3

I have a Apache server running 2.4.6, Tomcat 8.5.33 running lucee.

We have rewrite rules that proxy to AJP on port 8009.

ProxyPassReverse / ajp://localhost:8009/ timeout=3600
RewriteEngine On

# Rewrite sitemap
RewriteRule ^/sitemap\.txt$ ajp://localhost:8009/sitemap/index.cfm?format=txt [P]
RewriteRule ^/sitemap\.xml$ ajp://localhost:8009/sitemap/index.cfm [P]

I need to implement the secret and am able to setup in server.xml without issue, but having a hard time finding out how I pass the secret via the rewrite rule???

<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" maxThreads="400" requiredSecret="PasswordGoesHere!" />

Anyone have an idea on how I can pass the secret???

Thanks Grant

2 Answers2

3

The answer is unfortunately: You can't, unless you upgrade to some later Apache2 version that supports the secret flag in mod_proxy_ajp, and even then I don't quite understand how to pass the flag using a RewriteRule.

I have some machines with Debian 9, Apache2 2.4.25-3+deb9u9 and Tomcat8 8.5.54-0+deb9u. There was a defect filed in the debian bugs list (see https://www.mail-archive.com/debian-bugs-rc@lists.debian.org/msg561495.html), but this was closed as working as intended - they are not going to backport the patch to 2.4.25, so with your 2.4.6 you are definitely out of luck with getting this combination to work with a secret set.

The only solution to the problem would be to set secretRequired="false" in the connector configuration of your Tomcat's server.xml.

2

With mod_proxy_ajp (cfr. https://httpd.apache.org/docs/trunk/mod/mod_proxy_ajp.html) you just add "?secret=XXX" to the rewritten path of the ProxyPass directive. I've never used a rewriterule to address Tomcat.

Caveat: ?secret 0x0C String Supported since 2.4.42

Gerard H. Pille
  • 2,469
  • 1
  • 12
  • 10