Getting error 403 with Tomcat 7.0.100 and Apache server 2.4 when using "secret" with AJP
I had the same issue.
I had to add allowedRequestAttributesPattern=".*"
to the connector
So in your case
<Connector port="8309" protocol="AJP/1.3" redirectPort="8443" secretRequired="true" secret="123456" address="192.168.181.240" allowedRequestAttributesPattern=".*" />
This is a new attribute which has been added with Tomcat 7.0.100.
Add a new attribute, allowedRequestAttributesPattern to the AJP/1.3 Connector. Requests with unrecognised attributes will be blocked with a 403. (markt)
Although I haven't figured out what attribute we are sending. But if the setting works for you with a wildcard, you are probably sending attributes as part of your AJP request which are not recognized.
I had the same issue. The trick was to set a password. So the following solved the issue for us:
server.xml:
<Connector port="8109" protocol="AJP/1.3" redirectPort="8443" secret="verysecure" secretRequired="true"/>
worker.properties:
worker.tomcat-06.secret=verysecure