However, on stage, I’ve got the admin locked down with:
<Location ~ “/(lucee|railo-context)”>
Order deny,allow
Deny from 10.17
I’ve seen posts about this, but haven’t seen solid fixes recommended.
What’s the “right” way to fix this? Apache directory alias? If so, what’s
the alias–specifically to allow (and preferably, only
) to work. Is there any other functionality that might be
broken on stage that I don’t know about yet? (I don’t have any other of
those goofy tags in play, so I don’t care about , or whatever.)
Thanks,
Jamie
P.S. This is a Mura app, but I don’t think that’s relevant, because it
works on dev, where the admin isn’t blocked.
However, on stage, I’ve got the admin locked down with:
<Location ~ “/(lucee|railo-context)”>
Order deny,allow
Deny from 10.17
I’ve seen posts about this, but haven’t seen solid fixes recommended.
What’s the “right” way to fix this? Apache directory alias? If so, what’s
the alias–specifically to allow (and preferably, only
) to work. Is there any other functionality that might be
broken on stage that I don’t know about yet? (I don’t have any other of
those goofy tags in play, so I don’t care about , or whatever.)
Thanks,
Jamie
P.S. This is a Mura app, but I don’t think that’s relevant, because it
works on dev, where the admin isn’t blocked.
@Miguel-F , if you have locked down the Lucee Admin with an webserver rule to block/lucee/, try locking down the admin with /lucee/admin/
I think that cfajax stuff comes from the mapped lucee directory, just like cfgraph does. Take a look at my answer in the following post, about cfgraph in IIS then you might see what may be causing your apache blocking that URL:
For now I have removed the /lucee block all together. It is still not working (getting a 404 error). It makes sense because /mapping-tag/ does not actually exist. But since it is baked into Lucee code it must work somehow. Right? Or is this not working for anyone?
I know that using these helper tags is old-school but I’m trying to get this old code working if I can to not delay things too long.
Yes, I do have the extension installed. I am using the ‘fat’ jar file when upgrading so my understanding is that it includes everything (because these servers do not have access to internet for downloading packages).
@andreas good post over on stackoverlfow. lots of good information. my lucee install does have those mappings that you mentioned in that post. so no additional mappings are required for this it seems.
I did get rid of the 404 error when I create a virtual directory to the tag folder in IIS. I just don’t know if this is the correct way to make these things work. If this is necessary or not.
Yes I did do that. It tells me the request is being blocked by the request filtering module. Which is/was correct. Remember, I removed that block to get passed that error. The request filtering is no longer blocking this (until I figure out what is needed and then I will apply an appropriate filter to keep other things safe)
I think the other issue that may be in play here is that I have moved the WEB-INF folder out of the web root. So none of those files are web accessible. Which is why I think I might need a virtual directory on my web server.
The problem is that my web server (IIS) is blocking the request to mapping-tag because it does not physically exist on the server. I also got this to work without the virtual directory in IIS by adding a blank file in the request location under the web root. This allows IIS to see the file and think it is there so it goes ahead and passes it through to Lucee.
I like this approach better just because it allows me to be more granular in the security settings that I can use for it. i.e. I can still block /lucee every where else.
Thanks for looking into this @andreas You are always very helpful. I think I have figured out the issue and I do think it is specific to my setup. We have an IIS rewrite rule (for Mura) that forces IIS to check for the file’s existence before proceeding any further. If the file/folder does not exist then IIS throws a 404 error. All I needed to do was create the missing directory structure \mapping-tag\lucee\core\ajax in the web root and then place an empty file there JSLoader.js so that IIS would see the file and then pass the request through to lucee for processing. (or I could have created a virtual directory in IIS that points to the actual folder/file location on the server and that works too. I just don’t like this approach because it exposes more resources than I would like).
I think I am good now on this. It just came down to my lack of understanding how lucee works. I will keep learning as I work with it more.
It’s more than a pleasure. I love helping others and I really want others to get to know Lucee fast. CFML is just sooo powerful and I want other coders to see how modern CFML can be with OOP. I’ve learnt most of Lucee Stuff from this community here, PullRequesting to Lucee source and enhancing the docs. The past 3 years have been the most productive in my life due to this wonderful community.
Good to know you were able to find the issue! Really glad you got it working. You are learning Lucee stuff so fast!!!
By the way, thanks for voting up my StackOverflow cfgraph post
