I am running Tomcat 4.1.27 using Sun's j2sdk 1.4.2 on Solaris 9 64-bit.
I am only using Tomcat for a JSP/Servlet engine using mod_jk2 and apache
2. I am using an AF_UNIX socket for communication.
The only connector I have defined in conf/server.xml is as follows:
<!-- Define a Coyote/JK2 AJP 1.3 Connector - LOCAL ONLY-->
<Connector className="
org.apache.coyote.tomcat4.CoyoteConnector"
minProcessors="5" maxProcessors="75" enableLookups="true"
acceptCount="10" debug="5" connectionTimeout="0"
useURIValidationHack="false"
protocolHandlerClassName="
org.apache.jk.server.JkCoyoteHandler">
</Connector>
I was told that removing the port="" parameter this would effectively be
a local only connector.
However, here is the catalina.out logfile from tomcat initialization:
-------------------------------------------------------------------------
Sep 28, 2003 6:56:12 AM
org.apache.commons.modeler.Registry loadRegistry
INFO: Loading registry information
Sep 28, 2003 6:56:12 AM
org.apache.commons.modeler.Registry getRegistry
INFO: Creating new Registry instance
Sep 28, 2003 6:56:14 AM
org.apache.commons.modeler.Registry getServer
INFO: Creating MBeanServer
Starting service Tomcat-Standalone
Apache Tomcat/4.1.27
Sep 28, 2003 6:56:21 AM
org.apache.struts.util.PropertyMessageResources <init>
INFO: Initializing, config='org.apache.struts.util.LocalStrings',
returnNull=true
Sep 28, 2003 6:56:21 AM
org.apache.struts.util.PropertyMessageResources <init>
INFO: Initializing, config='org.apache.struts.action.ActionResources',
returnNull=true
Sep 28, 2003 6:56:22 AM
org.apache.struts.util.PropertyMessageResources <init>
INFO: Initializing,
config='org.apache.webapp.admin.ApplicationResources', returnNull=true
[Sun Sep 28 06:56:29 2003] ( info ) [jk_config_file.c (320)]
cfg.update() Updating config
/usr/local/jakarta-tomcat-4.1.27/conf/workers2.properties 1864393060
1064685328
[Sun Sep 28 06:56:30 2003] ( info ) [jk_config_file.c (331)]
config.setConfig(): Reading properties
/usr/local/jakarta-tomcat-4.1.27/conf/workers2.properties 1
[Sun Sep 28 06:56:30 2003] ( info ) [jk_logger_file.c (184)]
Initializing log file stderr
[Sun Sep 28 06:56:30 2003] ( info ) [jk_workerEnv.c (403)]
workerEnv.init() ok
/usr/local/jakarta-tomcat-4.1.27/conf/workers2.properties
Sep 28, 2003 6:56:30 AM
org.apache.jk.apr.AprImpl init
INFO: JK2: Initialized apr
Sep 28, 2003 6:56:30 AM
org.apache.jk.common.ChannelUn init
INFO: JK: listening on unix socket:
/usr/local/jakarta-tomcat-4.1.27/work/jk2.socket
Sep 28, 2003 6:56:30 AM
org.apache.jk.common.ChannelSocket init
INFO: JK2: ajp13 listening on /0.0.0.0:8080
Sep 28, 2003 6:56:30 AM
org.apache.jk.server.JkMain start
INFO: Jk running ID=0 time=3/264
config=/usr/local/jakarta-tomcat-4.1.27/conf/jk2.properties
-------------------------------------------------------------------------
From this log you can see that ajp13 is listening on the loopback
interface.
However, 'netstat -a' shows this:
*.8080 *.* 0 0 49152 0 LISTEN
The *.8080 means the process is listening for connections on all
interfaces. On Solaris, if a service is ONLY listening on loopback, it
should appear as so: (using the sshd server as an example)
localhost.ssh *.* 0 0 49152 0 LISTEN
If a service is ONLY listening on a non-loopback interface it would
appear as so:
hostname.mydomain.tld.ssh *.* 0 0 49152 0 LISTEN
I can indeed telnet to the machine from a remote host and connect to
port 8080. (however I do not know the protocol to test any commands but
I do get a connection)
Have I misconfigured something or is this a bug or what? This box is on
a very high profile network (due to the myriad of porn sites and
anti-spam services running on the same subnet at this particuliar colo)
and security is a major concern, and I currently have no firewall to put
this box behind.
Thanks for any help,
Chuck
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@(protected)
For additional commands, e-mail: tomcat-user-help@(protected)
