Error 302 IIS10 Lucee

I installed Manta CMS 7.1 on a fresh installation: IIS 10 - Last Lucee Version - IIS URL Rewrite 2.1 - Java Version 8 Update 251- I get 302 error when I try to enter miysite/admin to log into the Manta back office.

Don’t forget to tell us about your stack!

OS: ???
Java Version: ???
Tomcat Version: ???
Lucee Version: ???

What happens if you access the page directly through tomcat over port 8888? Does the page also get a 302 redirect? Anorher thing: 302 isn’t an error, but a http status code with a location redirect. You’re saying it is an error. Can you see any type of text somewhere showing that an error has occured?

Thanks Andreas for your kind interest, below I show you the screenshots
For the request log I used the fusereactor service.
As you can see based on what you recommended by entering port 8888 the code 302 on the browser is not produced. However as you will notice from the fusereactor log a code 302 is still reported

without 8888
fusereactor log

Just to understand things right:
You are trying to open your mura administrator with /admin/index.cfm, and that page gives you a http status 302 redirect with the new location to /index.cfm, and that causes a “404 Page not Found” error, correct?

Did you check if the webroot destined for all your Muras files was working correctly before you’ve installed Mura? Did you for example check a test index.cfm in that webroot, just to be sure it was working?

I guess your Mura installation isn’t complete.

All the checks you have indicated I have performed. However, looking at the tutorial, the speaker specifically selects the Lucee version and seems to exclude which is currently installed. I would propose to reinstall IIS 10 on OS Windows 2019 and then version of Lucee instead of Once done then I will install IIS URL Rewrite Module 2.1

Is it ok? should be fine. What tutorial do you mean? The video tutorial about installing Lucee on Windows 2019 Server? That videos are my creation to help others to install Lucee and I’ve added them as a contribution to the Lucee docs. At time of video creation installer wasn’t available. That’s all and that shouldn’t be related to your issue with Mura. Did you do everything from Step 1 to Step 4 of the videos and test a simple index.cfm with cfdump in an empty webroot just like shown in Step 4 video? Did that work? Do that before installing Mura. Then you can proceed to install Mura, and then I would go further with Video Step 5, just to be sure that IIS URL Rewrite and Boncodes admin filter isn’t conflicting with the Muras framework. Maybe Boncode is blocking the page with its filter. Try to deactivate the admin filter in the boncode settings

Further… If you could do everything to Step 4, then install Mura and you are still having issues there, than it’s very possibly Mura related. I suggest asking directly in the Mura community, maybe you find something there:!forum/mura-cms-developers

Hi Andreas,
I installed everything according to your tutorials, I got to the point where I should not make Lucee Server accessible to the public.
I suspect there is something wrong - very similar to the problem before - If I do not enter the port 8888 lucee server is not reachable - Below the links. Thank you for your time

Take in mind that Coldfusion enterprise 10 was initially installed - which I completely uninstalled

But that is all ok like that, because of security.

In a secure installation you don’t want anybody to access those administration pages from outside of your network. Those pages shouldn’t be available through the internet at all. What you need to know is:

IIS serves webaccess to the public internet through port 80 (http) or 443(https), but Tomcat is there to serves IIS for the cfml applications. Port 8888 should always be blocked withhin the firewall for public access.

After understanding that, now you have to decide what you want to do with your administration pages:

  • Option 1: let the administrator accessible to the internet, exposing it to brute force, penetration attacs, etc (bad practice), or

  • Option 2: Block the admin sites from public access (good practice), so a brute force login isn’t possible. This last option is what the video explains how to do in Step 5. If you want to let the admin sites accessible, you have to undo the steps of the video with Step 5.

But: Port 8888 should always be blocked from public internet by firewall, and please verify if you have other ports than the necessary ones open to public.

What we usually do to access those sensitive administration pages is to tunnel it or access it locally by logging into your Windows OS and accessing the page through from there over port 8888.