AJP is a protocol that Tomcat uses to effectively proxy itself through Apache HTTPD. However, AJP has recently come under attack by hackers via the Ghostcat vulnerability. Tomcat 7.x and above have gotten fixes for Ghostcat. Installing the latest version of Tomcat is highly recommended. To further mitigate attacks, QSI also advises that AJP be bound to localhost. Here is how to do so: Stop TEAMS-RDS Services Windows: Start -> Programs -> TEAMS-RDS -> Stop TEAMS-RDS Services Linux: Stop Tomcat service i.e. systemctl stop tomcat Open Tomcat server configuration file Windows: %RDS_BASE%\jakarta-tomcat\conf\server.xml Linux: $TOMCAT_HOME/conf/server.xml Bind AJP to localhost Windows: Update line <Connector port="8319″ protocol="AJP/1.3″ URIEncoding="UTF-8″/> to <Connector port="8319″ address="127.0.0.1″ protocol="AJP/1.3″ URIEncoding="UTF-8″/> Linux: Add attribute 'address' with value '127.0.0.1' to <Connector> element with attribute 'protocol' value of 'AJP/1.3' Start TEAMS-RDS Services Windows: Start -> Programs -> TEAMS-RDS -> Start TEAMS-RDS Services Linux: Start Tomcat service i.e. systemctl start tomcat
