Change the default bind address for AJP to the loopback address

apache · Feb 4, 2020 · 0e8a50f · 0e8a50f
1 parent 4c933d8
commit 0e8a50f
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 4 deletions.
diff --git a/java/org/apache/coyote/ajp/AbstractAjpProtocol.java b/java/org/apache/coyote/ajp/AbstractAjpProtocol.java
@@ -16,6 +16,8 @@
  */
 package org.apache.coyote.ajp;
 
+import java.net.InetAddress;
+
 import org.apache.coyote.AbstractProtocol;
 import org.apache.coyote.Processor;
 import org.apache.coyote.UpgradeProtocol;
@@ -46,6 +48,8 @@ public AbstractAjpProtocol(AbstractEndpoint<S,?> endpoint) {
         setConnectionTimeout(Constants.DEFAULT_CONNECTION_TIMEOUT);
         // AJP does not use Send File
         getEndpoint().setUseSendfile(false);
+        // AJP listens on loopback by default
+        getEndpoint().setAddress(InetAddress.getLoopbackAddress());
         ConnectionHandler<S> cHandler = new ConnectionHandler<>(this);
         setHandler(cHandler);
         getEndpoint().setHandler(cHandler);

diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
@@ -178,6 +178,10 @@
         Disable (comment out in server.xml) the AJP/1.3 connector by default.
         (markt)
       </update>
+      <update>
+        Change the default bind address for the AJP/1.3 connector to be the
+        loopback address. (markt)
+      </update>
     </changelog>
   </subsection>
   <subsection name="Jasper">

diff --git a/webapps/docs/config/ajp.xml b/webapps/docs/config/ajp.xml
@@ -308,10 +308,7 @@
     <attribute name="address" required="false">
       <p>For servers with more than one IP address, this attribute
       specifies which address will be used for listening on the specified
-      port.  By default, this port will be used on all IP addresses
-      associated with the server. A value of <code>127.0.0.1</code>
-      indicates that the Connector will only listen on the loopback
-      interface.</p>
+      port. By default, the loopback address will be used.</p>
     </attribute>
 
     <attribute name="bindOnInit" required="false">