| <?xml version="1.0"?> |
| <document> |
| <copyright> |
| Copyright 1999-2004 The Apache Software Foundation |
| |
| Licensed under the Apache License, Version 2.0 (the "License"); |
| you may not use this file except in compliance with the License. |
| You may obtain a copy of the License at |
| |
| http://www.apache.org/licenses/LICENSE-2.0 |
| |
| Unless required by applicable law or agreed to in writing, software |
| distributed under the License is distributed on an "AS IS" BASIS, |
| WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| See the License for the specific language governing permissions and |
| limitations under the License. |
| </copyright> |
| <properties> |
| <title>AJPv13 extensions Proposal</title> |
| <author email="hgomez@apache.org">Henri Gomez</author> |
| <date>$Date: 2002/09/20 21:35:31 $</date> |
| </properties> |
| |
| <section name="Introduction"> |
| <p> |
| This document is a proposal of evolution of the current |
| Apache JServ Protocol version 1.3, also known as ajp13. |
| I'll not cover here the full protocol but only the add-on from ajp13. |
| |
| This nth pass include comments from the tomcat-dev list and |
| misses discovered during developpment. |
| </p> |
| <subsection name="Missing features in AJP13"> |
| <p> |
| ajp13 is a good protocol to link a servlet engine like tomcat to a web server like Apache: |
| |
| <ul> |
| <li> |
| use persistants connections to avoid reconnect time at each request |
| </li> |
| <li> |
| encode many http commands to reduce stream size |
| </li> |
| <li> |
| send to servlet engine many info from web server (like SSL certs) |
| </li> |
| </ul> |
| <p> |
| But ajp13 lacks support for : |
| </p> |
| <ul> |
| <li> |
| security between web server and servlet engine. |
| Anybody can connect to an ajp13 port (no login mecanism used) |
| You could connect, for example with telnet, and keep the remote thread |
| up by not sending any data (no timeout in connection) |
| </li> |
| <li> |
| context information passed from servlet engine to web server. |
| Part of the configuration of JK, the web server connector, is to |
| indicate to the web server which URI to handle. |
| The mod_jk JkMount directive, told to web server which URI must be |
| forwarded to servlet engine. |
| A servlet engine allready knows which URI it handle and TC 3.3 is |
| allready capable to generate a config file for JK from the list |
| of available contexts. |
| </li> |
| <li> |
| state update of contexts from servlet engine to web server. |
| Big site with farm of Tomcat, like ISP and virtuals hosters, |
| may need to stop a context for admin purposes. In that case the front |
| web server must know that the context is currently down, to eventually |
| relay the request to another Tomcat |
| </li> |
| <li> |
| verify state of connection before sending request. |
| Actually JK send the request to the servlet engine and next wait |
| for the answer. But one of the beauty of the socket API, is you that |
| you could write() to a closed connection without any error reporting, |
| but a read() to a closed connection return you the error code. |
| </li> |
| </ul> |
| |
| </p> |
| </subsection> |
| |
| <subsection name="Proposed add-ons to AJP13"> |
| <p> |
| Let's descrive here the features and add-on that could be added to AJP13. |
| Since this document is a proposal, a reasonable level of chaos must be expected at first. |
