<cfajaxproxy> Locked-Down production Lucee - coldfusion

Setting up production lucee box, having issues locating ajax library in lucee server. My browser unable to find ajax library showing 404 error.
I am not sure this is because of firewall or lucee server configuration issue.
My development and staging working fine only having issue in production server.
Request URL: https://example.com/mapping-tag/lucee/core/ajax/JSLoader.cfc?method=get&lib=LuceeAjax
Request Method: GET
Status Code: 404
Remote Address: 201.10.26.29:443
Referrer Policy: no-referrer-when-downgrade
Please advise..

With an Adobe CF server, the JS files related to cfajaxproxy are in the /CFIDE/scripts/ folder. The /CFIDE/ folder is removed from public access when the server is locked down. To allow access to the JS files for the UI and ajax tags, you can specify an alias in CF Admin for that folder.
For example, /cfjs would map to /CFIDE/scripts in CF Amin, so CF will generate that path for cfajaxproxy use. You'd have to create this folder alias in IIS or whatever web server you're using.
If on Lucee, the folder /lucee/core/ is blocked when locked down, there should be a similar solution for that engine.

Related

Problem handling cookies for Blazor Server using OpenID server (Keycloak)

I have a baffling issue with cookie handling in a Blazor server app (.NET Core 6) using openid (Keycloak). Actually, more than a couple which are may or may not linked. It’s a typical (?) reverse proxy architecture:
A central nginx receives queries for services like Jenkins, JypyterHub, SonarQube, Discourse etc. These are mapped through aliases in internal IPs where the nginx can access them. This nginx intercepts URL like: https://hub.domain.eu
A reverse proxy which resolves to https://dsc.domain.eu. This forwards request to a Blazor app running in Kestrel in port 5001. Both Kestrel and nginx under SSL – required to get the websockets working.
Some required background: the Blazor app is essentially a ‘hub’ where its various razor pages ‘host’ in iframe-like the above mentioned services. How it works: When the user asks for the root path (https://hub.domain.eu) it opens the root page of the Blazor app (/).
The nav menu contains the links to razor pages which contain the iframes for the abovementioned services. For example:
The relative path is intercepted by the ‘central’ nginx which loads Jenkins. Everything is under the same Keycloak OpenID server. Note that everything works fine without the Blazor app.
Scenarios that cause the same problem
Assume the user logins in my app using the login page of Keycloak (NOT the REST API) through redirection. Then proceeds to link and he is indeed logged in as well. The controls in the App change accordingly to indicate that the user is indeed authenticated. If you close the tab and open a new one, the Blazor app will act as if it’s not logged in while the other services (e.g Jenkins) will show the logged in user from before. When you press the Login link, you’ll be greeted with a 502 nginx error. If you clean the cookies from browser (or in private / stealth mode) everything works again. Or of you just log off e.g. from Jenkins.
Assume that the user is now in a service such as Jenkins, SonarQube, etc. if you press F5 now you have two problems: you get a 404 Error but only on SOME services such as Sonarcube but not in others. This is a side problem for another post. The thing is that Blazor app appears not logged in again by pressing Back / Refresh
The critical part of Program.cs looks like the following:
This class handles the login / logoff:
Side notes:
SaveTokens = false still causes large header errors and results in empty token (shown in the above code with the Warning: Token received was null). I’m still able to obtain user details though from httpContext.
No errors show up in the reverse proxy error.log and in Kestrel (all deployed in Linux)
MOST important: if I copy-paste the failed login link (the one that produced the 502 error) to a "clean" browser, it works fine.
There are lots of properties affecting the OpenID connect, it could also be an nginx issue but I’ve run out of ideas the last five days. The nginx config has been accommodated for large headers and websockets.
Any clues as to where I should at least focus my research to track the error??
The 502 error shows an error at NGINX's side. The reverse proxy had proper configuration but as it turned out, not the front one. Once we set the header size to suggested size, everything played out.

getting 500 Internal Server Error when hosting website on cyberpanel

I am hosting django application on Cyberpanel. I have created website in cyberpanel and setup my django project. also changed vHost configuration. but in LIST WEBSITES getting this error
No Screenshot Available
500 Internal server Error
here is image
I cant figure out how do I get rid of it
Cyberpanel is using Statically's services to generate screenshots, it seems something wrong with Statically's server. Don't worry, it's not your Cyberpanel's problem.
Statically.io:
https://statically.io/
Demo: (Not working)
https://cdn.statically.io/screenshot/google.com

ColdFusion 2018: How to setup a mapping correctly?

