[thelist] Problems with IIS5/Tomcat3.3/AJP13

Roger Ly evolt at matchpenalty.com
Thu Oct 12 15:55:26 CDT 2006

Hey all,

I'm running into a problem trying to add a second website in IIS that is
attached to a single instance of Tomcat running on the same server.
Currently, we have Tomcat 3.3 running on Windows 2000 and IIS5.  There is
already a website running on there with the isapi_connector ISAPI filter
which proxies requests coming into IIS at port 80 (and 443 for SSL) to
Tomcat running AJP13 at port 8009.  It seems to work fine for what we
wanted, if a specific request came in for a specific extension, the proxy
would send it to Tomcat and get a response and pipe it back out to the

So, the time has come where we need a separate website on the same server,
which receives specific traffic on a different domain name.  That website
should still talk to the same instance of Tomcat.  Because we need to
support SSL on that new domain, and because forwarding SSL requests in IIS
doesn't work by distinguishing host headers from the browser, we have set up
some port forwarding rules on our internal load balancing machines so that
requests at ports 80, 443 for www.mycooldomain.com get traffic sent to
MyMachine, ports 81, 444.  The secondary website is running on ports 81 and
444, and there is a separate isapi_connector filter running on that server,
configured to hit the original Tomcat instance.

With me so far?  OK, well, that doesn't seem to work for me.  And I think it
is because the requests coming into to the isapi_connector filter are being
treated as if they are coming in at www.mycooldomain.com:81 (as opposed to

I am still a bit uncertain how AJP13 works.  I've found documentation on the
protocol itself, and how messages being sent back and forth to Tomcat should
be formatted, but I can't find out any information as to why things would
break when using a website listening on port 81.  Is there something else
happening with this proxy besides back-and-forth communication on the AJP13
port 8009?  Does Tomcat need to communicate back to IIS directly at port 81?
It doesn't seem to make much sense to me.  The messages sent to Tomcat do
include segments which represent the "remote server" and "remote port", and
those values are being sent as www.mycooldomain and "81" respectively.

I have gotten things to work by taking the code for isapi_connector.dll and
in one place in the code, when formatting the message being sent to Tomcat,
to hard-code that remote port to be 80.  But, I am afraid that while that
change works for both instances of the websites, running at 80 and 81, it is
doing something bad that I don't know about.

Has anyone had any experience with something like this?  Does someone have
the time to explain what is really happening in AJP13 (or point me to some
documentation other than the protocol specification)?

This has been driving me nuts for the past two weeks, and if this tests out,
I can go with what I have, but I'd like to be able to explain why this won't
break things for the secondary web site.



More information about the thelist mailing list