:
On Mon, Sep 11, 2023 at 9:
On Tue, Sep 12, 2023 at 1:51 PM Christopher Schultz
wrote:
>
> Aryeh,
>
> On 9/12/23 12:42, Aryeh Friedman wrote:
> > On Tue, Sep 12, 2023 at 11:42 AM Christopher Schultz
> > wrote:
> >>
> >> Aryeh,
> >>
> >> On 9/11/23 10:05, Aryeh Friedman wrote:
> >>> On Mon, Sep 11, 2023 at 9:47 AM Christophe
Aryeh,
On 9/12/23 12:42, Aryeh Friedman wrote:
On Tue, Sep 12, 2023 at 11:42 AM Christopher Schultz
wrote:
Aryeh,
On 9/11/23 10:05, Aryeh Friedman wrote:
On Mon, Sep 11, 2023 at 9:47 AM Christopher Schultz
wrote:
Aryeh,
On 9/9/23 19:36, Aryeh Friedman wrote:
On Sat, Sep 9, 2023 at 1:23
On Tue, Sep 12, 2023 at 11:42 AM Christopher Schultz
wrote:
>
> Aryeh,
>
> On 9/11/23 10:05, Aryeh Friedman wrote:
> > On Mon, Sep 11, 2023 at 9:47 AM Christopher Schultz
> > wrote:
> >>
> >> Aryeh,
> >>
> >> On 9/9/23 19:36, Aryeh Friedman wrote:
> >>> On Sat, Sep 9, 2023 at 1:23 PM Mark Thomas
Aryeh,
On 9/11/23 10:05, Aryeh Friedman wrote:
On Mon, Sep 11, 2023 at 9:47 AM Christopher Schultz
wrote:
Aryeh,
On 9/9/23 19:36, Aryeh Friedman wrote:
On Sat, Sep 9, 2023 at 1:23 PM Mark Thomas wrote:
On 09/09/2023 11:52, Aryeh Friedman wrote:
Every other jsp in my webapp (and other we
On 9/11/2023 9:05 AM, Aryeh Friedman wrote:
On Mon, Sep 11, 2023 at 9:47 AM Christopher Schultz
wrote:
Aryeh,
On 9/9/23 19:36, Aryeh Friedman wrote:
On Sat, Sep 9, 2023 at 1:23 PM Mark Thomas wrote:
On 09/09/2023 11:52, Aryeh Friedman wrote:
Every other jsp in my webapp (and other webapps
On Mon, Sep 11, 2023 at 9:47 AM Christopher Schultz
wrote:
>
> Aryeh,
>
> On 9/9/23 19:36, Aryeh Friedman wrote:
> > On Sat, Sep 9, 2023 at 1:23 PM Mark Thomas wrote:
> >>
> >> On 09/09/2023 11:52, Aryeh Friedman wrote:
> >>> Every other jsp in my webapp (and other webapps on the same tomcat
> >>
Aryeh,
On 9/9/23 19:36, Aryeh Friedman wrote:
On Sat, Sep 9, 2023 at 1:23 PM Mark Thomas wrote:
On 09/09/2023 11:52, Aryeh Friedman wrote:
Every other jsp in my webapp (and other webapps on the same tomcat
instance [9.0.75]) works and I am using a the default container but as
curl/catalina.o
On Sat, Sep 9, 2023 at 1:23 PM Mark Thomas wrote:
>
> On 09/09/2023 11:52, Aryeh Friedman wrote:
> > Every other jsp in my webapp (and other webapps on the same tomcat
> > instance [9.0.75]) works and I am using a the default container but as
> > curl/catalina.out show BasePage is *NEVER* being ca
On 09/09/2023 11:52, Aryeh Friedman wrote:
Every other jsp in my webapp (and other webapps on the same tomcat
instance [9.0.75]) works and I am using a the default container but as
curl/catalina.out show BasePage is *NEVER* being called (either the
_jspService() or the getX()):
How have you con
; > -Ursprüngliche Nachricht-
> > Von: Aryeh Friedman
> > Gesendet: Samstag, 9. September 2023 12:57
> > An: Tomcat Users List
> > Betreff: Re: page extends not working???
> >
> > Oops forgot to include the full log see below replaced inline
>
Hello,
> -Ursprüngliche Nachricht-
> Von: Aryeh Friedman
> Gesendet: Samstag, 9. September 2023 12:57
> An: Tomcat Users List
> Betreff: Re: page extends not working???