| Be sure that discussion on tomcat list will help clarify points, add |
| features but the current list seems to be a 'minimun vital' |
| |
| <ul> |
| |
| <li> |
| Advanced login features at connect time |
| </li> |
| |
| <li> |
| Basic authorisation system, where a shared secret key is |
| present in web server and servlet engine. |
| </li> |
| |
| <li> |
| Basic protocol negociation, just to be sure that if functionnalities are added |
| to AJP13 in the future, current implementations will still works. |
| </li> |
| |
| <li> |
| Clean handling of 'Unknown packets' |
| </li> |
| |
| <li> |
| Extended env vars passed from web-server to servlet engine. |
| </li> |
| |
| <li> |
| Add extra SSL informations needed by Servlet 2.3 API (like SSL_KEY_SIZE) |
| </li> |
| |
| </ul> |
| |
| </p> |
| </subsection> |
| |
| <subsection name="Advanced login"> |
| <p> |
| |
| <ol> |
| <li> |
| WEB-SERVER send LOGIN INIT CMD + NEGOCIATION DATA + WEB SERVER INFO |
| </li> |
| <li> |
| TOMCAT respond with LOGIN SEED CMD + RANDOM DATA |
| </li> |
| <li> |
| WEB-SERVER calculted the MD5 of RANDOM DATA+SECRET DATA |
| </li> |
| <li> |
| WEB-SERVER send LOGIN COMP CMD + MD5 (SECRET DATA + RANDOM DATA) |
| </li> |
| <li> |
| TOMCAT respond with LOGIN STATUS CMD + NEGOCIED DATA + SERVLET ENGINE INFO |
| </li> |
| </ol> |
| |
| To prevent DOS attack, the servlet engine will wait |
| the LOGIN CMD only 15/30 seconds and reports the |
| timeout exception for admins investigation. |
| |
| The login command will contains basic protocol |
| negociation information like compressing ability, |
| crypto, context info (at start up), context update at |
| run-time (up/down), level of SSL env vars, AJP protocol |
| level supported (level1/level2/level3...) |
| |
| The Web server info will contain web server info and |
| connector name (ie Apache 1.3.26 + mod_ssl 2.8.8 + mod_jk 1.2.1 + mod_perl 1.25). |
| |
| The servlet engine will mask the negociation mask with it's own |
| mask (what it can do) and return it when loggin is accepted. |
| |
| This will help having a basic AJP13 implementation (level 1) |
| on a web-server working with a more advanced protocol handler on |
| the servlet engine side or vice-versa. |
| |
| AJP13 was designed to be small and fast and so many |
| SSL informations present in the web-server are not |
| forwarded to the servlet engine. |
| |
| We add here four negociations flags to provide more |
| informations on client SSL data (certs), server SSL datas, |
| crypto used, and misc datas (timeout...). |
| </p> |
| </subsection> |
| |
| <subsection name="Messages Stream"> |
| <p> |
| <source> |
| +----------------+------------------+-----------------+ |
| | LOGIN INIT CMD | NEGOCIATION DATA | WEB SERVER INFO | |
| +----------------+------------------+-----------------+ |
| |
| +----------------+----------------+ |
| | LOGIN SEED CMD | MD5 of entropy | |
| +----------------+----------------+ |
| |
| +----------------+----------------------------+ |
| | LOGIN COMP CMD | MD5 of RANDOM + SECRET KEY | |
| +----------------+----------------------------+ |
| |
| +-----------+---------------+---------------------+ |
| | LOGOK CMD | NEGOCIED DATA | SERVLET ENGINE INFO | |
| +-----------+---------------+---------------------+ |
| |
| +------------+--------------+ |
| | LOGNOK CMD | FAILURE CODE | |
