Portal Home > Knowledgebase > Articles Database > Apache and Tomcat integration - Mod Security
Apache and Tomcat integration - Mod Security
| Posted by Securitytest, 07-04-2013, 04:02 AM |
| Please clarify my doubts:
i)How to verify that Apache and Tomcat are integrated?
ii)Is it possible to access the website(Eg: sample) which is hosted on Tomcat server(war file placed inside /webapps) by giving http://localhost:80/sample
iii)Also, Will Mod Security installed on Apache monitor the application hosted using Tomcat?
|
| Posted by supportoperator, 07-04-2013, 11:42 AM |
| Hello
1) You can verify it by telnet to port 80 or whatever port apache/tomcat is running on. If you get a handshake and prompt, then it's Integrated and running .
2) Yes it is possible to access the website Eg: sample which is hosted on Tomcat server war file placed inside /webapps by localhost :80/sample
3) Mod Security moniters the complete server for any type of Suspecious activity .
|
| Posted by BestServerSupport, 07-04-2013, 12:08 PM |
| 1. If you have set Tomcat connector port as 8080 then you can test using http://localhost:8080
2. Yes possible.
3. Yes
|
| Posted by Securitytest, 07-05-2013, 06:10 AM |
| I have installed both Apache(v2.2.17) and Tomcat(v6.0.37) in my system.
Apache is using port 80 and Tomcat 8080. I didnt change the default port settings.
Then I tried integrating both Apache and Tomcat using mod_jk(v1.2.31) connector.
Steps I followed:
1. Downloaded mod_jk binary file from Internet and placed inside C:\Apache2217\modules
2. Created workers.properties file inside directory C:\Apache2217\conf with the following content:
worker.list=ajp13
worker.ajp13.port=8009
worker.ajp13.host=localhost
worker.ajp13.type=ajp13
3. Added following lines in C:\Apache2217\conf\httpd.conf file for Apache
LoadModule jk_module modules/mod_jk.so
# tells Apache to load the mod_jk module
LoadModule jk_module modules/mod_jk.so
# tells Apache to load the mod_jk module
JkWorkersFile "conf/workers.properties"
#tells the location of properties file
JkLogFile "logs/mod_jk.log"
JkLogLevel error
JkMount /jsp-examples ajp13
JkMount /jsp-examples/* ajp13
JkMount /Application ajp13
JkMount /Application/* ajp13
4. Added the following lines in C:\apache-tomcat-6.0.37\conf\server.xml file for Tomcat
Placed an application(sample.war) file inside C:\apache-tomcat-6.0.37\webapps. sample is a vulnerable app developed using JSP and Servlets.
I started Tomcat first and then Apache services using services.msc.
Able to access the application using http://localhost:8080/sample and it is working fine.
My doubt is I have integrated Apache and Tomcat, but why am I not able to access the application on port 80 using http://localhost:80/sample.
Note: I went for Tomcat because Apache only supports static pages written using html, php etc., but the vulnerable app I had is a dynamic one.
I configured Mod Security on Apache and I am afraid it won’t log the Tomcat traffic.
I refered link: http://palpapers.plynt.com/issues/20...t-into-waf-p1/ for the above procedure.
Please help me in resolving this issue.
Last edited by Securitytest; 07-05-2013 at 06:15 AM.
|
| Posted by supportoperator, 07-05-2013, 08:55 AM |
| You can change the Port of Tomcat to 80 by editing this file
C:\Tomcat 6.0\conf\server.xml
Change the port=8080 value to port=80
save it & restart .
Then your tomcat will also open from 80 port .
|
| Posted by Securitytest, 07-11-2013, 02:17 AM |
| Able to integrate Apache and Tomcat.
Mod security hosted on Apache scans the Tomcat traffic.
I didnt change the Tomcat default port.
Deployed a WAR file in Tomcat webapps directory and accessed it using 80 port.
Followed steps given in http://www.avajava.com/tutorials/les...le.html?page=1
It worked Succesfully!!!!
Thanks All.
|
| Posted by javelinx, 07-12-2013, 03:56 PM |
| modify the server.xml file in your Tomcat directory to change the port to 80
|
Add to Favourites 
Print this Article
Also Read
