Apache JServ Protocol

The Apache JServ Protocol (AJP) is a binary protocol that can proxy inbound requests from a web server through to an application server that sits behind the web server. AJP is a highly trusted protocol and should never be exposed to untrusted clients, which could use it to gain access to sensitive information or execute code on the application server.[1]

It also supports some monitoring in that the web server can ping the application server. Web implementors typically use AJP in a load-balanced deployment where one or more front-end web servers feed requests into one or more application servers. Sessions are redirected to the correct application server using a routing mechanism wherein each application server instance gets a name (called a route). In this scenario the web server functions as a reverse proxy[2] for the application server. Lastly, AJP supports request attributes which, when populated with environment-specific settings in the reverse proxy, provides for secure communication between the reverse proxy and application server.[3][4]

AJP runs in Apache HTTP Server 1.x using the mod_jk plugin and in Apache 2.x using mod_proxy_ajp, mod_proxy and proxy balancer modules together. Other web server implementations exist for: lighttpd 1.4.59,[5] nginx,[6] Grizzly 2.1,[7] and the Internet Information Services.[2]

Web container application servers supporting AJP include: Apache Tomcat, WildFly (formerly JBoss AS), and GlassFish.

  1. ^ "AJP File Read/Inclusion in Apache Tomcat (CVE-2020-1938) and Undertow (CVE-2020-1745)". Red Hat Customer Portal. Retrieved 1 March 2020.
  2. ^ a b "BonCode Apache Tomcat AJP 1.3 Connector". boncode.net. Retrieved 9 October 2017.
  3. ^ "NativeSPAttributeAccess". Shibboleth Consortium. Retrieved 13 November 2017.
  4. ^ "Apache Module mod_proxy_ajp". Apache HTTP Server Project. Retrieved 13 November 2017.
  5. ^ "Docs - Lighttpd - lighty labs". redmine.lighttpd.net. Retrieved 14 July 2021.
  6. ^ Yao(姚伟斌), Weibin (6 October 2017). "nginx_ajp_module: support AJP protocol proxy with Nginx". Retrieved 9 October 2017 – via GitHub.
  7. ^ "AJP". Grizzly 2.3 User's Guide. java.net. Retrieved 2013-04-29.