| +------------+--------------+ |
| </source> |
| |
| <ul> |
| <li> |
| LOGIN INIT CMD, LOGIN SEED CMD, LOGIN COMP CMD, LOGOK CMD, LOGNOK CMD are 1 byte long. |
| </li> |
| <li> |
| MD5, MD5 of RANDOM + SECRET KEY are 32 chars long. |
| </li> |
| <li> |
| NEGOCIATION DATA, NEGOCIED DATA, FAILURE CODE are 32 bits long. |
| </li> |
| <li> |
| WEB SERVER INFO, SERVLET ENGINE INFO are CString. |
| </li> |
| </ul> |
| |
| The secret key will be set by a new propertie in |
| workers.properties : secretkey |
| <source> |
| worker.ajp13.port=8009 |
| worker.ajp13.host=localhost |
| worker.ajp13.type=ajp13 |
| worker.ajp13.secretkey=myverysecretkey |
| </source> |
| </p> |
| </subsection> |
| |
| <subsection name="Shutdown feature"> |
| <p> |
| AJP13 miss a functionnality of AJP12, which is shutdown command. |
| A logout will tell servlet engine to shutdown itself. |
| <source> |
| +--------------+----------------------------+ |
| | SHUTDOWN CMD | MD5 of RANDOM + SECRET KEY | |
| +--------------+----------------------------+ |
| |
| +------------+ |
| | SHUTOK CMD | |
| +------------+ |
| |
| +-------------+--------------+ |
| | SHUTNOK CMD | FAILURE CODE | |
| +-------------+--------------+ |
| </source> |
| |
| <ul> |
| <li> |
| SHUTDOWN CMD, SHUTOK CMD, SHUTNOK CMD are 1 byte long. |
| </li> |
| <li> |
| MD5 of RANDOM + SECRET KEY are 32 chars long. |
| </li> |
| <li> |
| FAILURE CODE is 32 bits long. |
| </li> |
| </ul> |
| |
| </p> |
| </subsection> |
| |
| <subsection name="Extended Env Vars feature"> |
| <p> |
| NOTA: |
| |
| While working on AJP13 in JK, I really discovered "JkEnvVar". |
| The following "Extended Env Vars feature" description may not |
| be implemented in extended AJP13 since allready available in original |
| implementation. |
| |
| DESC: |
| |
| Many users will want to see some of their web-server env vars |
| passed to their servlet engine. |
| |
| To reduce the network traffic, the web-servlet will send a |
| table to describing the external vars in a shorter fashion. |
| |
| We'll use there a functionnality allready present in AJP13, |
| attributes list : |
| |
| In the AJP13, we've got : |
| |
| <source> |
| AJP13_FORWARD_REQUEST := |
| prefix_code 2 |
| method (byte) |
| protocol (string) |
| req_uri (string) |
| remote_addr (string) |
| remote_host (string) |
| server_name (string) |
| server_port (integer) |
| is_ssl (boolean) |
| num_headers (integer) |
| request_headers *(req_header_name req_header_value) |
| |
| ?context (byte string) |
| ?servlet_path (byte string) |
| ?remote_user (byte string) |
| ?auth_type (byte string) |
| ?query_string (byte string) |
| ?jvm_route (byte string) |
| ?ssl_cert (byte string) |
| ?ssl_cipher (byte string) |
| ?ssl_session (byte string) |
| |
| ?attributes *(attribute_name attribute_value) |
| request_terminator (byte) |
| </source> |
| |
| Using short 'web server attribute name' will reduce the |
| network traffic. |
| |
| <source> |
| +-------------------+---------------------------+-------------------------------+----+ |
| | EXTENDED VARS CMD | WEB SERVER ATTRIBUTE NAME | SERVLET ENGINE ATTRIBUTE NAME | ES | |
| +-------------------+---------------------------+-------------------------------+----+ |
| </source> |
| |
| ie : |
| |
| <source> |
| JkExtVars S1 SSL_CLIENT_V_START javax.servlet.request.ssl_start_cert_date |
