Use https:// as default jboss web server scheme - web-services

Current jBoss configuration makes web services available both on HTTP (port 7001) and HTTPS(port 7002), wsdl contains soap:address
location="http://localhost:7001/my/web/service/url/".
What I want is to force it to show
location="httpS://localhost:7002/my/web/service/url/".
Here are some key parts of standalone.xml:
<connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http" redirect-port="7002"/>
<connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" enable-lookups="false" secure="true">
<ssl name="ssl" key-alias="softclub.mobile.banking" password="rmi+ssl" certificate-key-file="../standalone/configuration/jboss.keystore" protocol="TLSv1" verify-client="false"/>
</connector>
<subsystem xmlns="urn:jboss:domain:webservices:1.2">
<modify-wsdl-address>true</modify-wsdl-address>
<wsdl-host>${jboss.bind.address:127.0.0.1}</wsdl-host>
...
</subsystem>
<socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
...
<socket-binding name="http" port="7001"/>
<socket-binding name="https" port="7002"/>
....
</socket-binding-group>
Is it possible?

Related

Powershell regex for replacing text between two strings

I am trying to use a powershell script to change the password between two strings, I am running into two issues.
A complex password seems to break my regex, If I use something as simple as "TestPassword" the regex does what I expect. However using a more complex password "6QAfD5PmMhWzUxTq1FO1bGJQQXRXu6tizN29h6MRUSI=" it breaks and results in
SSLEnabled="true" keystoreFile="C:\cert.pfx" $16QAfD5PmMhWzUxTq1FO1bGJQQXRXu6tizN29h6MRUSI=" keystoreType="PKCS12"/>
instead of
SSLEnabled="true" keystoreFile="C:\cert.pfx" keystorePass="6QAfD5PmMhWzUxTq1FO1bGJQQXRXu6tizN29h6MRUSI=" keystoreType="PKCS12"/>
I want to be less specific for the second match grouo, for example at the moment I must specify '" keystoreType' but I would prefer to be less specific and only specify the ending quote. This way if I change the position of the keystoreType parameter in the future I don't have to worry about changing the regex to suit.
Bellow is my powershell as it stands:
#Set new password in server.xml
$pass='6QAfD5PmMhWzUxTq1FO1bGJQQXRXu6tizN29h6MRUSI='
$server_xml=".\server.xml"
(Get-Content $server_xml) -replace '(keystorePass=")(.*)(" keystoreType)',('$1{0}$3' -f "$pass") | Set-Content $server_xml
Bellow is an extract from my xml:
<Connector port="443" relaxedPathChars="[]|" relaxedQueryChars="[]|{}^\`"<>"
maxThreads="150" minSpareThreads="25" connectionTimeout="20000" enableLookups="false"
maxHttpHeaderSize="8192" protocol="HTTP/1.1" useBodyEncodingForURI="true" redirectPort="8443"
acceptCount="100" disableUploadTimeout="true" bindOnInit="false" secure="true" scheme="https"
proxyName="test.example.com" proxyPort="443"
SSLEnabled="true" keystoreFile="C:\cert.pfx" keystorePass="123abc" keystoreType="PKCS12"/>
Parse
As pointed out by #the four bird and #codextor in the comments; peeking and poking directly into a serialized string (e.g. XML) using string methods (like -Replace) is a bad idea. Instead you should use the related parser for searching and replacing which has an easier syntax, takes care of both your issues and other pitfalls (e.g. double quotes $pass='Test"123').
Security
There is even a protentional security risk by ignoring the related parsers as a user (which is assumed only allowed to supply a password) could inject a new property in your xml (connector) by supplying a password like:
$pass = 'MyPass" maxParameterCount="0'
Examples
$Xml = [Xml]'<Connector port="443" relaxedPathChars="[]|" relaxedQueryChars="[]|{}^\`"<>" maxThreads="150" minSpareThreads="25" connectionTimeout="20000" enableLookups="false" maxHttpHeaderSize="8192" protocol="HTTP/1.1" useBodyEncodingForURI="true" redirectPort="8443" acceptCount="100" disableUploadTimeout="true" bindOnInit="false" secure="true" scheme="https" proxyName="test.example.com" proxyPort="443" SSLEnabled="true" keystoreFile="C:\cert.pfx" keystorePass="123abc" keystoreType="PKCS12"/>'
$Xml.Connector.keystorePass = '6QAfD5PmMhWzUxTq1FO1bGJQQXRXu6tizN29h6MRUSI='
$Xml.Connector
port : 443
relaxedPathChars : []|
relaxedQueryChars : []|{}^\`"<>
maxThreads : 150
minSpareThreads : 25
connectionTimeout : 20000
enableLookups : false
maxHttpHeaderSize : 8192
protocol : HTTP/1.1
useBodyEncodingForURI : true
redirectPort : 8443
acceptCount : 100
disableUploadTimeout : true
bindOnInit : false
secure : true
scheme : https
proxyName : test.example.com
proxyPort : 443
SSLEnabled : true
keystoreFile : C:\cert.pfx
keystorePass : 6QAfD5PmMhWzUxTq1FO1bGJQQXRXu6tizN29h6MRUSI=
keystoreType : PKCS12
$Xml.OuterXml
<Connector port="443" relaxedPathChars="[]|" relaxedQueryChars="[]|{}^\`"<>" maxThreads="150" minSpareThreads="25" connectionTimeout="20000" enableLookups="false" maxHttpHeaderSize="8192" protocol="HTTP/1.1" useBodyEncodingForURI="true" redirectPort="8443" acceptCount="100" disableUploadTimeout="true" bindOnInit="false" secure="true" scheme="https" proxyName="test.example.com" proxyPort="443" SSLEnabled="true" keystoreFile="C:\cert.pfx" keystorePass="6QAfD5PmMhWzUxTq1FO1bGJQQXRXu6tizN29h6MRUSI=" keystoreType="PKCS12" />
Addendum
(based on the additional info in the comments)
If there are more connectors in your xml, as e.g.:
$Xml = [Xml]'
<Connectors>
<Connector
port="80"
keystorePass="Pass1" />
<Connector
port="443"
keystorePass="Pass2" />
</Connectors>'
You might address the connectors like:
$Xml.Connectors.Connector[0].keystorePass = 'Pass80'
$Xml.Connectors.Connector.Where{ $_.port -eq '443' }.SetAttribute('keystorePass', 'Pass443')
$Xml.OuterXml
<Connectors><Connector port="80" keystorePass="Pass80" /><Connector port="443" keystorePass="Pass443" /></Connectors>
This person had a similar issue that I was able to use the regex in my code:
Hide passwords in string
I ended up with the following:
#Set new password in server.xml
$pass='6QAfD5PmMhWzUxTq1FO1bGJQQXRXu6tizN29h6MRUSI='
$server_xml=".\server.xml"
(Get-Content $server_xml) -replace '(?:(?<=keystorePass=")\S+(?="))',("$pass") | Set-Content $server_xml

