background preloader


Facebook Twitter

Apache: Instructions for OCSP Stapling. For more information about the Online Certificate Status Protocol (OCSP) and the benefits of OCSP stapling, see Enable OCSP Stapling on Your Server.

Apache: Instructions for OCSP Stapling

Apache: How to Enable OCSP Stapling These instructions were created using Apache 2.4.7. Depending on which version of Apache you are using, you may need to modify these instructions accordingly. Check your version of Apache Apache supports OCSP stapling in Apache HTTPD Server 2.3.3+. To see which version of Apache you are running, use one of the following commands: apache2 -v httpd -v Check if OCSP stapling is enabled. Check using OpenSSL Enter the following command: openssl.exe s_client -connect []:443 -status If OCSP stapling is enabled, in your response, in the OCSP Response Data section, it should say the following: OCSP Response Status: successful (0x0) Bug 42090 – tcnative badly handles some OpenSSL disconnections. Ubuntu: Installing Apache Portable Runtime (APR) for Tomcat. From the Mule’s Mouth » Blog Archive » Tcat Server Restarts Extend, Improve, and Automate Stock Tomcat Restarts. You wouldn’t necessarily be very excited about reliable, graceful app server restarts — unless you go to restart your server and it doesn’t restart, or unless the restart script corrupted your webapp data.

From the Mule’s Mouth » Blog Archive » Tcat Server Restarts Extend, Improve, and Automate Stock Tomcat Restarts

There are times when a reasonably fast, fully reliable restart is a very important feature. Some examples: You found that your webapp has a new memory leak, and you just fixed it in development, just finished testing it, and you’re about to deploy the fixed version. But, first, you want to undeploy and restart the server to be completely sure the memory leak code is gone. While you’re doing this, your server is offline, and you want to get it serving again as soon as possible, so you run the restart command.. but it doesn’t stop. Seven Security (Mis)Configurations in Java web.xml Files. There are a lot of articles about configuring authentication and authorization in Java web.xml files.

Seven Security (Mis)Configurations in Java web.xml Files

Instead of rehashing how to configure roles, protect web resources, and set up different types of authentication let's look at some of the most common security misconfigurations in Java web.xml files. By default Java web applications display detailed error messages that disclose the server version and detailed stack trace information that can, in some situations, wind up displaying snippets of Java code. This information is a boon to hackers who are looking for as much information about their victims as possible. Technology, life, fun: Running Tomcat on port 80 in a user account. UrlRewriteFilter - Rewrite URL's in Java Web Application Servers. A Java Web Filter for any compliant web application servers (such as Tomcat, JBoss, Jetty or Resin), which allows you to rewrite URLs before they get to your code.

UrlRewriteFilter - Rewrite URL's in Java Web Application Servers

It is a very powerful tool just like Apache's mod_rewrite. Install <dependency><groupId>org.tuckey</groupId><artifactId>urlrewritefilter</artifactId><version>4.0.3</version></dependency> To WEB-INF/web.xml add (near the top above any servlet mappings): (see filter parameters for more options) Java and Tomcat on Mac OS X, Part I. In Defense of Tomcat. A Tomcat Monitoring App for the iPhone? - I don't know why, but when I saw the original report about this little app on the newswire, I thought it was a joke.

A Tomcat Monitoring App for the iPhone? -

I was expecting the punch-line to be something like "and it is written entirely in Flash. " But it's not a joke. It's a neat little application written by those 'soft mules' at mulesoft. Checking it out at the iPhone store, it looks straight forward enough; you simply connect to your tomcat servers, provide your credentials, and then you can get updates as to whether your Tomcat server is up or down. It's a free app right now, and it's got two great reviews, although, seeing that it was just released today, I'm assuming the two reviews just might come from some biased individuals.

Here's a link to it at the Apple store: Now, be warned. Initial question? The First Tomcat Management App for the iPhone. A Session Manager for Clustering Cloud-friendly Sessions on Tomc. Cloud architectures are different.

A Session Manager for Clustering Cloud-friendly Sessions on Tomc

They are designed to scale up and down quickly to make the most efficient use of the resources and minimize the cost. User experience is no less important in the cloud as well. User sessions should be seamless and often times dictate application architects to build applications with sticky sessions. Yet, these sessions can make your cloud architecture "lumpy" and concentrate active sessions on a single machine which may take time to eventually pull out of service. To build a truly flexible cloud architecture, it is much better to employ a session manager to maintain the user experience and still achieve the flexibility that is so attractive of cloud deployments. After exhausting existing tools on the market today Jon Brisbin, Java guru at NPC International, the world's largest Pizza Hut franchise, has dealt with this in his own way with his company's cloud infrastructure.

In the article, Brisbin describes his requirements: