Dot in URL giving a 404

We have Lucee 5 running on Apache 2.4.6 & Centos 7.3. We are getting a 404
if there’s a dot in the SES URL.

For example

“GET /dir.cfm/MyName/ HTTP/1.1” works properly but “GET /dir.cfm/My.Name/
HTTP/1.1” doesn’t

The Tomcat logs show that its getting proxied correctly with the dot in the
URL.

Has anyone run into this before? Is it a security issue that’s preventing
it or do I need to adjust my proxy directives in Apache? Below are the
mod_proxy settings we have:

    ProxyPreserveHost On

    ProxyPassMatch ^/(.+\.cf[cm])(/.*)?$    http://127.0.0.1:8888/$1$2
    ProxyPassMatch ^/(.+\.cfchart)(/.*)?$   http://127.0.0.1:8888/$1$2
    ProxyPassMatch ^/(.+\.cfml)(/.*)?$      http://127.0.0.1:8888/$1$2

    ProxyPassReverse / http://127.0.0.1:8888/

Thanks!

Hi,

Is the 404 you’re getting a Tomcat 404 or an Apache 404? Can you copy and paste the catalina logs that show it being passed correctly? Knowing this will tell us where the mapping is failing, and hopefully show us where the correction needs to be made.–
Kind regards,
Jordan Michaels
Vivio Technologies

----- Original Message -----
From: @ziggy7290
To: “Lucee” lucee@googlegroups.com
Sent: Thursday, February 9, 2017 12:59:11 PM
Subject: [Lucee] Dot in URL giving a 404

We have Lucee 5 running on Apache 2.4.6 & Centos 7.3. We are getting a 404
if there’s a dot in the SES URL.

For example

“GET /dir.cfm/MyName/ HTTP/1.1” works properly but “GET /dir.cfm/My.Name/
HTTP/1.1” doesn’t

The Tomcat logs show that its getting proxied correctly with the dot in the
URL.

Has anyone run into this before? Is it a security issue that’s preventing
it or do I need to adjust my proxy directives in Apache? Below are the
mod_proxy settings we have:

    ProxyPreserveHost On

    ProxyPassMatch ^/(.+\.cf[cm])(/.*)?$    http://127.0.0.1:8888/$1$2
    ProxyPassMatch ^/(.+\.cfchart)(/.*)?$   http://127.0.0.1:8888/$1$2
    ProxyPassMatch ^/(.+\.cfml)(/.*)?$      http://127.0.0.1:8888/$1$2

    ProxyPassReverse / http://127.0.0.1:8888/

Thanks!


You received this message because you are subscribed to the Google Groups “Lucee” group.
To unsubscribe from this group and stop receiving emails from it, send an email to lucee+unsubscribe@googlegroups.com.
To post to this group, send email to lucee@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/lucee/27f6a514-6029-4db2-b43f-9e8689a414b9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Try changing the .+ in each regex to .+?

Otherwise, it’s possible the .+ is doing a greedy match, which matches
/dir.cfm/My. to the first part of the pattern, and then Name doesn’t match
cfm or cfc…

.+? Matches up to the first period in the URL instead of the last… which
might mean you’ll have problems with URLs like /My.Directory/dir.cfm/MyName
but that may not be an issue for you. I dont off the top of my head recall
if it’ll evaluate that recursively and find the second . matches against
.cfm.

Other option is to not use Apache like that - i.e. Use mod_rewrite instead,
with the P flag, and check that request_filename exists and/or ends in cfm.

Variation on this theme

-GOn Thu, Feb 9, 2017 at 5:03 PM <@ziggy7290> wrote:

We have Lucee 5 running on Apache 2.4.6 & Centos 7.3. We are getting a
404 if there’s a dot in the SES URL.

For example

“GET /dir.cfm/MyName/ HTTP/1.1” works properly but “GET /dir.cfm/My.Name/
HTTP/1.1” doesn’t

The Tomcat logs show that its getting proxied correctly with the dot in
the URL.

Has anyone run into this before? Is it a security issue that’s preventing
it or do I need to adjust my proxy directives in Apache? Below are the
mod_proxy settings we have:

    ProxyPreserveHost On

    ProxyPassMatch ^/(.+\.cf[cm])(/.*)?$    http://127.0.0.1:8888/$1$2
    ProxyPassMatch ^/(.+\.cfchart)(/.*)?$   http://127.0.0.1:8888/$1$2
    ProxyPassMatch ^/(.+\.cfml)(/.*)?$      http://127.0.0.1:8888/$1$2

    ProxyPassReverse / http://127.0.0.1:8888/

Thanks!


You received this message because you are subscribed to the Google Groups
“Lucee” group.
To unsubscribe from this group and stop receiving emails from it, send an
email to lucee+unsubscribe@googlegroups.com.
To post to this group, send email to lucee@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/lucee/27f6a514-6029-4db2-b43f-9e8689a414b9%40googlegroups.com
https://groups.google.com/d/msgid/lucee/27f6a514-6029-4db2-b43f-9e8689a414b9%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

I’ll give that a try and see if its that simple.

Thanks!On Saturday, February 11, 2017 at 8:37:29 PM UTC-6, Joseph Gooch wrote:

Try changing the .+ in each regex to .+?

Otherwise, it’s possible the .+ is doing a greedy match, which matches
/dir.cfm/My. to the first part of the pattern, and then Name doesn’t match
cfm or cfc…

.+? Matches up to the first period in the URL instead of the last… which
might mean you’ll have problems with URLs like /My.Directory/dir.cfm/MyName
but that may not be an issue for you. I dont off the top of my head recall
if it’ll evaluate that recursively and find the second . matches against
.cfm.

http://stackoverflow.com/questions/2301285/what-do-lazy-and-greedy-mean-in-the-context-of-regular-expressions

Other option is to not use Apache like that - i.e. Use mod_rewrite
instead, with the P flag, and check that request_filename exists and/or
ends in cfm.

Variation on this theme
http://serverfault.com/questions/655866/proxypass-only-if-file-doesnt-exist

-G

On Thu, Feb 9, 2017 at 5:03 PM <zigg...@gmail.com <javascript:>> wrote:

We have Lucee 5 running on Apache 2.4.6 & Centos 7.3. We are getting a
404 if there’s a dot in the SES URL.

For example

“GET /dir.cfm/MyName/ HTTP/1.1” works properly but “GET /dir.cfm/My.Name/
HTTP/1.1” doesn’t

The Tomcat logs show that its getting proxied correctly with the dot in
the URL.

Has anyone run into this before? Is it a security issue that’s
preventing it or do I need to adjust my proxy directives in Apache? Below
are the mod_proxy settings we have:

    ProxyPreserveHost On

    ProxyPassMatch ^/(.+\.cf[cm])(/.*)?$    

http://127.0.0.1:8888/$1$2
ProxyPassMatch ^/(.+.cfchart)(/.)?$
http://127.0.0.1:8888/$1$2
ProxyPassMatch ^/(.+.cfml)(/.
)?$
http://127.0.0.1:8888/$1$2

    ProxyPassReverse / http://127.0.0.1:8888/

Thanks!


You received this message because you are subscribed to the Google Groups
“Lucee” group.
To unsubscribe from this group and stop receiving emails from it, send an
email to lucee+un...@googlegroups.com <javascript:>.
To post to this group, send email to lu...@googlegroups.com <javascript:>
.
To view this discussion on the web visit
https://groups.google.com/d/msgid/lucee/27f6a514-6029-4db2-b43f-9e8689a414b9%40googlegroups.com
https://groups.google.com/d/msgid/lucee/27f6a514-6029-4db2-b43f-9e8689a414b9%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

Its from Tomcat that I’m getting the 404. Apache shows it as a successful
request. Below is an example entry from the catalina logs (I hope that’s
the correct one you need). The app we are running is a CMS that was
originally developed on Coldfusion that we are working on moving to Lucee
so please forgive my ignorance of Lucee.

Thanks!

lucee.runtime.exp.MissingIncludeException: Page
/dir.cfm/Attorneys/John_J._Griffin,_Jr./index.cfm
[/home/web/x/xxxxxx.net/cms/dir.cfm/Attorneys
/John_J._Griffin,_Jr./index.cfm] not found
at lucee.runtime.PageSourceImpl.loadPage(PageSourceImpl.java:887)
at
lucee.runtime.PageContextImpl._doInclude(PageContextImpl.java:913)
at lucee.runtime.PageContextImpl.doInclude(PageContextImpl.java:833)
at lucee.runtime.PageContextImpl.doInclude(PageContextImpl.java:828)
at
lucee.runtime.listener.ClassicAppListener._onRequest(ClassicAppListener.java:62)
at
lucee.runtime.listener.MixedAppListener.onRequest(MixedAppListener.java:44)
at lucee.runtime.PageContextImpl.execute(PageContextImpl.java:2293)
at lucee.runtime.PageContextImpl._execute(PageContextImpl.java:2284)
at
lucee.runtime.PageContextImpl.executeCFML(PageContextImpl.java:2252)
at
lucee.runtime.engine.CFMLEngineImpl.serviceCFML(CFMLEngineImpl.java:891)
at
lucee.loader.engine.CFMLEngineWrapper.serviceCFML(CFMLEngineWrapper.java:102)
at lucee.loader.servlet.CFMLServlet.service(CFMLServlet.java:62)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:230)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
at
org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:108)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:349)
at
org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:784)
at
org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
at
org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:802)
at
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1410)
at
org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)