最近發現tomcat總是莫名崩潰,查看日志發現
catalina.out
Jan 26, 2016 5:06:47 PM org.apache.coyote.ajp.AjpMessage processHeader SEVERE: Invalid message received with signature 18245 Jan 26, 2016 5:06:48 PM org.apache.coyote.ajp.AjpMessage processHeader SEVERE: Invalid message received with signature 5635 Jan 26, 2020 5:06:48 PM org.apache.coyote.ajp.AjpMessage processHeader SEVERE: Invalid message received with signature 18245 Jan 26, 2020 5:06:48 PM org.apache.coyote.ajp.AjpMessage processHeader SEVERE: Invalid message received with signature 3338 Jan 26, 2020 5:06:48 PM org.apache.coyote.ajp.AjpMessage processHeader SEVERE: Invalid message received with signature 20304 Jan 26, 2020 5:06:48 PM org.apache.coyote.ajp.AjpMessage processHeader SEVERE: Invalid message received with signature 20304 Jan 26, 2020 5:06:48 PM org.apache.coyote.ajp.AjpMessage processHeader SEVERE: Invalid message received with signature 32768 Jan 26, 2020 5:06:48 PM org.apache.coyote.ajp.AjpMessage processHeader SEVERE: Invalid message received with signature 30
這是server.xml中的內容:
<Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" /> <!-- Define an AJP 1.3 Connector on port 8009 --> <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
那么根據The AJP Connector中的介紹說明(注意address部分),如果沒有指定IP地址的話,默認是綁定任意地址,這樣就導致外網也可以訪問這個端口。因此出於安全考慮,我們需要增加這個address的設置,並且綁定到127.0.0.1。最終結果如下
改正后server.xml如下:
<Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" /> <!-- Define an AJP 1.3 Connector on port 8009 --> <Connector port="8009" protocol="AJP/1.3" address="127.0.0.1" redirectPort="8443" />
在配置時沒有指定address="127.0.0.1",導致外網也可以訪問這個端口;