| JkExtVars S2 SSL_CLIENT_V_END javax.servlet.request.ssl_end_cert_date |
| JkExtVars S3 SSL_SESSION_ID javax.servlet.request.ssl_session_id |
| |
| |
| +-------------------+----+-------------------------------------------+ |
| | EXTENDED VARS CMD | S1 | javax.servlet.request.ssl_start_cert_date | |
| +-------------------+----+-------------------------------------------+ |
| +----+-----------------------------------------+ |
| | S2 | javax.servlet.request.ssl_end_cert_date | |
| +----+-----------------------------------------+ |
| +----+-----------------------------------------+ |
| | S3 | javax.servlet.request.ssl_end_cert_date | |
| +----+-----------------------------------------+ |
| </source> |
| |
| During transmission in extended AJP13 we'll see attributes name |
| containing S1, S2, S3 and attributes values of |
| 2001/01/03, 2002/01/03, 0123AFE56. |
| |
| This example showed the use of extended SSL vars but |
| any 'personnal' web-server vars like custom authentification |
| vars could be reused in the servlet engine. |
| The cost will be only some more bytes in the AJP traffic. |
| |
| <ul> |
| <li> |
| EXTENDED VARS CMD is 1 byte long. |
| </li> |
| <li> |
| WEB SERVER ATTRIBUTE NAME, SERVLET ENGINE ATTRIBUTE NAME are CString. |
| </li> |
| <li> |
| ES is an empty CString. |
| </li> |
| </ul> |
| |
| </p> |
| </subsection> |
| |
| <subsection name="Context informations forwarding for Servlet engine to Web Server"> |
| <p> |
| Just after the LOGON PHASE, the web server will ask for the list of contexts |
| and URLs/URIs handled by the servlet engine. |
| It will ease installation in many sites, reduce questions about configuration |
| on tomcat-user list, and be ready for servlet API 2.3. |
| |
| This mode will be activated by a new directive JkAutoMount |
| |
| ie: JkAutoMount examples myworker1 /examples/ |
| |
| If we want to get ALL the contexts handled by the servlet engine, willcard |
| could be used : |
| |
| ie: JkAutoMount * myworker1 * |
| |
| A servlet engine could have many contexts, /examples, /admin, /test. |
| We may want to use only some contexts for a given worker. It was |
| done previously, in apache HTTP server for example, by setting by |
| hand the JkMount accordingly in each [virtual] area of Apache. |
| |
| If you web-server support virtual hosting, we'll forward also that |
| information to servlet engine which will only return contexts for |
| that virtual host. |
| In that case the servlet engine will only return the URL/URI matching |
| these particular virtual server (defined in server.xml). |
| This feature will help ISP and big sites which mutualize large farm |
| of Tomcat in load-balancing configuration. |
| |
| <source> |
| +-----------------+-------------------+----------+----------+----+ |
| | CONTEXT QRY CMD | VIRTUAL HOST NAME | CONTEXTA | CONTEXTB | ES | |
| +-----------------+-------------------+----------+----------+----+ |
| |
| +------------------+-------------------+----------+-------------------+----------+---------------+----+ |
| | CONTEXT INFO CMD | VIRTUAL HOST NAME | CONTEXTA | URL1 URL2 URL3 ES | CONTEXTB | URL1 URL2 ... | ES | |
| +------------------+-------------------+----------+-------------------+----------+---------------+----+ |
| </source> |
| |
| We'll discover via context-query, the list of URL/MIMES handled by the remove servlet engine |
| for a list of contextes. |
