Tomcat 7使用AJP协议设置问题

最近发现tomcat总是莫名崩溃,查看日志发现

catalina.out

Jan 26, 2016 5:06:47 PM org.apache.coyote.ajp.AjpMessage processHeader
SEVERE: Invalid message received with signature 18245
Jan 26, 2016 5:06:48 PM org.apache.coyote.ajp.AjpMessage processHeader
SEVERE: Invalid message received with signature 5635
Jan 26, 2020 5:06:48 PM org.apache.coyote.ajp.AjpMessage processHeader
SEVERE: Invalid message received with signature 18245
Jan 26, 2020 5:06:48 PM org.apache.coyote.ajp.AjpMessage processHeader
SEVERE: Invalid message received with signature 3338
Jan 26, 2020 5:06:48 PM org.apache.coyote.ajp.AjpMessage processHeader
SEVERE: Invalid message received with signature 20304
Jan 26, 2020 5:06:48 PM org.apache.coyote.ajp.AjpMessage processHeader
SEVERE: Invalid message received with signature 20304
Jan 26, 2020 5:06:48 PM org.apache.coyote.ajp.AjpMessage processHeader
SEVERE: Invalid message received with signature 32768
Jan 26, 2020 5:06:48 PM org.apache.coyote.ajp.AjpMessage processHeader
SEVERE: Invalid message received with signature 30

这是server.xml中的内容:

<Connector port="8080" protocol="HTTP/1.1" 
           connectionTimeout="20000" 
           redirectPort="8443" />

<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8009" protocol="AJP/1.3"  redirectPort="8443" />

 

那么根据The AJP Connector中的介绍说明(注意address部分),如果没有指定IP地址的话,默认是绑定任意地址,这样就导致外网也可以访问这个端口。因此出于安全考虑,我们需要增加这个address的设置,并且绑定到127.0.0.1。最终结果如下

改正后server.xml如下:

<Connector port="8080" protocol="HTTP/1.1" 
           connectionTimeout="20000" 
           redirectPort="8443" />

<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8009" protocol="AJP/1.3" address="127.0.0.1"  redirectPort="8443" />

在配置时没有指定address="127.0.0.1",导致外网也可以访问这个端口;

posted @ 2020-10-12 10:23  iTachiLEe  阅读(1327)  评论(0编辑  收藏  举报