Parameterized logging from Jboss to AWS cloud Watch

I have an application on spring boot which is running on JBoss EAP 7.2 server and the application is deployed as a WAR file, all my applications logs are getting to the server.log and when I check the cloud watch logs its just printing the STDOUT's and not the one which is parameterized (log.debug or log.info). My application server is in the ECS container and I am really missing out on the connection between the Jboss server.log to AWS. Can someone help me out with this All my parameterized logs (log.debug) must be printed in the AWS cloud watch? Are there any third-party tools or there are configs changes which are needed to be made?
This is how my logging Subsystem looks like <subsystem xmlns="urn:jboss:domain:logging:6.0">
<console-handler name="CONSOLE">
<level name="INFO"/>
<formatter>
<named-formatter name="COLOR-PATTERN"/>
</formatter>
</console-handler>
<periodic-rotating-file-handler name="FILE" autoflush="true">
<formatter>
<named-formatter name="PATTERN"/>
</formatter>
<file relative-to="jboss.server.log.dir" path="server.log"/>
<suffix value=".yyyy-MM-dd"/>
<append value="true"/>
</periodic-rotating-file-handler>
<logger category="com.arjuna">
<level name="WARN"/>
</logger>
<logger category="org.jboss.as.config">
<level name="DEBUG"/>
</logger>
<logger category="sun.rmi">
<level name="WARN"/>
</logger>
<root-logger>
<level name="INFO"/>
<handlers>
<handler name="CONSOLE"/>
<handler name="FILE"/>
</handlers>
</root-logger>
<formatter name="PATTERN">
<pattern-formatter pattern="%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n"/>
</formatter>
<formatter name="COLOR-PATTERN">
<pattern-formatter pattern="%K{level}%d{HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n"/>
</formatter>
</subsystem>

Config ELB with ESB . Cannot call worker via ELB's proxyport?

