Running ColdFusion 10 Update 18 on Server 2012 R2 with IIS 8.5. I've made changes to a CFC, and created a new CFC file as well to test. The changes I made aren't being reflected, and the new file returns a 404 File Not Found.
I've done the following:
Checked the Jakarta virtual directory exists
Removed and readded the site with the CF Web Config tool
Cleared the WEB-INF class temporary folder
Clicked all the Clear Cache buttons in CF Admin
Unchecked all cache options in CF Admin
I inherited this setup and do not have any prior ColdFusion experience. Thanks!
Maybe you can add some supplemental functionality to your application.
I adapted this to your fw1init=1 query param.
Your intercept in index.cfm or futher upstream if necessary.
<cfscript>
if (find('404;',CGI.query_string)){
location('index.cfm?fwreinit=1');
}
</cfscript>
In your Application.cfc
<cfscript>
public boolean function OnRequestStart(required string Target){
if (structkeyExists(url, 'fwreinit') and url.fwreinit){
if (isDefined('application')){
structClear(application);
onApplicationStart();
}
if (isDefined('session')){
structClear(session);
onSessionStart();
}
}
}
</cfscript>
Related
These are the steps I use:
1) I created new mapping inside CF Server => Server Settings => Mapping
logical path: /mysite
directory path: /Volumes/drive2/work/mysite
2) I restarted the server
/Applications/ColdFusion2018/cfusion/bin/coldfusion stop && /Applications/ColdFusion2018/cfusion/bin/coldfusion start
3) Using my preferred text editor, I created test.cfm inside /Volumes/drive2/work/mysite with the following contents
<cfdump var="#CGI#">
4) I then tried viewing the new file on my browser via
localhost:8500/mysite/test.cfm
I then get a 404 error. Exact message goes like "coldfusion.runtime.TemplateNotFoundException: File not found: /mysite/test.cfm"
I checked these 2 things:
I verified that /Volumes/drive2/work/mysite is readable by everyone (755 permission)
I verified that /Volumes/drive2/work/mysite/test.cfm is readable by everyone (644 permission)
Other than creating the mapping, the other configurations I've changed are:
created datasource for my app
Enabled debugging/logging but only after I got the first 404 error
Any ideas what I could be doing wrong? or perhaps other settings I should've set? I've added a screenshot of the mappings section below.
Thanks!
Edit: I'm using the built-in webserver provided by the standalone/developer edition. I'm also using localhost.
What you are attempting to do is not what ColdFusion mappings are for. ColdFusion mappings are used by ColdFusion code to access files. What you are attempting to do via a request like localhost:8500/mysite/test.cfm is access a folder through your web server. What you need to do for that is create a "virtual directory" using your web server admin.
You did not specify which web server you are using but it should be very easy to find documentation on how to accomplish what you need by searching your "web server name create virtual directory".
Here are a couple of examples for IIS and Apache.
IIS Virtual Directory
Apache Alias
If you are using the builtin Tomcat server, as we can assume by the use of localhost and port 8500, then follow the directions documented on the following page under the Adding a virtual directory for ColdFusion using the built-in Tomcat application server section.
ColdFusion Tomcat
I have migrated from ColdFusion 8 to Coldfusion 2016 and specified the path under CF Admin console. See picture. One of my file (login.cfm) is under /common directory outside webroot.
When I hit application url, first it finds index.cfm and then validate.cfm in which I am calling login.cfm using cfmodule. PLs check the lines of code here from validate.cfm.
<cftry>
<cfmodule template="/common/security/login.cfm"
login="#form.login#"
password="#form.password#"
returnvar="login_result">
<cfcatch>
<cf_error_logreg error="An error occurred checking for active PO in validate.cfm. Please report this error to #request.app.admin_email# immediately.">
<cfabort>
</cfcatch>
</cftry>
So it doesn't run the cfmodule and throws out of cftry block everytime when it finds some page from /common directory and shows the error message what is specified in cfcatch block. Which means it's not accessing the mappings which I have set in CF Admin console. Any idea?
I am using IIS as a web server.
Issue resolved. The mappings we did was right, but Application was failing to set the cookies. ColdFusion was unable to add the cookie we specified to the response. This is probably because we have used it to set one of the ColdFusion Session Cookies or Authentication cookie. I have fixed that.
To fix this, I logged in to Coldfusion Admin> Memory Variables and unchecked 'Disable updating Coldfusion internal cookies using Coldfusion tags/functions.'
Save settings and restarted the website. It worked.
Setting up production lucee box, having issues locating ajax library in lucee server. My browser unable to find ajax library showing 404 error.
I am not sure this is because of firewall or lucee server configuration issue.
My development and staging working fine only having issue in production server.
Request URL: https://example.com/mapping-tag/lucee/core/ajax/JSLoader.cfc?method=get&lib=LuceeAjax
Request Method: GET
Status Code: 404
Remote Address: 201.10.26.29:443
Referrer Policy: no-referrer-when-downgrade
Please advise..
With an Adobe CF server, the JS files related to cfajaxproxy are in the /CFIDE/scripts/ folder. The /CFIDE/ folder is removed from public access when the server is locked down. To allow access to the JS files for the UI and ajax tags, you can specify an alias in CF Admin for that folder.
For example, /cfjs would map to /CFIDE/scripts in CF Amin, so CF will generate that path for cfajaxproxy use. You'd have to create this folder alias in IIS or whatever web server you're using.
If on Lucee, the folder /lucee/core/ is blocked when locked down, there should be a similar solution for that engine.
I am trying to set my cookie CFIDE and CFTOKEN to be HTTPOnly in Coldfusion 9...
