Springboot disable Apache Jserv Protocol (AJP) through application.properties

Asked Mar 04 '20 at 03:39

Active Mar 04 '20 at 03:39

Viewed 918 times

Recently there has been an exploit on Apache Jserv Protocol (AJP) for webapps running in Tomcat.

The quickest way to mitigate that risk is to disable that protocol if not in use. I would like to know how to disable Apache Jserv Protocol (AJP) on Springboot web application through application.properties or any other configurable method. I've looked for it on Springboot documention and other sources but could not find how to do it.

Thanks!

asked Mar 04 '20 at 03:39

limar

are you actually using it? If you don't, Spring Boot does not create an AJP connector out the box - you can find more here: https://stackoverflow.com/a/61408354/2004186 – Krzysztof Skrzynecki Apr 29 '20 at 07:42
1

Oh I see. Yeah some apps are using and some are not. For the apps that are using, it has been taken care of by our port and IP inbound and outbound rules. Thanks! – limar Jun 30 '20 at 06:26

Springboot disable Apache Jserv Protocol (AJP) through application.properties

0 Answers0