Lashana Corsaut

I was wrong. The AJP setting for JBoss EAP 6.4 (JBossWeb 7.x) is correct as you state.

Originally I set my jBoss and Apache as this article describes and I could not get Apache to connect to jBoss using mod_jk. I was getting a can't login message not a 403 message. On investigating I found the jBoss AJP config page and changed my config to be as in my earlier comment.

My app, Apache and jBoss were working as expected.

After your email that you were going to Evalutate it more I decide to do more evaluating as well. I used a python script to test AJP on the "fixed" server and found that AJP was still vulnerable.

I went back to the configuration you have on this page and started more testing. In your doc you state "Note that YOUR_AJP_SECRET must be changed to a value that is highly secure and cannot be easily guessed."

So I went with a complex password of Uppercase, Lowercase, Numbers and Specials. After many iteration I've come to the conclusion that my password was to secure.

I am not sure if it is a bug in mod_jk or AJP but if you have a password that has # or % in it the auth fails with a failed login message. A simple example is below.

If you have an uncooked cake , you might be wondering cake not cooked in middle can I put it back in? Using tin foil allows you to put the cake

• Aberdeen Maritime Museum. 1,858. Speciality Museums.
• Footdee (Fittie) 1,078. Neighborhoods.
• Duthie Park Winter Gardens. 1,046. Parks • Gardens.
• Slains Castle. 347. Castles.
• The Gordon Highlanders Museum. 735. Speciality Museums.
• Johnston Gardens. 316. Parks • Gardens.
• The Tolbooth Museum. 345.
• Duthie Park. 558.