Here is what I have tried (didn't error but didn't work):
cookie.CFID = "#session.cfid#,httpOnly='true'";
cookie.CFTOKEN = "#session.cftoken#,httpOnly='true'";
I also tried (no go...and no error):
cookie.CFID = "#session.cfid#;httpOnly='true'";
cookie.CFTOKEN = "#session.cftoken#;httpOnly='true'";
And this (which I think only works in CF10):
cookie.CFID = {value="#session.cfid#", httpOnly="true"};
cookie.CFTOKEN = {value="#session.cftoken#", httpOnly="true"};
Then this (didn't error but didn't work):
cookie( name="CFID" value="#session.cfid#" httpOnly="true" );
cookie( name="CFTOKEN" value="#session.cftoken#" httpOnly="true" );
When I run these I do a empty cache hard reload in Chrome. When the page reloads I should see the Resources Cookies HTTPOnly column show check boxes.
I'm probably exhausted and could have hit the right combo of things above and I got a false positive on failure from jumping around too much. Sometimes cached things get the best of me.
I have the CFML container style that works but my Application.cfc is all script style and I want to keep it that way...So how do I do this script style in Coldfusion 9?
Update for my fix:
I used the getPageContex() below, but it didn't work as it was. Also onSessionStart() event handler changed to create the session.CFID and session.CFTOKEN with the CreateUUID() which is also new in my Application.cfc file. So for posterity here is what that block of code looks like.
function onSessionStart(){
getPageContext().getResponse().addHeader("Set-Cookie", "CFID=#session.CFID#;path=/;HTTPOnly");
getPageContext().getResponse().addHeader("Set-Cookie", "CFTOKEN=#session.CFTOKEN#;path=/;HTTPOnly");
}
Another Note: For some reason if the session is cleared and the onsessionstart() handler is requested this set cookie stuff above will fail. There has to be a try catch block or exception handling of some sort added to account for a reload problem. The best thing is to upgrade to a patched up release of Coldfusion 10 (or soon to be released CF 11).
You can use the PageContext object to set cookies in cfscript:
getPageContext().getResponse().addHeader("Set-Cookie", "CFID=#session.CFID#;path=/;HTTPOnly");
getPageContext().getResponse().addHeader("Set-Cookie", "CFTOKEN=#session.CFTOKEN#;path=/;HTTPOnly");
For session cookies, there's an easier way.
Enabling server-wide HttpOnly session cookies
The ColdFusion 9.0.1 update added a server-wide setting to add the
httponly attribute to all session cookies created by ColdFusion (such
as the CFID and CFTOKEN cookies, or the JSESSIONID cookie on JRun). To
enable this setting, if you are running a JRun J2EE installation or
multi-server installation, you must edit jvm.config, otherwise you can
enable this setting from the CF Administrator. If you are running a
J2EE server other than JRun consult your documentation for an
appropriate setting. J2EE servers that support the Servlet 3.0
specification can specify
true
in the /WEB-INF/web.xml file.
http://www.adobe.com/devnet/coldfusion/articles/coldfusion-securing-apps.html
You can use this code in your application.cfc inside of the onsessionstart function.
<cfcookie name="CFID" value="#session.cfid#" httponly="true">
<cfcookie name="CFTOKEN" value="#session.cftoken#" httponly="true">
There is no way of setting this inside of cfscripts. cfcookie is not supported in script form in cf9. There are flags in the application settings added to CF10 to address this issue, however, CF11 will have full support for it inside of scripts. Unfortunately, I think you will have to forego the uniform code for functionality. Unless you have access to your CFIDE/Administrator. You can add a java argument to turn it on server wide. Add this to your JVM config
-Dcoldfusion.sessioncookie.httponly=true
All of this is detailed here http://www.petefreitag.com/item/764.cfm
I am currently running Coldfusion 8,0,1,195765 on a Windows 2003 SP 2 server over IIS 6.0.
I needed to change one of the Mail Server Settings in the ColdFusion Administrator, but when I clicked Submit Changes, the page appeared to refresh, and the field was reverted.
I made a change to another page to make sure that changes could be made, and sure enough, the change was applied.
There are no errors shown - everything looks normal, aside from the change.
I was able to make my changes programatically, using mail.cfc, and my change did appear in CF Admin.
My concern is that mail functions have been corrupted or compromised - my primary request for the stackoverflow gurus is how can I restore my Mail Server Settings functionality?
My secondary request is How could this have happened?
Thank you for reading my question.
I am having a similar problem with debugging.
Regarding your first question... You can access the administrator api programatically. Here's how you can verify connection and verify what the current settings are:
<cfscript>
/* you must log in first */
adminObj = createObject("component","cfide.adminapi.administrator"); // this assumes default installation
adminObj.login("password"); // enter your cf admin password
mailServerObj = createObject("component","cfide.adminapi.mail");
value = mailServerObj.getMailServers();
</cfscript>
<cfdump var="#value#">
Value is an array of your current mail server settings.
To make a change change the last part of your script to:
mailServerObj = createObject("component","cfide.adminapi.mail");
mailServerObj.setMailServers(
"yourMailServer",
portNumber,
username="yourUsername",
password="yourPassword",
priority="yourServerPriority");
value = mailServerObj.getMailServers();
The only required value is the entry for yourMailServer. Also, the optional value, portNumber, must be numeric.
Check out http://livedocs.adobe.com/coldfusion/8/htmldocs/help.html?content=basiconfig_37.html for the Adobe documentation for using the Administrator API.
You can also see a complete listing of the Administrator API CFC and their respective functions, check out http://www.cfexecute.com/admin-api-documentation/