I'm trying to setting up ELB and ESB follow website : Setting Cluster WSO2
When ELB and two Node ESB (Manager and Worker is sample node)
Firewall is turnoff
I use mysql to store DB . All config in register.xml and datasource is true.
This is host file (In each WSO2 (ELB+2ESB)) :
192.168.85.134 server1.elb1.wso2.com
192.168.85.134 elb1.wso2.com
192.168.85.133 elb2.wso2.com
192.168.85.133 server2.elb2.wso2.com
192.168.85.132 mgt.esb.wso2.com
192.168.85.132 server3.mgt.esb.wso2.com
192.168.85.131 worker.esb.wso2.com
192.168.85.131 server4.worker.esb.wso2.com
ELB Config :
- carbon.xml : <Offset>0</Offset>
- loadbalancer.conf :
# ESB CONFIGURE
esb {
domains{
wso2.esb.com {
tenant_range *;
group_mgt_port 4500;
mgt {
hosts server3.mgt.esb.wso2.com;
}
worker {
hosts server4.worker.esb.wso2.com;
}
}
ESB Manager Config :
- carbon.xml : <Offset>1</Offset>
- axis2.xml :
<parameter name="domain">wso2.esb.com</parameter>
<parameter name="localMemberHost">server3.mgt.esb.wso2.com</parameter>
<parameter name="localMemberPort">4100</parameter>
<property name="subDomain" value="mgt"/>
<members>
<member>
<hostName>server1.elb1.wso2.com</hostName>
<port>4500</port>
</member>
</members>
<transportReceiver name="http" class="org.apache.synapse.transport.passthru.PassThroughHttpListener">
<parameter name="port" locked="false">8280</parameter>
<parameter name="non-blocking" locked="false">true</parameter>
<!--parameter name="bind-address" locked="false">hostname or IP address</parameter-->
<parameter name="WSDLEPRPrefix" locked="false">http://server4.worker.esb.wso2.com:8280</parameter>
<parameter name="httpGetProcessor" locked="false">org.wso2.carbon.transport.nhttp.api.PassThroughNHttpGetProcessor</parameter>
<!--<parameter name="priorityConfigFile" locked="false">location of priority configuration file</parameter>-->
</transportReceiver>
<transportReceiver name="https" class="org.apache.synapse.transport.passthru.PassThroughHttpSSLListener">
<parameter name="port" locked="false">8243</parameter>
<parameter name="non-blocking" locked="false">true</parameter>
<!--parameter name="bind-address" locked="false">hostname or IP address</parameter-->
<parameter name="WSDLEPRPrefix" locked="false">https://server4.worker.esb.wso2.com:8243</parameter>
<parameter name="httpGetProcessor" locked="false">org.wso2.carbon.transport.nhttp.api.PassThroughNHttpGetProcessor</parameter>
ESB Worker Node
- carbon.xml : <Offset>2</Offset>
- catalina-server.xml :
<Connector protocol="org.apache.coyote.http11.Http11NioProtocol"
port="9763"
proxyPort="8280"
redirectPort="9443"
bindOnInit="false"
maxHttpHeaderSize="8192"
acceptorThreadCount="2"
maxThreads="250"
minSpareThreads="50"
disableUploadTimeout="false"
connectionUploadTimeout="120000"
maxKeepAliveRequests="200"
acceptCount="200"
server="WSO2 Carbon Server"
compression="on"
compressionMinSize="2048"
noCompressionUserAgents="gozilla, traviata"
compressableMimeType="text/html,text/javascript,application/x-javascript,application/javascript,application/xml,text/css,application/xslt+xml,text/xsl,image/gif,image/jpg,image/jpeg"
URIEncoding="UTF-8"/>
<!--
optional attributes:
proxyPort="443"
-->
<Connector protocol="org.apache.coyote.http11.Http11NioProtocol"
port="9443"
proxyPort="8280"
bindOnInit="false"
sslProtocol="TLS"
maxHttpHeaderSize="8192"
acceptorThreadCount="2"
maxThreads="250"
minSpareThreads="50"
disableUploadTimeout="false"
enableLookups="false"
connectionUploadTimeout="120000"
maxKeepAliveRequests="200"
acceptCount="200"
server="WSO2 Carbon Server"
clientAuth="false"
compression="on"
scheme="https"
secure="true"
SSLEnabled="true"
compressionMinSize="2048"
noCompressionUserAgents="gozilla, traviata"
compressableMimeType="text/html,text/javascript,application/x-javascript,application/javascript,application/xml,text/css,application/xslt+xml,text/xsl,image/gif,image/jpg,image/jpeg"
URIEncoding="UTF-8"/>
- axis2.xml :
<property name="port.mapping.8280" value="9765"/>
<property name="port.mapping.8243" value="9445"/>
<property name="subDomain" value="worker"/>
<members>
<member>
<hostName>mgt.esb.wso2.com</hostName>
<port>4100</port>
</member>
<member>
<hostName>elb1.esb.wso2.com</hostName>
<port>4500</port>
</member>
</members>
<parameter name="localMemberHost">worker.esb.wso2.com</parameter>
<parameter name="localMemberPort">4200</parameter>
<parameter name="domain">wso2.esb.com</parameter>
Cluster joined OK . But when I try to call http://server4.worker.esb.wso2.com:8280/services/Versionand
when I call http://server4.worker.esb.wso2.com:8282/services/Version, of course, I don't understand why ELB cannot direct ESB worker via proxyport 8280 or 8243 :/ (or 80 / 443)
What's wrong ?
The WSO2 Elastic Load Balancer has been discontinued. You can download NGinx - the load balancer by NGinx - for which we provide support.
In addition to that for more information on Creating WSO2 ESB Cluster with Nginx LB you can visit this link

