This week's book giveaway is in the OO, Patterns, UML and Refactoring forum.
We're giving away four copies of Refactoring for Software Design Smells: Managing Technical Debt and have Girish Suryanarayana, Ganesh Samarthyam & Tushar Sharma on-line!
See this thread for details.
The moose likes Tomcat and the fly likes Apache and Tomcat integration - Mod Security Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

JavaRanch » Java Forums » Products » Tomcat
Bookmark "Apache and Tomcat integration - Mod Security" Watch "Apache and Tomcat integration - Mod Security" New topic

Apache and Tomcat integration - Mod Security

john menoor

Joined: Jul 04, 2013
Posts: 3
I have installed both Apache(v2.2.17) and Tomcat(v6.0.37) in my system.
Apache is using port 80 and Tomcat 8080. I didnt change the default port settings.

Then I tried integrating both Apache and Tomcat using mod_jk(v1.2.31) connector.

Steps I followed:

1. Downloaded mod_jk binary file from Internet and placed inside C:\Apache2217\modules
2. Created file inside directory C:\Apache2217\conf with the following content:
3. Added following lines in C:\Apache2217\conf\httpd.conf file for Apache
<IfModule !mod_jk.c>
LoadModule jk_module modules/
# tells Apache to load the mod_jk module

<IfModule !mod_jk.c>
LoadModule jk_module modules/
# tells Apache to load the mod_jk module
JkWorkersFile "conf/"
#tells the location of properties file
JkLogFile "logs/mod_jk.log"
JkLogLevel error
JkMount /jsp-examples ajp13
JkMount /jsp-examples/* ajp13
JkMount /Application ajp13
JkMount /Application/* ajp13
4. Added the following lines in C:\apache-tomcat-6.0.37\conf\server.xml file for Tomcat
<Listener className="org.apache.jk.config.ApacheConfig" modJk="C:/Apache2217/modules/" />
<Listener className="org.apache.jk.config.ApacheConfig" append="true" forwardAll="false" modJk="C:/Apache2217/modules/" />

Placed an application(sample.war) file inside C:\apache-tomcat-6.0.37\webapps. sample is a vulnerable app developed using JSP and Servlets.
I started Tomcat first and then Apache services using services.msc.
Able to access the application using http://localhost:8080/sample and it is working fine.

My doubt is I have integrated Apache and Tomcat, but why am I not able to access the application on port 80 using http://localhost:80/sample.
Note: I went for Tomcat because Apache only supports static pages written using html, php etc., but the vulnerable app I had is a dynamic one.
I configured Mod Security on Apache and I am afraid it won’t log the Tomcat traffic.
I refered link: for the above procedure.

Please help me in resolving this issue.
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 17018

These days I use mod_proxy instead of mod_jk, so my expertise is a bit rusty. But you cannot expect a URL such as http://localhost:80/sample to automatically route to Tomcat. After all, one of Apache's great strengths is its ability to serve content generated by a large variety of providers.

In short, you need a JkMount for /sample in order to get that URL routed to Tomcat.

Customer surveys are for companies who didn't pay proper attention to begin with.
john menoor

Joined: Jul 04, 2013
Posts: 3
Able to integrate Apache and Tomcat.
Mod security hosted on Apache scans the Tomcat traffic.
I didnt change the Tomcat default port.

Deployed a WAR file in Tomcat webapps directory and accessed it using 80 port.

Followed steps given in

It worked Succesfully!!!

Thanks All.
I agree. Here's the link:
subject: Apache and Tomcat integration - Mod Security
It's not a secret anymore!