Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
 Topic: Apache and Tomcat integration - Mod Security |
|
| Author |
|
Menaka
Joined: 18 Jun 2013
Posts: 19
Location: India
|
 Posted: Thu 04 Jul '13 10:03 Post subject: Apache and Tomcat integration - Mod Security |
 |
|
I have installed both Apache(v2.2.17) and Tomcat(v6.0.37) in my system.
Apache is using port 80 and Tomcat 8080. I didnt change the default port settings.
Then I tried integrating both Apache and Tomcat using mod_jk(v1.2.31) connector.
Steps I followed:
1. Downloaded mod_jk binary file from Internet and placed inside C:\Apache2217\modules
2. Created workers.properties file inside directory C:\Apache2217\conf with the following content:
worker.list=ajp13
worker.ajp13.port=8009
worker.ajp13.host=localhost
worker.ajp13.type=ajp13
3. Added following lines in C:\Apache2217\conf\httpd.conf file for Apache
<IfModule !mod_jk.c>
LoadModule jk_module modules/mod_jk.so
# tells Apache to load the mod_jk module
</IfModule>
<IfModule !mod_jk.c>
LoadModule jk_module modules/mod_jk.so
# tells Apache to load the mod_jk module
JkWorkersFile "conf/workers.properties"
#tells the location of properties file
JkLogFile "logs/mod_jk.log"
JkLogLevel error
JkMount /jsp-examples ajp13
JkMount /jsp-examples/* ajp13
JkMount /Application ajp13
JkMount /Application/* ajp13
</IfModule>
4. Added the following lines in C:\apache-tomcat-6.0.37\conf\server.xml file for Tomcat
<Listener className="org.apache.jk.config.ApacheConfig" modJk="C:/Apache2217/modules/mod_jk.so" />
<Listener className="org.apache.jk.config.ApacheConfig" append="true" forwardAll="false" modJk="C:/Apache2217/modules/mod_jk.so" />
Placed an application(sample.war) file inside C:\apache-tomcat-6.0.37\webapps. sample is a vulnerable app developed using JSP and Servlets.
I started Tomcat first and then Apache services using services.msc.
Able to access the application using http://localhost:8080/sample and it is working fine.
My doubt is I have integrated Apache and Tomcat, but why am I not able to access the application on port 80 using http://localhost:80/sample.
Note: I went for Tomcat because Apache only supports static pages written using html, php etc., but the vulnerable app I had is a dynamic one.
I configured Mod Security on Apache and I am afraid it won’t log the Tomcat traffic.
I refered link: http://palpapers.plynt.com/issues/20...t-into-waf-p1/ for the above procedure.
Please help me in resolving this issue. |
|
| Back to top |
|
Menaka
Joined: 18 Jun 2013
Posts: 19
Location: India
|
|
| Back to top |
|
|
|
|
|
|
