Getting error 403 with Tomcat 7.0.100 and Apache server 2.4 when using "secret" with AJP

I had the same issue.

I had to add allowedRequestAttributesPattern=".*" to the connector

So in your case

<Connector port="8309" protocol="AJP/1.3" redirectPort="8443" secretRequired="true" secret="123456" address="192.168.181.240" allowedRequestAttributesPattern=".*" />

This is a new attribute which has been added with Tomcat 7.0.100.

Add a new attribute, allowedRequestAttributesPattern to the AJP/1.3 Connector. Requests with unrecognised attributes will be blocked with a 403. (markt)

Although I haven't figured out what attribute we are sending. But if the setting works for you with a wildcard, you are probably sending attributes as part of your AJP request which are not recognized.


I had the same issue. The trick was to set a password. So the following solved the issue for us:

server.xml:

<Connector port="8109" protocol="AJP/1.3" redirectPort="8443" secret="verysecure" secretRequired="true"/>

worker.properties:

worker.tomcat-06.secret=verysecure