>
> Oops forgot to include the full log see below replaced inline
>
> On Sat, Sep 9, 202
Oops forgot to include the full log see below replaced inline
On Sat, Sep 9, 2023 at 6:52 AM Aryeh Friedman wrote:
>
> Every other jsp in my webapp (and other webapps on the same tomcat
> instance [9.0.75]) works and I am using a the default container but as
> curl/catalina.out show BasePage is *
Every other jsp in my webapp (and other webapps on the same tomcat
instance [9.0.75]) works and I am using a the default container but as
curl/catalina.out show BasePage is *NEVER* being called (either the
_jspService() or the getX()):
package dashboard.web.pages;
import java.io.IOException;
imp
Hi Mark,
Thanks for your help. We will go with validation against a known trusted
list host as you suggested. Also, I have updated
https://bz.apache.org/bugzilla/show_bug.cgi?id=64353 with reference to the
discussion.
As always, thanks for your wonderful support!
Thanks,
Bhavesh
On Tue, Aug 2
On 29/08/2023 21:51, Bhavesh Mistry wrote:
Hi Mark,
curl - -k "https://www.mydomain.com/login"; -H 'Host:
attackerHostHeaderInjection.com'
*Why? What problem are you trying to solve?*
Host Header injection is a vulnerability that needs to be addressed., I am
trying to solve if the host
Hi Mark,
> curl - -k "https://www.mydomain.com/login"; -H 'Host:
> attackerHostHeaderInjection.com'
*Why? What problem are you trying to solve?*
Host Header injection is a vulnerability that needs to be addressed., I am
trying to solve if the host is a mismatch between the HOST ( or Authori
On 29/08/2023 08:00, Bhavesh Mistry wrote:
Hi Mark,
I am sorry for delayed response.
Basically, when request url does not match host header then I would reject
it. For example,
curl - -k "https://www.mydomain.com/login"; -H 'Host:
attackerHostHeaderInjection.com'
Why? What problem are
Hi Mark,
I am sorry for delayed response.
Basically, when request url does not match host header then I would reject
it. For example,
curl - -k "https://www.mydomain.com/login"; -H 'Host:
attackerHostHeaderInjection.com'
Based curl -vvv output, tomcat server does not know host name used
Tomcat doesn't expose the SNI information.
What problem are you trying to solve here?
Tomcat rejects requests with mis-matched host headers by default and can
be configured to allow them in 8.5.x, 9.0.x and 10.1.x. You shouldn't
need to write any extra code for this.
Mark
On 21/08/2023 12:
>
>
> Hi Mark and Thomas,
>
>
>
> I understood now that Tomcat does not have information other than HOST
> (HTTP 1.1) and :authority: (HTTP2). So there is no way to check what URL
> used to connect and headers.
>
>
>
> I was wondering if TLS Handshake can provide *SNI can be used for this
> purpos
Hello,
> -Ursprüngliche Nachricht-
> Von: Bhavesh Mistry
> Gesendet: Sonntag, 20. August 2023 04:09
> An: Tomcat Users List
> Betreff: Re: Tomcat 9 Connector config allowHostHeaderMismatch not
> working as expected
>
> Hi Mark,
>
> Thanks for your quick
Hi Mark,
Thanks for your quick reply. According to the spec, the Request line
three line: http method path and version. Basically, what I wanted to do
to is if the HOST header does not match the requested server name in the
URL then return 404 04 403.
Can you please help me how I can do this?
19 Aug 2023 19:46:56 Bhavesh Mistry :
Hi, Tomcat Dev team and Users,
I am trying to block the request and give 404 bad requests or 403 when
the
HOST header does not match the requested server name. My goal is to
block
whenever there is a mismatch in the host header and URL server name.
Hi, Tomcat Dev team and Users,
I am trying to block the request and give 404 bad requests or 403 when the
HOST header does not match the requested server name. My goal is to block
whenever there is a mismatch in the host header and URL server name.
I would appreciate your help.
curl - -k "
Dhayalan,
On 7/14/23 01:42, Dhayalan Ganapathy wrote:
I am trying to migrate tomcat6 with the war to tomcat 9, but rmiclient
which is running in tomcat 6 not working in tomcat9.
Is rmiclient a component of your application, or something from a
third-party?
It throws an error unknown
Hi,
I am trying to migrate tomcat6 with the war to tomcat 9, but rmiclient
which is running in tomcat 6 not working in tomcat9.
It throws an error unknown protocol: war. Can you please help us to run
the application in tomcat 9?.
[image: cid:image004.jpg@01D9B641.52DEE890]
[image
Kevin,
On 4/19/23 07:07, Kevin Huntly wrote:
I'm guessing its not possible to have the cluster setup with a session
database?
Yeah, you usually pick one: database or cluster.
If you pick cluster, then the cluster is your database (don't let all
the nodes go down!). If you pick database, ther
thank you!
On Wed, Apr 19, 2023, 13:29 Mark Thomas wrote:
> On 19/04/2023 12:07, Kevin Huntly wrote:
> > I'm guessing its not possible to have the cluster setup with a session
> > database?
>
> Correct, for out of the box options.
>
> There are 3rd party session managers that persist the data in
On 19/04/2023 12:07, Kevin Huntly wrote:
I'm guessing its not possible to have the cluster setup with a session
database?