Changing soap:address location in generated wsdl to https on tomcat 6 axis2(1.6.2)

To start, I am using eclipse, with Axis2 1.6.2 and I am deploying my created web service on tomcat 6. The web service is created from a top down approach in eclipse.
I've been requested to make the access to my web service SSL compatible.
No problems occured there, I followed the url "http://axis.apache.org/axis2/java/core/docs/servlet-transport.html" which led me to modifying the axis2.xml to include:
<transportReceiver name="http" class="org.apache.axis2.transport.http.AxisServletListener">
<parameter name="port">8080</parameter>
</transportReceiver>
<transportReceiver name="https" class="org.apache.axis2.transport.http.AxisServletListener">
<parameter name="port">8443</parameter>
</transportReceiver>
And removing:
<transportReceiver name="http"
class="org.apache.axis2.transport.http.SimpleHTTPServer">
<parameter name="port">8080</parameter>
<!-- Here is the complete list of supported parameters (see example settings further below):
port: the port to listen on (default 6060)
hostname: if non-null, url prefix used in reply-to endpoint references (default null)
originServer: value of http Server header in outgoing messages (default "Simple-Server/1.1")
requestTimeout: value in millis of time that requests can wait for data (default 20000)
requestTcpNoDelay: true to maximize performance and minimize latency (default true)
false to minimize bandwidth consumption by combining segments
requestCoreThreadPoolSize: number of threads available for request processing (unless queue fills up) (default 25)
requestMaxThreadPoolSize: number of threads available for request processing if queue fills up (default 150)
note that default queue never fills up: see HttpFactory
threadKeepAliveTime: time to keep threads in excess of core size alive while inactive (default 180)
note that no such threads can exist with default unbounded request queue
threadKeepAliveTimeUnit: TimeUnit of value in threadKeepAliveTime (default SECONDS) (default SECONDS)
-->
<!-- <parameter name="hostname">http://www.myApp.com/ws</parameter> -->
<!-- <parameter name="originServer">My-Server/1.1</parameter> -->
<!-- <parameter name="requestTimeout">10000</parameter> -->
<!-- <parameter name="requestTcpNoDelay">false</parameter> -->
<!-- <parameter name="requestCoreThreadPoolSize">50</parameter> -->
<!-- <parameter name="requestMaxThreadPoolSize">100</parameter> -->
<!-- <parameter name="threadKeepAliveTime">240000</parameter> -->
<!-- <parameter name="threadKeepAliveTimeUnit">MILLISECONDS</parameter> -->
</transportReceiver>
I also have to modify the web.xml in the web config to include:
<security-constraint>
<web-resource-collection>
<web-resource-name>HTTPSOnly</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
It's going perfectly well, I can only access the application using https:
"https://myUrl:8443/IVRCoreWebService/services/CardManager?wsdl"
The problem here goes in the description file opened in the URL:
<service name="CardManager">
<port name="CardManagerPort" binding="tns:CardManagerBinding">
<soap:address location="http://`myUrl`:8080/IVRCoreWebService/services/CardManager/"/>
</port>
</service>
How can I change the auto generated URL by Axis2 to the https location, I would like my url to be the following:
<service name="CardManager">
<port name="CardManagerPort" binding="tns:CardManagerBinding">
<soap:address location="https://`myUrl`:8443/IVRCoreWebService/services/CardManager/"/>
</port>
</service>
If I modify the port in <transportReceiver name="http"> (See above) to for example 8050, the soap:address location will in turn change 8050, so my guess is that when the wsdl is being generated, it is referencing the <transportReceiver name="http" >, any idea how I can make it reference the <transportReceiver name="https" > ?
I checked this thread https://stackoverflow.com/a/10072185/861760 which is telling me to add a <transports><transport>https</transport></transports> in service.xml (I found services.xml instead), when I added this code segment, It gave me a new error:
org.apache.axis2.AxisFault: Server does not have an epr for the wsdl epr==>http://www.example.com
org.apache.axis2.description.AxisService.getLocationURI(AxisService.java:1615)
org.apache.axis2.description.AxisService.setPortAddress(AxisService.java:1498)
org.apache.axis2.description.AxisService.printDefinitionObject(AxisService.java:1078)
org.apache.axis2.description.AxisService.printUserWSDL(AxisService.java:1112)
org.apache.axis2.description.AxisService.printWSDL(AxisService.java:1386)
org.apache.axis2.transport.http.ListingAgent.handleWSDLRequest(ListingAgent.java:327)
org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:183)
org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:260)
javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
Thank you for the help,
Regards.
I'm not sure you asked this, but I see that
address location = (domain + port) / (file name of .WAR) /services/ (name of wsdl:binding )

