The Apache JServ Protocol (AJP) is a binary protocol that can proxy inbound requests from a web server through to an application server that sits behind the web server. AJP is a highly trusted protocol and should never be exposed to untrusted clients, which could use it to gain access to sensitive information or execute code on the application server.[1]
It also supports some monitoring in that the web server can ping the application server. Web implementors typically use AJP in a load-balanced deployment where one or more front-end web servers feed requests into one or more application servers. Sessions are redirected to the correct application server using a routing mechanism wherein each application server instance gets a name (called a route). In this scenario the web server functions as a reverse proxy for the application server. Lastly, AJP supports request attributes which, when populated with environment-specific settings in the reverse proxy, provides for secure communication between the reverse proxy and application server.[2] [3]
AJP runs in Apache HTTP Server 1.x using the plugin and in Apache 2.x using, and proxy balancer modules together. Other web server implementations exist for: lighttpd 1.4.59,[4] nginx,[5] Grizzly 2.1,[6] and the Internet Information Services.[7]
Web container application servers supporting AJP include: Apache Tomcat, WildFly (formerly JBoss AS), and GlassFish.
Alexei Kosut originally developed the Apache JServ Protocol in July 1997[8] but the version 1.0 specification was published later on July 29, 1998.[9] He also wrote the first implementations of it in the same month, with the releases of the Apache JServ servlet engine 0.9 and the Apache mod_jserv 0.9a (released on July 30, 1997).[10]
The specification was updated to version 1.1 on September 9, 1998.[11] Also in 1998, a revamped protocol was created and published in specification versions 2[12] and 2.1,[8] however it was never adopted.
In 1999, Sun Microsystems donated their JavaServer Web Development Kit (JSWDK; codenamed Tomcat) reference implementation to Apache Software Foundation. This became Apache Tomcat version 3.0, the successor to JSWDK 2.1, and derailed further development of Apache JServ servlet engine and AJP towards support of Java servlet API version 2.1.[13]
The current specification remains at version 1.3,[14] however there is a published extension proposal[15] as well as an archived experimental 1.4 proposal.[16]