| In wildcard mode, CONTEXTA will contains just '*'. |
| |
| <ul> |
| <li> |
| CONTEXT QRY CMD and CONTEXT INFO CMD are 1 byte long. |
| </li> |
| <li> |
| VIRTUAL HOST NAME is a CString, ie an array of chars terminated by a null byte (/0). |
| </li> |
| <li> |
| An empty string is just a null byte (/0). |
| </li> |
| <li> |
| ES is an empty CString. Indicate end of URI/URLs or end of CONTEXTs. |
| </li> |
| </ul> |
| |
| NB:<br/> |
| When VirtualMode is not to be used, the VIRTUAL HOST NAME is '*'. |
| In that case the servlet engine will send all contexts handled. |
| </p> |
| </subsection> |
| |
| <subsection name="Context informations updates from Servlet engine to Web Server"> |
| <p> |
| Context update are messages caming from the servlet engine each time a context |
| is desactivated/reactivated. The update will be in use when the directive JkUpdateMount. |
| This directive will set the AJP13_CONTEXT_UPDATE_NEG flag. |
| |
| ie: JkUpdateMount myworker1 |
| |
| <source> |
| +--------------------+-------------------+----------+--------+----------+--------+----+ |
| | CONTEXT UPDATE CMD | VIRTUAL HOST NAME | CONTEXTA | STATUS | CONTEXTB | STATUS | ES | |
| +--------------------+-------------------+----------+--------+----------+--------+----+ |
| </source> |
| |
| <ul> |
| <li> |
| CONTEXT UPDATE CMD, STATUS are 1 byte long. |
| </li> |
| <li> |
| VIRTUAL HOST NAME, CONTEXTS are CString. |
| </li> |
| <li> |
| ES is an empty CString. Indicate end of CONTEXTs. |
| </li> |
| </ul> |
| |
| NB:<br/> |
| When VirtualMode is not in use, the VIRTUAL HOST NAME is '*'. |
| STATUS is one byte indicating if context is UP/DOWN/INVALID |
| </p> |
| </subsection> |
| |
| <subsection name="Context status query to Servlet engine"> |
| <p> |
| This query will be used by the web-server to determine if a given |
| contexts are UP, DOWN or INVALID (and should be removed). |
| |
| <source> |
| +-------------------+--------------------+----------+----------+----+ |
| | CONTEXT STATE CMD | VIRTUAL HOST NAME | CONTEXTA | CONTEXTB | ES | |
| +-------------------+--------------------+----------+----------+----+ |
| |
| +-------------------------+-------------------+----------+--------+----------+--------+----+ |
| | CONTEXT STATE REPLY CMD | VIRTUAL HOST NAME | CONTEXTA | STATUS | CONTEXTB | STATUS | ES | |
| +-------------------------+-------------------+----------+-------------------+--------+----+ |
| </source> |
| |
| <ul> |
| <li> |
| CONTEXT STATE CMD, CONTEXT STATE REPLY CMD, STATUS are 1 byte long. |
| </li> |
| <li> |
| VIRTUAL HOST NAME, CONTEXTs are CString |
| </li> |
| <li> |
| ES is an empty CString |
| </li> |
| </ul> |
| |
| NB:<br/> |
| When VirtualMode is not in use, the VIRTUAL HOST NAME is an empty string. |
| </p> |
| </subsection> |
| |
| <subsection name="Handling of unknown packets"> |
| <p> |
| Sometimes even with a well negocied protocol, we may be in a situation |
| where one end (web server or servlet engine), will receive a message it |
| couldn't understand. In that case the receiver will send an |
| 'UNKNOW PACKET CMD' with attached the unhandled message. |
| |
| <source> |
| +--------------------+------------------------+-------------------+ |
| | UNKNOWN PACKET CMD | UNHANDLED MESSAGE SIZE | UNHANDLED MESSAGE | |
| +--------------------+------------------------+-------------------+ |
| </source> |
| |
