diff -up ./java/org/apache/coyote/ajp/AbstractAjpProtocol.java.orig ./java/org/apache/coyote/ajp/AbstractAjpProtocol.java
--- ./java/org/apache/coyote/ajp/AbstractAjpProtocol.java.orig	2020-03-12 13:33:31.792406379 -0400
+++ ./java/org/apache/coyote/ajp/AbstractAjpProtocol.java	2020-03-12 13:35:24.222117728 -0400
@@ -16,7 +16,6 @@
  */
 package org.apache.coyote.ajp;
 
-import java.net.InetAddress;
 import java.util.regex.Pattern;
 
 import org.apache.coyote.AbstractProtocol;
@@ -49,8 +48,6 @@ public abstract class AbstractAjpProtoco
         setConnectionTimeout(Constants.DEFAULT_CONNECTION_TIMEOUT);
         // AJP does not use Send File
         getEndpoint().setUseSendfile(false);
-        // AJP listens on loopback by default
-        getEndpoint().setAddress(InetAddress.getLoopbackAddress());
         ConnectionHandler<S> cHandler = new ConnectionHandler<>(this);
         setHandler(cHandler);
         getEndpoint().setHandler(cHandler);
@@ -180,7 +177,7 @@ public abstract class AbstractAjpProtoco
     }
 
 
-    private boolean secretRequired = true;
+    private boolean secretRequired = false;
     public void setSecretRequired(boolean secretRequired) {
         this.secretRequired = secretRequired;
     }
diff -up ./webapps/docs/changelog.xml.orig ./webapps/docs/changelog.xml
--- ./webapps/docs/changelog.xml.orig	2020-03-12 13:33:54.354348454 -0400
+++ ./webapps/docs/changelog.xml	2020-03-12 13:37:17.041828075 -0400
@@ -178,14 +178,10 @@
         Disable (comment out in server.xml) the AJP/1.3 connector by default.
         (markt)
       </update>
-      <update>
-        Change the default bind address for the AJP/1.3 connector to be the
-        loopback address. (markt)
-      </update>
       <add>
         Rename the <code>requiredSecret</code> attribute of the AJP/1.3
         Connector to <code>secret</code> and add a new attribute
-        <code>secretRequired</code> that defaults to <code>true</code>. When
+        <code>secretRequired</code> that defaults to <code>false</code>. When
         <code>secretRequired</code> is <code>true</code> the AJP/1.3 Connector
         will not start unless the <code>secret</code> attribute is configured to
         a non-null, non-zero length String. (markt)
diff -up ./webapps/docs/config/ajp.xml.orig ./webapps/docs/config/ajp.xml
--- ./webapps/docs/config/ajp.xml.orig	2020-03-12 13:34:10.383307302 -0400
+++ ./webapps/docs/config/ajp.xml	2020-03-12 13:36:17.617980639 -0400
@@ -315,7 +315,10 @@
     <attribute name="address" required="false">
       <p>For servers with more than one IP address, this attribute
       specifies which address will be used for listening on the specified
-      port. By default, the loopback address will be used.</p>
+      port.  By default, this port will be used on all IP addresses
+      associated with the server. A value of <code>127.0.0.1</code>
+      indicates that the Connector will only listen on the loopback
+      interface.</p>
     </attribute>
 
     <attribute name="allowedRequestAttributesPattern" required="false">
@@ -465,7 +468,7 @@
     <attribute name="secretRequired" required="false">
       <p>If this attribute is <code>true</code>, the AJP Connector will only
       start if the <strong>secret</strong> attribute is configured with a
-      non-null, non-zero length value. The default value is <code>true</code>.
+      non-null, non-zero length value. The default value is <code>false</code>.
       This attributue should only be set to <code>false</code> when the
       Connector is used on a trusted network.</p>
     </attribute>