Running Webgoat on Linux RHEL4 Apache/Tomcat gives 401 unauthorized.

Question

Running Webgoat on Linux RHEL4 Apache/Tomcat gives 401 unauthorized.

Closed this issue 8 years ago · 4 comments

GoogleCodeExporter commented 8 years ago

What steps will reproduce the problem?
1. Access the url apache-instance/WebGoat/attack
2.
3.

What is the expected output? What do you see instead?
I'm expecting to see the logon screen. If I go to the Tomcat direct via 
port 8080 it works. I have other apps running on Apache that I can acces 
fine.


What version of the product are you using? On what operating system?
Webgoat 5.2
Linux RHEL4
Apache 2.0.61
Tomcat 5.5.16
Java 1.6.32


Please provide any additional information below.
I have verified that the Apache instance is running fine as is Tomcat. No 
error msgs on startup. I just can't get Webgoat to run via Apache.

Original issue reported on code.google.com by andy.p.s...@gtempaccount.com on 15 Oct 2009 at 12:36

Answer 1 · 2016-02-17T22:53:13.000Z

Did you add the WebGoat users/roles to tomcate-users.conf?  How to do this can 
be
found in the FAQ.

Original comment by mayhe...@gmail.com on 15 Oct 2009 at 12:59

Changed state: Started

Answer 2 · 2016-02-17T22:53:13.000Z

Yes I did. I also forgot to mention that once I've done a successful signon by 
going 
direct to the Tomcat instance I can then acccess via Apache from the same 
browser 
session.

Original comment by andy.p.s...@gtempaccount.com on 15 Oct 2009 at 1:17

Answer 3 · 2016-02-17T22:53:13.000Z

Ok, I found the solution. mod_jk needs updating to version 1.2.26 or later. I 
was 
running 1.2.15 and this is a bug fixed in 1.2.26

Original comment by andy.p.s...@gtempaccount.com on 19 Oct 2009 at 3:42

Answer 4 · 2016-02-17T22:53:14.000Z

Original comment by mayhe...@gmail.com on 19 Oct 2009 at 5:09

Changed state: Done