In order to allows ColdFusion showing its errors instead of just server error (code 500), I have added to web.config according to some findings in this site.
The problem looks resolved but...
When I visit a non-existed directory in the IIS, it returned a "blank" page without any status code. If I set it from passthrough back to auto, the IIS takes the error page again and no more ColdFusion errors showed.
Anyone has a solution? I did some research and "suspect" that the JWildcardhandler maybe the problem, but I couldn't find a solution to this.
Much appreciated!
In case anyone is wondering this person's web config probably looks like this:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<httpErrors existingResponse="PassThrough" />
...
</system.webServer>
</configuration>
In earlier version of IIS, if your custom script returned an error code, IIS ignored it and let it through. But you could also set it up to handle error status with custom scripts.
On my old server, if a given URL was a 404, IIS was set up to execut /404.cfm, which displayed an error page and returned a 404 status code using <cfheader>.
However, now if that script returns a 404 status code, the end result is IIS returns a server error rather than return the response with the 404 status code.
The only way to avoid that is by using existingResponse="PassThrough" and then using a site-wide "Template Not Found" template, set in CFAdmin.
Here's the interesting part. I have index.cfm set up as the default index, and the only default index, for my site.
If I go to /about/, and /about/index.cfm exists, then it renders the page, as if I had asked it for /about/index.cfm.
And if I go to /about/index.cfm and /about/index.cfm does not exist, it executes the site-wide 404 template.
But if I go to /about/ and /about/ does not exist as an URL, it does not attempt to load /about/index.cfm and thus trigger the site-wide 404 template. Instead, it renders a blank page!
As far as I can tell, there is no workable solution to this problem. It looks like only people writing in .Net can resolve this issue, as they can put a flag in the Response that they generate that literally tells IIS "Ignore the status code". I think that Microsoft simply isn't interested in supporting alternate web application.
Basically, this is the solution:
get rid of existingResponse="PassThrough" and return the wrong status codes.
Anything else is going to be too hard to implement. Note that this does not work if you are making a RESTful app or API. In which case, you must create a virtual directory just for that, for which you can assign a custom web.config file which does use existingResponse="PassThrough". But if you need to be able to allow custom error handling and custom 404 handling, you are effectively screwed.
The good news is, apart from API and Ajax, the only other time someone will care about what the status code actually is will be when they're looking at your headers anyway, in which case they will see you're running IIS and just feel sorry for you.
Keeping the passthrough in place, you could use a rewrite to handle the blank page:
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /404.cfm [NC,L,NS]
The rewrite basically means - if file and directory do not exist, redirect to "404.cfm. Also include a 404 cfheader on the 404.cfm page.
Related
Prestashop 1.7.5.1. Enabling webservice according to the official tutorial. Stuck here: https://devdocs.prestashop.com/1.7/webservice/tutorials/testing-access/#browser-prompt
Browser keeps asking to enter the key indefinitely:
As you may see, there are 2 notices on the back office: "Check that URL rewriting is available on this server" and "Check that the five methods GET, POST, PUT, DELETE, and HEAD are supported by this server". Could the problem be with that?
I see there's written: "URL rewriting (mod_rewrite) is not active on your server, or it is not possible to check your server configuration". But "YES" is on. So I don't know if it concerns the subject:
By tutorial, "if no permission has been set for the key, then the browser will keep asking you to enter the key indefinitely".
But the key configuration has sufficient permissions:
Any reason why the Webservice testing doesn't work?
This could be related to webserver settings - Try adding those two lines to your .htaccess in Prestashop root :
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule ^(.*) - [E=HTTP_AUTHORIZATION:%1]
If this does not work, you can also pass the webservice API key as ws_key GET parameter in your request (lot less secure though).
I have tried debugging this with various regex testers on the web but they all seem to indicate that the syntax is correct, not to mention, this expression worked when I was using it in a web.config file.
