Configure Lucee 5.3 and mod_jk Web Connector

Hello,

We are attempting to upgrade from Lucee 5.2.9.31 to 5.3.4.80 and would prefer to use the mod_jk web connector to allow for load balancing and better performance. After the upgrade, we receive an http 403 error upon loading the application. I noticed that Oracle Java was swapped for OpenJDK and Tomcat was updated to version 9. Also, further research has revealed that mod_jk has not been officially tested on Tomcat 9. Does anyone have experience configuring mod_jk in a similar environment?

OS: 3.10.0-957.10.1.el7.x86_64
Java Version: 11.0.6+10
Tomcat Version: Tomcat/9.0.31
Lucee Version: 5.3.4.80
Apache Version: Apache/2.4.34
mod_jk Version: 1.2.46

Thank you,
Kellen Reason

We resolved the issues, which were caused by Tomcat updates. This might be of interest to other Lucee users:

  • A secret has to be provided in the mod_jk workers file and the Tomcat AJP 8009 connector, or secretRequired=“false” should be used in the Tomcat connector.

  • When environment variables are passed with JkEnvVar, the attribute allowedRequestAttributesPattern=".*" should be added to the Tomcat 8009 connector.

2 Likes

Thank you for reporting back on this. That was very cool of you. I have experience with mod_jk but I admit I haven’t used it in many years. The required secret is brand new due to the Ghostcat security issue.