DOC HOME SITE MAP MAN PAGES GNU INFO SEARCH PRINT BOOK
 
Apache TomcatApache Logo

The Apache Tomcat Connector - Reference Guide

Configuring IIS

Requirements

The Tomcat redirector requires three entities:

  • isapi_redirect.dll - The IIS server plugin, either obtain a pre-built DLL or build it yourself (see the build section).
  • workers.properties - A file that describes the host(s) and port(s) used by the workers (Tomcat processes). A sample workers.properties can be found under the conf directory.
  • uriworkermap.properties - A file that maps URL-Path patterns to workers. A sample uriworkermap.properties can be found under the conf directory as well.

The installation includes the following parts:

  • Configuring the ISAPI redirector with a default /examples context and checking that you can serve servlets with IIS.
  • Adding more contexts to the configuration.

Registry settings

ISAPI redirector reads configuration from the registry, create a new registry key named :

"HKEY_LOCAL_MACHINE\SOFTWARE\Apache Software Foundation\Jakarta Isapi Redirector\1.0"

Key NameDescription
extension_uri

A string value pointing to the ISAPI extension /jakarta/isapi_redirect.dll

log_file

A value pointing to location where log file will be created. (for example c:\tomcat\logs\isapi.log)

log_level

A string value for log level (can be debug, info, warn, error or trace).

worker_file

A string value which is the full path to workers.properties file (for example c:\tomcat\conf\workers.properties)

worker_mount_file

A string value which is the full path to uriworkermap.properties file (for example c:\tomcat\conf\uriworkermap.properties)

rewrite_rule_file

A string value which is the full path to rewrite.properties file (for example c:\tomcat\conf\rewrite.properties)

shm_size

A DWORD value size of the shared memory. Set this value to be the number of all defined workers * 400. (Set this value only if you have more then 64 workers)

This directive has been added in version 1.2.20

worker_mount_reload

A DWORD value specifying the time in seconds upon which the worker_mount_file will be reloaded.

This directive has been added in version 1.2.20

strip_session

A string value representing a boolean. If it is set to true, URL session suffixes of the form ";jsessionid=..." get stripped of URLs, even if the are served locally by the web server.

A true value can be represented by the string "1" or any string starting with the letters "T" or "t". A false value will be assumed for "0" or any string starting with "F" or "f". The default value is false.

This directive has been added in version 1.2.21

auth_complete

A DWORD value representing "0" or "1". This is needed because of minor incompatibilities with IIS 5.1.

By default its value is 1, which means we use the SF_NOTIFY_AUTH_COMPLETE event. If you set this to 0, then we use SF_NOTIFY_PREPROC_HEADERS. This might be needed for IIS 5.1 when handling requests using the PUT HTTP method.

This directive has been added in version 1.2.21

uri_select

A string value which influences, how URIs are decoded and reencoded between IIS and Tomcat. You should leave this at it's default value, unless you have a very good reason to change it.

If the value is "parsed", the forwarded URI will be decoded and explicit path components like ".." will already be resolved. This is less spec compliant and is not safe if you are using prefix forwarding rules.

If the value is "unparsed", the forwarded URI will be the original request URI. It's spec compliant and also the safest option. Rewriting the URI and then forwarding the rewritten URI will not work.

If the value is "escaped", the forwarded URI will be the reencoded form of the URI used by "parsed". Explicit path components like ".." will already be resolved. This will not work in combination with URL encoded session IDs.

If the value is "proxy", the forwarded URI will be a partially reencoded form of the URI used by "parsed". Explicit path components like ".." will already be resolved. and problematic are reencoded.

The default value since version 1.2.24 is "proxy". Before it was "parsed".

reject_unsafe

A string value representing a boolean. If it is set to true, URLs containing percent signs '%' or backslashes '\' after decoding will be rejected.

Most web apps do not use such URLs. By enabling "reject_unsafe" you can block several well known URL encoding attacks.

A true value can be represented by the string "1" or any string starting with the letters "T" or "t". A false value will be assumed for "0" or any string starting with "F" or "f". The default value is false.

This directive has been added in version 1.2.24

Using a properties file for configuration

The ISAPI redirector can read it's configuration from a properties file instead of the registry. This has the advantage that you can use multiple ISAPI redirectors with independant configurations on the same server. The redirector will check for the properties file during initialisation, and use it in preference to the registry if present.

Create a properties file in the same directory as the ISAPI redirector called isapi_redirect.properties i.e. with the same name as the ISAPI redirector DLL but with a .properties extension. A sample isapi_redirect.properties can be found under the conf directory.

The property names and values in the properties file are the same as for the registry settings described above. For example: 

# Configuration file for the Jakarta ISAPI Redirector

# The path to the ISAPI Redirector Extension, relative to the website
# This must be in a virtual directory with execute privileges
extension_uri=/jakarta/isapi_redirect.dll

# Full path to the log file for the ISAPI Redirector
log_file=c:\tomcat\logs\isapi_redirect.log

# Log level (debug, info, warn, error or trace)
log_level=info

# Full path to the workers.properties file
worker_file=c:\tomcat\conf\workers.properties

# Full path to the uriworkermap.properties file
worker_mount_file=c:\tomcat\conf\uriworkermap.properties

Notes:

  • Back-slashes - '\' - are not escape characters.
  • Comment lines begin with '#'.

Using a simple rewrite rules

The ISAPI redirector with version 1.2.16 can do a simple URL rewriting. Althought not as powerfull as Apache Httpd's mod_rewrite, it allows a simple exchange of request uris

The rule is in the form rewritten=real-url.

The rules must be simple strings. For example: 

# Simple rewrite rules

/jsp/=/jsp-examples/
/servlets/=/servlets-examples/

Note that the uriworkermap or mount point must point to that new rule.

Copyright © 1999-2005, Apache Software Foundation