However, I am currently in the process of moving my web application over to a new Linux Server, and apparently, my .htaccess returns a 500 Internal Server Error when this particular rewrite is enabled:
# Set the General Page Rewrite
RewriteRule ^([^(?!_)\/]+)\/?([^(?!_)\/]+)?\/?([^\/]+)?\/?$ $1.php?request=$2&id=$3& [NC,QSA,L]
Can anyone see where the regex is failing?
Update
This is the error in my log:
Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace
When I try to access a page that is not found, Coldfusion 10 provides this error page instead of redirecting to our 404 Page Not Found page. How can I get Coldfusion to redirect to our Page Not Found page instead of providing this error message?
At he point at which the error is thrown the web server is not actually in control of the request. It is waiting for CF to "hand back" the request as string buffer - content to serve.
That means there is an additional step in CF to handle missing templates. You can set (as Adam has said) the missing template handler in the CF admin - or if you are using an Application.cfc you can use the function onMissingTemplate() to do whatever you think is appropriate for a missing cfm page.
Since the request was made for a .cfm page Coldfusion is expected to handle the request, since the file is not found then Coldfusion triggers the standard 404 error. You can do 1 of 2 things:
Set up a 404 template on the Coldfusion administrator, as Mark A Kruger suggested.
Set up the Application.cfc to handle the request by using the onMissingTemplate() function. Here is more documentation on that: http://bit.ly/17k4Ry8
NOTE: You can set up your onMissingTemplate() function to redirect to the actual 404 template, since it sounds like you already have one. This would be considered a Soft 404 to the crawlers.
Good Luck!
Thanks -Al
I run a small webapp for a couple of departments at work, which is very low traffic and doesn't have that many users. It's built on top of Django and uses apache as the web server.
I have things configured to email me when any errors occur which until yesterday was a great thing - there aren't many errors, but sometimes the users don't speak up when they encounter problems, so it allows me to stay on top of things.
Yesterday we had a new user, and I started getting tons of error emails. He had no idea that anything was wrong, so I figured it was something behind the scenes. When I looked at the logs, they are HTTP OPTIONS requests which are using the "Microsoft Data Access Internet Publishing Provider Protocol" and "Microsoft Office Protocol Discovery". I'd never heard of this until that point, but it appears to be some sort of MS web folders/webDAV thing.
One option is to figure out how he can turn that off and tell him to stop doing that, but I'd rather just cut the head off here and do something like have apache just not pass on those requests to Django Is there a way that this can be handled?
The rewrite option is good, the 'Apache Way' is probably more like:
<LimitExcept GET POST>
deny from all
</LimitExcept>
or...
<Limit OPTIONS>
deny from all
</Limit>
I found a solution used by a different framework and ported to Django. I place this at the top of any view that generate HTML with links to .XLS or .DOC files:
if request.method == 'OPTIONS':
response = HttpResponse()
response['Allow'] = 'GET, HEAD, POST'
return response
I like Apache solution better though... assuming it doesn't cause problems on the Windows side of things.
How about:
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^OPTION
RewriteRule .* - [F]
(With mod_rewrite enabled.)
I need to redirect my site from, say:
http://www.foo.com/index.cfm
to
http://www.foo.com
In this application, index.cfm is my default page (set in IIS). When I try a 301 redirect, I am getting a redirect loop error. The whole app is in ColdFusion. I am updating this setting in IIS on my index.cfm page. Please give some advice on this. Thanks in adv.
So in IIS your default page setup looks for index.cfm? I think you are getting the redirect loop because to the server http://www.foo.com/index.cfm is the same as http://www.foo.com.
It sounds like you are wanting to just hide the "index.cfm" from being displayed to the user?
In this case I don't think that trying to use a 301 redirect is the way to go.
You might want to take a look at IIS 7's URL rewrite feature, and look at Approach #3
Well I don't know coldfusion but you may condition the 301 header output just if the URL used to access the script index.cfm has any character extra on it (just if the request method is GET), this way you'll avoid infinite redirects. Here some pseudocode to explain myself:
if URL is not 'http://www.foo.com' and method is 'GET'
output header '301 http://www.foo.com/'