| Depending on the message, the sender will report an error and if |
| possible will try to forward the message to another endpoint. |
| |
| <ul> |
| <li> |
| UNKNOWN PACKET CMD is 1 byte long. |
| </li> |
| <li> |
| UNHANDLED MESSAGE SIZE is 16bits long. |
| </li> |
| <li> |
| UNHANDLED MESSAGE is an array of byte (length is contained in UNHANDLED MESSAGE SIZE) |
| </li> |
| </ul> |
| |
| NB:<br/> |
| added UNHANDLED MESSAGE SIZE (development) |
| </p> |
| </subsection> |
| |
| <subsection name="Verification of connection before sending request"> |
| <p> |
| NOTA: This fonctionality may never be used, since it may slow up the normal process |
| since requiring on the web-server side an extra IO (read) before forwarding |
| the request..... |
| |
| One of the beauty of socket APIs, is that you could write on a half closed socket. |
| When servlet engine close the socket, the web server will discover it only at the |
| next read() to the socket. |
| Basically, in the AJP13 protocol, the web server send the HTTP HEADER and HTTP BODY |
| (POST by chunk of 8K) to the servlet engine and then try to receive the reply. |
| If the connection was broken the web server will learn it only at receive time. |
| |
| We could use a buffering scheme but what happen when you use the servlet engine |
| for upload operations with more than 8ko of datas ? |
| |
| The hack in the AJP13 protocol is to add some bytes to read after the end of the |
| service : |
| |
| <source> |
| EXAMPLE OF DISCUSSION BETWEEN WEB SERVER AND SERVLET ENGINE |
| |
| AJP HTTP-HEADER (+ HTTP-POST) (WEB->SERVLET) |
| |
| AJP HTTP-REPLY (SERVLET->WEB) |
| |
| AJP END OF DISCUSSION (SERVLET->WEB) |
| |
| ---> AJP STATUS (SERVLET->WEB AJP13) |
| </source> |
| |
| The AJP STATUS will not be read by the servlet engine at the end of |
| the request/response #N but at the begining of the next session. |
| |
| More at that time the web server could also use OS dependants functions |
| (or better APR functions) to determine if there is also more data |
| to read. And that datas could be CONTEXT Updates. |
| |
| This will avoid the web server sending a request to a |
| desactivated context. In that case, if the load-balancing is used, |
| it will search for another servlet engine to handle the request. |
| |
| And that feature will help ISP and big sites with farm of tomcat, |
| to updates their servlet engine without any service interruption. |
| |
| <source> |
| +------------+-------------+ |
| | STATUS CMD | STATUS DATA | |
| +------------+-------------+ |
| </source> |
| |
| <ul> |
| <li> |
| STATUS CMD and STATUS DATA are one byte long. |
| </li> |
| </ul> |
| </p> |
| </subsection> |
| |
| </section> |
| |
| <section name="Conclusion"> |
| <p> |
| The goal of the extended AJP13 protocol is to overcome some of the original AJP13 limitation. |
| An easier configuration, a better support for large site and farm of Tomcat, |
| a simple authentification system and provision for protocol updates. |
| |
| Using the stable ajp13 implementation in JK (native) and in servlet |
| engine (java), it's a reasonable evolution of the well known ajp13. |
| </p> |
| </section> |
| |
| <section name="Commands and IDs in extended AJP13 Index"> |
| <p> |
| Index of Commands and ID to be added in AJP13 Protocol |
| </p> |
| |
| <subsection name="Commands IDs"> |
| <p> |
| <table> |