Correct, for out of the box options.
There are 3rd party session managers that persist the data in various
databases. Off the top of my head Redis and Geode provide this.
I'm guessing its not possible to have the cluster setup with a session
database?
Kevin Huntly
Email: kmhun...@gmail.com
Cell: 716/424-3311
-BEGIN GEEK CODE BLOCK-
Version: 1.0
GCS/IT d+ s a C
Hi Mark,
I found the culprit and replaced with:
org.apache.catalina.ha.session.DeltaManager
I'm now seeing the following:
19-Apr-2023 06:57:56.482 SEVERE [main]
org.apache.tomcat.util.digester.Digester.endElement End event threw
exception
java.lang.NoSuchMethodException:
org.apache.cata
On 18/04/2023 15:59, Kevin Huntly wrote:
Hello,
I'm getting the following error message:
18-Apr-2023 10:56:55.404 INFO [main]
org.apache.catalina.startup.HostConfig.deployDescriptor Deploying
deployment descriptor
[/opt/Apache/tomcat/apache-tomcat-9.0.74/conf/Catalina/localhost/esolutions.xml]
Hello,
I'm getting the following error message:
18-Apr-2023 10:56:55.404 INFO [main]
org.apache.catalina.startup.HostConfig.deployDescriptor Deploying
deployment descriptor
[/opt/Apache/tomcat/apache-tomcat-9.0.74/conf/Catalina/localhost/esolutions.xml]
18-Apr-2023 10:57:05.400 WARNING [main]
org
Follow-up to this thread:
I found the problem, which was my own mistake. I failed to enter the correct
domain name when creating the keystone. After going back through the entire
process again, with the correct domain name, the server is up and running
again. Thanks, nevertheless, for the help
Ralph,
On 3/21/23 06:38, Ralph Grove wrote:
> [snip]
>
Alias name: tomcat
Creation date: Mar 21, 2023
Entry type: trustedCertEntry
You created a keystore with no keys.
Where is the key you used to generate the CSR? That key needs to be in
your keystore under the alias 'tomcat' alongside t
> On Mar 21, 2023, at 4:25 AM, Mark Thomas wrote:
>
> On 21/03/2023 01:09, Ralph Grove wrote:
>> I'm having a problem installing a new SSL certificate on a GoDaddy-hosted
>> server running Tomcat. Any suggestions for resolving it would be appreciated.
>> I set up the server last year and insta
On 21/03/2023 01:09, Ralph Grove wrote:
I'm having a problem installing a new SSL certificate on a GoDaddy-hosted
server running Tomcat. Any suggestions for resolving it would be appreciated.
I set up the server last year and installed the SSL certificate with no problem. This
year, after the
Pressed send too quickly -- I see different aliases there. Ignore my
previous comments
Using PEM files is much simpler to manage, I would go that route instead...
will make it easier. However, I can't offer any real advice on the specific
issue at this time...
Others will certainly be more he
I believe the default certificate alias used by Tomcat is "tomcat". I think
you are creating your keystore with the alias "root".
(see https://tomcat.apache.org/tomcat-9.0-doc/ssl-howto.html for docs on
Tomcat SSL configuration -- adjust for the version you are running)
On Mon, Mar 20, 2023 at 9:
I'm having a problem installing a new SSL certificate on a GoDaddy-hosted
server running Tomcat. Any suggestions for resolving it would be appreciated.
I set up the server last year and installed the SSL certificate with no
problem. This year, after the original certificate expired, I downloaded
Hi Chris, Mark,
Returning to an old thread...
I was able to figure this out. My application uses axis2 for web
services. Asix2 has .JSP files in:
WEB-INF/views/admin
WEB-INF/include
These .jsp files are the ones causing the problem. I'm not sure why.
My application doesn't use taglibs
On 08/07/2021 23:12, Builder Lynx Demo wrote:
Hi Chris, Mark,
Thank you for pointing that out. I never would have guessed that.
Updating the separator addresses that issue. However now the jasper
task throws an exception:
BUILD FAILED
/home/alex/cc/build.xml:534: The following error occ
On 7/8/21 10:47 AM, Christopher Schultz wrote:
Mark,
On 7/8/21 05:50, Mark Thomas wrote:
On 08/07/2021 04:37, Builder Lynx Demo wrote:
Hi,
I have a large java jsp and servlet web application. Started about
20 years ago and still going strong. It uses an ant build process.
One of the ant
Mark and Manish,
On 5/10/21 13:11, Mark Thomas wrote:
On 08/05/2021 18:26, Palod, Manish wrote:
Hi,
We further debugged the issue and narrowed down the issue to dynamic
update of Truststore. We add certificate into TrustStore dynamically.
We have to restart the server to use the newly added
1 - 100 of 1571 matches
Mail list logo