Default document not being processed when not included in URL

Running ColdFusion 9,0,1,274733 on JRun (J2EE install), Windows Server 2008 R2, Java 1.6.0_22
Has anyone else had a problem getting the default document, index.cfm, to work with ColdFusion? I'm assuming that this is only an issue because of our setup; different web server (IIS) and application server (ColdFusion). I can't imagine we are the only ones running this configuration. Are we?
So here is the issue.
If we request http://mysite.com/index.cfm it works.
If we request http://mysite.com/ it does not work and we get a 404.
I checked the web connector's log file on our IIS server and can see that it is sending the request to our ColdFusion server. The ColdFusion server is sending back the 404 error code but I can't figure out why. We have the default document set on our IIS server for index.cfm. We also have the <welcome-file-list> set to include index.cfm on our application server (web.xml).
From our web connector's log when we do NOT include index.cfm:
2012-11-01 13:37:22 jrISAPI[4544:3600] ***HttpExtensionProc for JRun ISAPI Extension: uri is "/test/"
2012-11-01 13:37:22 jrISAPI[4544:3600] HTTP_HOST: servername
2012-11-01 13:37:22 jrISAPI[4544:3600] filtering /test/ (/test/) HOST=servername
2012-11-01 13:37:22 jrISAPI[4544:3600] filterRequest: no match
2012-11-01 13:37:22 jrISAPI[4544:3600] ExecUrl: request received: URL=/test/
2012-11-01 13:37:22 jrISAPI[4544:3600] ExecUrl Completion: 404, ErrorCode=2, URL=/test/.
From our web connector's log when we do include index.cfm:
2012-11-01 13:49:02 jrISAPI[9936:3600] ***HttpExtensionProc for JRun ISAPI Extension: uri is "/test/index.cfm"
2012-11-01 13:49:02 jrISAPI[9936:3600] HTTP_HOST: servername
2012-11-01 13:49:02 jrISAPI[9936:3600] filtering /test/index.cfm (/test/index.cfm) HOST=servername
2012-11-01 13:49:02 jrISAPI[9936:3600] filterRequest: matched *.cfm
2012-11-01 13:49:02 jrISAPI[9936:3600] ***IISWorkerThreadProc for JRun ISAPI Extension: uri is "/test/index.cfm"
2012-11-01 13:49:02 jrISAPI[9936:3600] ALL_RAW: Connection: Keep-Alive
Accept: image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/x-shockwave-flash, application (553)
2012-11-01 13:49:02 jrISAPI[9936:3600] Headers and Values:
... and much more ...
We have gotten around this issue by using the URL Rewrite module in IIS to append index.cfm to the URL. It works but my gut keeps telling me that we should not need to do that for such basic functionality.
Is anyone else having this issue? How have you gotten around this?
EDIT adding some more info
Here is my site's web.config file contents from the IIS server:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<handlers>
<add name="JWildCardHandler" path="*" verb="*" modules="IsapiModule" scriptProcessor="D:\JRun4\lib\wsconfig\1\jrun_iis6_wildcard.dll" resourceType="Unspecified" requireAccess="None" />
<add name="hbmxmlHandler" path="*.hbmxml" verb="*" modules="IsapiModule" scriptProcessor="D:\JRun4\lib\wsconfig\jrun_iis6.dll" resourceType="Either" responseBufferLimit="0" />
<add name="cfswfHandler" path="*.cfswf" verb="*" modules="IsapiModule" scriptProcessor="D:\JRun4\lib\wsconfig\jrun_iis6.dll" resourceType="Either" responseBufferLimit="0" />
<add name="cfrHandler" path="*.cfr" verb="*" modules="IsapiModule" scriptProcessor="D:\JRun4\lib\wsconfig\jrun_iis6.dll" resourceType="Either" responseBufferLimit="0" />