These are the steps I use:
1) I created new mapping inside CF Server => Server Settings => Mapping
logical path: /mysite
directory path: /Volumes/drive2/work/mysite
2) I restarted the server
/Applications/ColdFusion2018/cfusion/bin/coldfusion stop && /Applications/ColdFusion2018/cfusion/bin/coldfusion start
3) Using my preferred text editor, I created test.cfm inside /Volumes/drive2/work/mysite with the following contents
<cfdump var="#CGI#">
4) I then tried viewing the new file on my browser via
localhost:8500/mysite/test.cfm
I then get a 404 error. Exact message goes like "coldfusion.runtime.TemplateNotFoundException: File not found: /mysite/test.cfm"
I checked these 2 things:
I verified that /Volumes/drive2/work/mysite is readable by everyone (755 permission)
I verified that /Volumes/drive2/work/mysite/test.cfm is readable by everyone (644 permission)
Other than creating the mapping, the other configurations I've changed are:
created datasource for my app
Enabled debugging/logging but only after I got the first 404 error
Any ideas what I could be doing wrong? or perhaps other settings I should've set? I've added a screenshot of the mappings section below.
Thanks!
Edit: I'm using the built-in webserver provided by the standalone/developer edition. I'm also using localhost.
What you are attempting to do is not what ColdFusion mappings are for. ColdFusion mappings are used by ColdFusion code to access files. What you are attempting to do via a request like localhost:8500/mysite/test.cfm is access a folder through your web server. What you need to do for that is create a "virtual directory" using your web server admin.
You did not specify which web server you are using but it should be very easy to find documentation on how to accomplish what you need by searching your "web server name create virtual directory".
Here are a couple of examples for IIS and Apache.
IIS Virtual Directory
Apache Alias
If you are using the builtin Tomcat server, as we can assume by the use of localhost and port 8500, then follow the directions documented on the following page under the Adding a virtual directory for ColdFusion using the built-in Tomcat application server section.
ColdFusion Tomcat

Youtube not able to play on my django-heroku app. Giving me a mixed content error message

I tried to view youtube videos on my app and it didn't work. I checked the console and got this error message
Mixed Content: The page at'https://hispanicheights.herokuapp.com/blog/youtube-video/'
was loaded over HTTPS,but requested an insecure script
'http://content.jwplatform.com/libraries/WQWJdvRx.js'.
This request has been blocked; the content must be served over HTTPS.
Is there a way around this or is this just the situation until I get a paid account with a domain?
This has nothing to do with Heroku, paid plans or not. It is simply that you are linking to an http resource inside a page that is served by https; since that potentially side steps the man-in-the-middle protection that https gives you, modern browsers forbid it.
The solution is to serve all your dependent scripts via https as well.

Coldfusion 8: Firefox can't establish a connection to the server at 127.0.0.1:8500

I installed Coldfusion 8 trial version on my system (XP Professional sp3).
I created an Folder in the “C:/Coldfusion8/wwwroot” called “buildProject” containing an Index.cfm and some other .cfm files.
But I am unable to access the Neither my project files or CFIDE/Administrator
I tried the following URLS
http://localhost:8500/wwwroot/buildProject/
http://localhost:8500/CFIDE/administrator/index.cfm
http:// 127.0.0.1:8500/wwwroot/buildProject/
http:// 127.0.0.1:8500/CFIDE/administrator/index.cfm
http://localhost /wwwroot/buildProject/index.cfm
http://localhost /CFIDE/administrator/index.cfm
http://localhost /wwwroot/buildProject/
http://localhost /CFIDE/administrator/index.cfm
Firefox can't establish a connection to the server at 127.0.0.1:8500.
* The site could be temporarily unavailable or too busy. Try again in a few
moments.
* If you are unable to load any pages, check your computer's network
connection.
* If your computer or network is protected by a firewall or proxy, make sure
that Firefox is permitted to access the Web.
• I cleared the browsing “History” from both IE and FF.
• I have restarted the CF server in the Control Panel >Administrative Tools > Services
• Even restarted the IIS
Getting the same error.
Further I was trying to access IE/FF via CFbuilder But still I am getting the error
“The connection was refused when attempting to contact [URL].”
If you connected Coldfusion to IIS, then you probably need to connect on port 80. Which you did try, but if you connected Coldfusion to IIS, then the document root is IIS's document root, not the document root you created your new directory in.
I believe the document root for IIS on XP is c:\inetpub\wwwroot.
So, try putting a test.cfm file in there that just contains "hello world" or something, and see if you can request it from there.
Hopefully you installed IIS first and were happy it was working before installing CF.
Try connecting to your IIS on http://localhost
You should get the default IIS .htm landing page , probably index.html or something, so at least you know IIS is working fine.
If you then try http://localhost/nosuchpage.htm you will see a 403 error (as long as you didnt specify to allow directory browsing). In the standard IIS error page you should be able to see
Physical Path D:\inetpub\wwwroot
or wherever IIS thinks your web root is. When you then install CF to use IIS (rather than standalone) it will use this path as your web root.
Rename your index.html file as index.cfm and connect to it on
http://localhost:8500/index.cfm
If vanilla html pages are working from the directory but .cfm pages are not then you probably need an CFIDE mapping (I think one quick workaround is simply to copy your CFIDE folder and drop it into web root).
What happens if you try typing this in as a url:
http://{your i.p. address}:8500/CFIDE/administrator/index.cfm
I bet it works