| <tr><th>Command Name</th><th>Command Number</th></tr> |
| <tr><td>AJP13_LOGINIT_CMD</td><td>0x10</td></tr> |
| <tr><td>AJP13_LOGSEED_CMD</td><td>0x11</td></tr> |
| <tr><td>AJP13_LOGCOMP_CMD</td><td>0x12</td></tr> |
| <tr><td>AJP13_LOGOK_CMD</td><td>0x13</td></tr> |
| <tr><td>AJP13_LOGNOK_CMD</td><td>0x14</td></tr> |
| <tr><td>AJP13_CONTEXT_QRY_CMD</td><td>0x15</td></tr> |
| <tr><td>AJP13_CONTEXT_INFO_CMD</td><td>0x16</td></tr> |
| <tr><td>AJP13_CONTEXT_UPDATE_CMD</td><td>0x17</td></tr> |
| <tr><td>AJP13_STATUS_CMD</td><td>0x18</td></tr> |
| <tr><td>AJP13_SHUTDOWN_CMD</td><td>0x19</td></tr> |
| <tr><td>AJP13_SHUTOK_CMD</td><td>0x1A</td></tr> |
| <tr><td>AJP13_SHUTNOK_CMD</td><td>0x1B</td></tr> |
| <tr><td>AJP13_CONTEXT_STATE_CMD</td><td>0x1C</td></tr> |
| <tr><td>AJP13_CONTEXT_STATE_REP_CMD</td><td>0x1D</td></tr> |
| <tr><td>AJP13_UNKNOW_PACKET_CMD</td><td>0x1E</td></tr> |
| </table> |
| |
| </p> |
| </subsection> |
| |
| <subsection name="Negociations Flags"> |
| <p> |
| <table> |
| <tr><th>Command Name</th><th>Number</th><th>Description</th></tr> |
| <tr><td>AJP13_CONTEXT_INFO_NEG</td><td>0x80000000</td><td>web-server want context info after login</td></tr> |
| <tr><td>AJP13_CONTEXT_UPDATE_NEG</td><td>0x40000000</td><td>web-server want context updates</td></tr> |
| <tr><td>AJP13_GZIP_STREAM_NEG</td><td>0x20000000</td><td>web-server want compressed stream</td></tr> |
| <tr><td>AJP13_DES56_STREAM_NEG</td><td>0x10000000</td><td>web-server want crypted DES56 stream with secret key</td></tr> |
| <tr><td>AJP13_SSL_VSERVER_NEG</td><td>0x08000000</td><td>Extended info on server SSL vars</td></tr> |
| <tr><td>AJP13_SSL_VCLIENT_NEG</td><td>0x04000000</td><td>Extended info on client SSL vars</td></tr> |
| <tr><td>AJP13_SSL_VCRYPTO_NEG</td><td>0x02000000</td><td>Extended info on crypto SSL vars</td></tr> |
| <tr><td>AJP13_SSL_VMISC_NEG</td><td>0x01000000</td><td>Extended info on misc SSL vars</td></tr> |
| </table> |
| |
| <br/> |
| |
| <table> |
| <tr><th>Negociation ID</th><th>Number</th><th>Description</th></tr> |
| <tr><td>AJP13_PROTO_SUPPORT_AJPXX_NEG</td><td>0x00FF0000</td><td>mask of protocol supported</td></tr> |
| <tr><td>AJP13_PROTO_SUPPORT_AJP13L1_NEG</td><td>0x00010000</td><td>communication could use AJP13 Level 1</td></tr> |
| <tr><td>AJP13_PROTO_SUPPORT_AJP13L2_NEG</td><td>0x00020000</td><td>communication could use AJP13 Level 2</td></tr> |
| <tr><td>AJP13_PROTO_SUPPORT_AJP13L3_NEG</td><td>0x00040000</td><td>communication could use AJP13 Level 3</td></tr> |
| </table> |
| |
| <br/> |
| All others flags must be set to 0 since they are reserved for future use. |
| |
| </p> |
| </subsection> |
| |
| <subsection name="Failure IDs"> |
| <p> |
| <table> |
| <tr><th>Failure Id</th><th>Number</th></tr> |
| <tr><td>AJP13_BAD_KEY_ERR</td><td>0xFFFFFFFF</td></tr> |
| <tr><td>AJP13_ENGINE_DOWN_ERR</td><td>0xFFFFFFFE</td></tr> |
| <tr><td>AJP13_RETRY_LATER_ERR</td><td>0xFFFFFFFD</td></tr> |
| <tr><td>AJP13_SHUT_AUTHOR_FAILED_ERR</td><td>0xFFFFFFFC</td></tr> |
| </table> |
| </p> |
| </subsection> |
| |
| <subsection name="Status"> |
| <p> |
| <table> |
| <tr><th>Failure Id</th><th>Number</th></tr> |
| <tr><td>AJP13_CONTEXT_DOWN</td><td>0x01</td></tr> |
| <tr><td>AJP13_CONTEXT_UP</td><td>0x02</td></tr> |
| <tr><td>AJP13_CONTEXT_OK</td><td>0x03</td></tr> |
| </table> |
| </p> |
| </subsection> |
| |
| </section> |
| |
| </document> |