<add name="cfcHandler" path="*.cfc" verb="*" modules="IsapiModule" scriptProcessor="D:\JRun4\lib\wsconfig\jrun_iis6.dll" resourceType="Either" responseBufferLimit="0" />
<add name="cfmlHandler" path="*.cfml" verb="*" modules="IsapiModule" scriptProcessor="D:\JRun4\lib\wsconfig\jrun_iis6.dll" resourceType="Either" responseBufferLimit="0" />
<add name="cfmHandler" path="*.cfm" verb="*" modules="IsapiModule" scriptProcessor="D:\JRun4\lib\wsconfig\jrun_iis6.dll" resourceType="Either" responseBufferLimit="0" />
<add name="jwsHandler" path="*.jws" verb="*" modules="IsapiModule" scriptProcessor="D:\JRun4\lib\wsconfig\jrun_iis6.dll" resourceType="Either" responseBufferLimit="0" />
<add name="jspHandler" path="*.jsp" verb="*" modules="IsapiModule" scriptProcessor="D:\JRun4\lib\wsconfig\jrun_iis6.dll" resourceType="Either" responseBufferLimit="0" />
</handlers>
<defaultDocument>
<files>
<add value="index.cfm" />
</files>
</defaultDocument>
<staticContent>
<mimeMap fileExtension=".air" mimeType="application/vnd.adobe.air-application-installer-package zip" />
</staticContent>
</system.webServer>
</configuration>
Here is some of the file contents from the APP server web.xml:
<welcome-file-list id="WelcomeFileList_1034546870672">
<welcome-file>index.cfm</welcome-file>
<welcome-file>index.html</welcome-file>
<welcome-file>index.htm</welcome-file>
</welcome-file-list>
Within IIS Manager try adding a default document of "index.cfm" for your website.
I also posted this question on the Adobe forums and it has gained more traction over there. You can read all of the details here.
It seems like the main issue I was having is that IIS was not passing '/index.cfm' to the web connector once it had determined that ColdFusion had no mapping for '/'. This began working after I created a blank (empty) index.cfm file on the web server. I do not recall having to place the CFM files on the web server when using distributed mode in the past. Can anyone confirm or deny that the CFM files need to reside on both servers for this to work (without using rewrite rules anyway)?
I'm a bit late to the party on this one, but I've been working on a system where I need to switch between CF8 & CF10 on the same dev server pretty frequently so I've been working on a batch file to run wsconfig to save myself some effort and I ran into the same issue. CF working fine but never processing index.cfm for / - as above, all the mappings appeared to be set up correctly.
I found that wsconfig works much more reliably if you add each site my name rather than using "-site 0"
So, for example, to manually remove and reinstall the connectors for two sites running on IIS
set CFUSION_HOME=C:\ColdFusion10\cfusion
%CFUSION_HOME%\runtime\bin\wsconfig -uninstall
net start "ColdFusion 10 Application Server"
%CFUSION_HOME%\runtime\bin\wsconfig -ws IIS -site "Default Web Site"
%CFUSION_HOME%\runtime\bin\wsconfig -ws IIS -site "My Website Name"
I had the same problem after upgrading CF from 2016 to 2018 / 2021. The solution is this: open IIS Manager and go to Handler Mappings. Here, search for cfcHandler, cfmHandler, cfmlHandler entries and right click, edit them and you will probably see something like this: C:\ColdFusion2021\config\wsconfig\1\isapi_redirect.dll
Make sure the path is updated to the current version of the ColdFusion server. In my case it was still trying to access ColdFusion2016 folder even if I updated to 2021.
This solved the problem for me.