Apache JServ protocol service
Description
The Apache JServ Protocol (AJP) is a binary protocol used to forward requests from a web server (such as Apache HTTP Server) to an application server (such as Apache Tomcat). This service has been detected as publicly accessible. When exposed to the internet without proper access controls, AJP can be exploited by attackers to bypass security restrictions, access internal resources, or perform unauthorized actions on the application server.
Remediation
Restrict access to the AJP service to trusted networks only. Implement the following security measures:
1. Configure firewall rules to block external access to the AJP port (typically TCP 8009) and allow connections only from authorized web server IP addresses.
2. In Apache Tomcat's server.xml, bind the AJP connector to localhost or a specific internal IP address:
<Connector protocol="AJP/1.3"
address="127.0.0.1"
port="8009"
secretRequired="true"
secret="your-secure-secret-here" />3. Enable the 'secretRequired' attribute and configure a strong shared secret between the web server and application server to authenticate AJP connections.
4. If AJP is not required, disable the connector entirely by removing or commenting out the AJP Connector element in server.xml.
5. Regularly review and audit network access controls to ensure the AJP service remains protected from unauthorized access.