How to test ajp?

I was wrong. The AJP setting for JBoss EAP 6.4 (JBossWeb 7.x) is correct as you state.

Originally I set my jBoss and Apache as this article describes and I could not get Apache to connect to jBoss using mod_jk. I was getting a can't login message not a 403 message. On investigating I found the jBoss AJP config page and changed my config to be as in my earlier comment.

My app, Apache and jBoss were working as expected.

After your email that you were going to Evalutate it more I decide to do more evaluating as well. I used a python script to test AJP on the "fixed" server and found that AJP was still vulnerable.

I went back to the configuration you have on this page and started more testing. In your doc you state "Note that YOUR_AJP_SECRET must be changed to a value that is highly secure and cannot be easily guessed."

So I went with a complex password of Uppercase, Lowercase, Numbers and Specials. After many iteration I've come to the conclusion that my password was to secure.

I am not sure if it is a bug in mod_jk or AJP but if you have a password that has # or % in it the auth fails with a failed login message. A simple example is below.

In my virtual host file I have this configuration (snippet in ):

I should add that the ajp13_worker_prod worker points to a service in a Tomcat 9 instance, the ajp13_worker_tomcat10_prod worker to a Tomcat 10 instance. But this works very fine for a different virtual host (which is effectively the test system).

Everything works fine until I change the lines

to

The services in Tomcat are working fine, I can reach them via curl http://localhost:6085/. So the ports are open for usage from localhost.

But I cannot reach them from outside, via Apache. Here I am getting a 500 with The server encountered an internal error or misconfiguration and was unable to complete your request.

I scanned all possible error log files, but I cannot see problem, especially not in the Apache logs.

It looks like this in server.xml: . The HTTP connector works, but maybe not this one? There is a problem between Apache (the ajp worker) and Tomcat, but just firing request against Apache does not help yet.

• Open the Tomcat server. xml file in a text editor: .
• Search for the string 8009 to locate the following line in the server.xml file: .
• Update the line with these new attributes (highlighted): .
• Save the file.
• Restart the Apache Tomcat service.

Table of Contents:

By using Apache JMeter™, you can simulate AJP requests with a sampler that can send these requests and gets responses - the AJP/1.3 Sampler. You can also use this JMeter sampler to load test the WildFly, Jetty and GlassFish servlet containers, which also use AJP. This blog post will teach you how to load test Tomcat.

Requests are processed roughly in the following way:

Here is a basic diagram of connections between the Client, front-end Apache Web Server and Tomcat Application Servers:

For architectures like this, the JMeter AJP/1.3 Sampler enables testing each AJP connection in your system, by sending AJP requests to any application server, and finding bottlenecks.

There are three versions of an AJP - 1.2 (deprecated), 1.3 and 1.4 (experimental). JMeter’s AJP/1.3 Sampler supports the 1.3 version.

Now let’s learn how to use it.

The AJP/1.3 Sampler translates the HTTP request set in this component to an AJP request. As you can see, it has a similar GUI to the HTTP Sampler.

There is only one limitation for the AJP Sampler - the current implementation doesn’t support uploading multiple files in one request. Only the first file will be uploaded. You can use multiple AJP Samplers to upload multiple files.

Now let’s see how the AJP Sampler works in a JMeter script. First, we’ll launch a Tomcat instance on our local machine and configure it to send POST Requests. A Tomcat9 distribution come with some servlet examples, that can be used to check AJP requests.

Our testing scenario is:

1. To launch a Tomcat instance on your server, you have to have a Java Runtime Environment installed and configured (JRE_HOME environment variable set). You also need to set the CATALINA_HOME environment variable to a root folder of downloaded Tomcat, and add a %CATALINA_HOME%\bin value to the list of PATH environment variables.

2. After all the preparations are done, execute a “catalina run” command in the command line. Your Tomcat web-interface can now be accessed by localhost:8080 URL.

3. You can check the example apps through the the “Examples” link under “Developer Quick Start”:

4. Let’s test the servlet example “Request Parameters”:

5. In this example we can execute a POST request to set “firstname” and “lastname” fields.

6. Let’s manually enter some values and see the response.

7. Press the ‘Submit’ button.

The entered values are assigned to the “firstname” and “lastname” fields.

Now, we will try to reproduce this request by using the AJP Sampler.

In the previous section we saw that this servlet accepts two parameters and then returns them in the response. Now let’s use the AJP Sampler to send the AJP POST request with some parameters to our server via JMeter and check that we get the same parameters in the response.

1. Open JMeter and add a Thread Group to your Test Plan.

Right Click->Add->Threads (Users)->Thread Group

2. Add an AJP Sampler to your Thread Group.

Right Click->Add->Sampler->AJP/1.3 Sampler

3. Configure the AJP Sampler exactly as you would configure an HTTP Sampler.

Our finished sampler will look like this:

4. Add a View Results Tree Listener.

Right Click->Add->Listener->View Results Tree

5. Now we can execute our script and see the results in the listener.

Here we can see our sampler successfully sent the AJP request to our server with the specified parameters. We see that our parameters are listed under “Parameters in this request” section - this means our server successfully got our request.

Congratulations! You now know how to load test AJP and Tomcat servers. To run your test in an even easier manner, upload your script to BlazeMeter and run it smoothly in the cloud. You will get scalability, collaboration options and advanced reporting.

START TESTING NOW

I think you should create a new TCP test using the ping command from the AJP specification. You would transmit and expect the following hexadecimal-formatted data:

Transmit (AJP ping): \x12\x34\x00\x01\x0A

Expected response (AJP pong): \x41\x42\x00\x01\x09