diff -up ./java/org/apache/coyote/ajp/AbstractAjpProtocol.java.orig ./java/org/apache/coyote/ajp/AbstractAjpProtocol.java
--- ./java/org/apache/coyote/ajp/AbstractAjpProtocol.java.orig	2020-04-22 15:31:12.889587528 -0400
+++ ./java/org/apache/coyote/ajp/AbstractAjpProtocol.java	2020-04-22 15:31:37.907534419 -0400
@@ -16,7 +16,6 @@
  */
 package org.apache.coyote.ajp;
 
-import java.net.InetAddress;
 import java.util.regex.Pattern;
 
 import org.apache.coyote.AbstractProtocol;
@@ -49,8 +48,6 @@ public abstract class AbstractAjpProtoco
         setConnectionTimeout(Constants.DEFAULT_CONNECTION_TIMEOUT);
         // AJP does not use Send File
         getEndpoint().setUseSendfile(false);
-        // AJP listens on loopback by default
-        getEndpoint().setAddress(InetAddress.getLoopbackAddress());
         ConnectionHandler<S> cHandler = new ConnectionHandler<>(this);
         setHandler(cHandler);
         getEndpoint().setHandler(cHandler);
@@ -180,7 +177,7 @@ public abstract class AbstractAjpProtoco
     }
 
 
-    private boolean secretRequired = true;
+    private boolean secretRequired = false;
     public void setSecretRequired(boolean secretRequired) {
         this.secretRequired = secretRequired;
     }
diff -up ./webapps/docs/changelog.xml.orig ./webapps/docs/changelog.xml
--- ./webapps/docs/changelog.xml.orig	2020-04-03 08:12:03.000000000 -0400
+++ ./webapps/docs/changelog.xml	2020-04-22 15:31:37.911534411 -0400
@@ -526,14 +526,10 @@
         Disable (comment out in server.xml) the AJP/1.3 connector by default.
         (markt)
       </update>
-      <update>
-        Change the default bind address for the AJP/1.3 connector to be the
-        loopback address. (markt)
-      </update>
       <add>
         Rename the <code>requiredSecret</code> attribute of the AJP/1.3
         Connector to <code>secret</code> and add a new attribute
-        <code>secretRequired</code> that defaults to <code>true</code>. When
+        <code>secretRequired</code> that defaults to <code>false</code>. When
         <code>secretRequired</code> is <code>true</code> the AJP/1.3 Connector
         will not start unless the <code>secret</code> attribute is configured to
         a non-null, non-zero length String. (markt)
diff -up ./webapps/docs/config/ajp.xml.orig ./webapps/docs/config/ajp.xml
--- ./webapps/docs/config/ajp.xml.orig	2020-04-22 15:31:37.913534406 -0400
+++ ./webapps/docs/config/ajp.xml	2020-04-22 15:35:35.003031090 -0400
@@ -327,7 +327,9 @@
     <attribute name="address" required="false">
       <p>For servers with more than one IP address, this attribute specifies
       which address will be used for listening on the specified port. By
-      default, the connector will listen on the loopback address. Unless the JVM
+      default, this port will be used on all IP addresses associated with the
+      server. A value of <code>127.0.0.1</code> indicates that the Connector
+      will only listen on the loopback interface. Unless the JVM
       is configured otherwise using system properties, the Java based connectors
       (NIO, NIO2) will listen on both IPv4 and IPv6 addresses when configured
       with either <code>0.0.0.0</code> or <code>::</code>. The APR/native
@@ -500,7 +502,7 @@
       the <strong>secret</strong> attribute is required to be specified for the
       AJP Connector to start. It <strong>does not</strong> control whether
       workers are required to provide the secret. The default value is
-      <code>true</code>. This attribute should only be set to <code>false</code>
+      <code>false</code>. This attribute should only be set to <code>false</code>
       when the Connector is used on a trusted network.</p>
     </attribute>