The latest version of Undertow is supposed to have an AJP secret you can configure at Undertow to avoid the Ghostcat exploit that targets AJP ports open to the internet. Figure out how that works, if it's enabled by default, and what we need to do in Runwar to allow to to be configured.