Lucee & virtual directories in IIS

Hi everyone

We’re looking to move from ACF to Lucee. We’ve hit a major roadblock
already unfortunately. It appears Lucee doesn’t ‘execute’ virtual
directories in IIS. ACF does this fine.

Is there a way to get Lucee to see/execute the virtual directory as ACF
does? There must be other Win/IIS converts that have achieved this in
Railo/Lucee?

Refactoring is not an option I’m afraid, just too much work, we have too
many websites using it.

Thanks in advance

Dave

Hi Dave

Try adding the virtual directories as Lucee mappings, either in your
Application.cfc or in the server/web context admin.

Julian.On 22 December 2015 at 09:47, Dave Quested <@Dave_Quested> wrote:

We’re looking to move from ACF to Lucee. We’ve hit a major roadblock already
unfortunately. It appears Lucee doesn’t ‘execute’ virtual directories in
IIS. ACF does this fine.

Is there a way to get Lucee to see/execute the virtual directory as ACF
does? There must be other Win/IIS converts that have achieved this in
Railo/Lucee?

Hi Jordan,

As far as I know, an as I didn’t find the word “x-vdirs” in the Lucee source code, Lucee still needs to implement a handler for an incoming x-vdirs header. Also, we still need to add security around this header.
So for the time being, adding the virtual directories as mappings in the Lucee web context is still the way to go. Again, as far as I know.

Kind regards,

Paul KlinkenbergOp 22 dec. 2015, om 19:34 heeft Jordan Michaels <@Jordan_Michaels> het volgende geschreven:

ACF uses a custom connector and a singular J2EE context to handle requests in order to make some things - like IIS virtual directories - easier, however, these methods don’t conform to J2EE standards. Lucee has historically tried to adhere to the J2EE standards and uses standard J2EE contexts to handle different sites and web requests.

Since IIS virtual directories only exist within IIS, they have to be “translated” to a standardized Tomcat contexts. This can be done using the BonCode Connector - which adds the ‘x-vdir’ header to incoming web requests - and the mod_cfml tomcat valve which creates in-memory contexts for non-existent host names in an authorized request.

How did you install Lucee? If you used the Windows installer, the BonCode Connector and mod_cfml should be installed by default unless you opted not to install them.

Documentation for the BonCode connector is here (created and maintained by Bilal Soylu):
http://boncode.net/connector/webdocs/Tomcat_Connector.htm (Under the “EnableHeaderDataSupport” config option)

Documentation for mod_cfml and the ‘x-vdir’ header is here (support for ‘x-vdir’ added by Paul Klinkenberg):
http://www.modcfml.org/index.cfm/documentation/modcfml-so-apache-module/an-in-depth-look-at-modcfml/


Kind regards,
Jordan Michaels
Vivio Technologies

----- Original Message -----
From: “Dave Quested” <@Dave_Quested>
To: “Lucee” lucee@googlegroups.com
Sent: Tuesday, December 22, 2015 1:47:35 AM
Subject: [Lucee] Lucee & virtual directories in IIS

Hi everyone

We’re looking to move from ACF to Lucee. We’ve hit a major roadblock
already unfortunately. It appears Lucee doesn’t ‘execute’ virtual
directories in IIS. ACF does this fine.

Is there a way to get Lucee to see/execute the virtual directory as ACF
does? There must be other Win/IIS converts that have achieved this in
Railo/Lucee?

Refactoring is not an option I’m afraid, just too much work, we have too
many websites using it.

Thanks in advance

Dave


Love Lucee? Become a supporter and be part of the Lucee project today! - http://lucee.org/supporters/become-a-supporter.html

You received this message because you are subscribed to the Google Groups “Lucee” group.
To unsubscribe from this group and stop receiving emails from it, send an email to lucee+unsubscribe@googlegroups.com.
To post to this group, send email to lucee@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/lucee/8ad9b4ed-aaf1-4a92-8ad0-06605b0b2176%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Love Lucee? Become a supporter and be part of the Lucee project today! - http://lucee.org/supporters/become-a-supporter.html

You received this message because you are subscribed to the Google Groups “Lucee” group.
To unsubscribe from this group and stop receiving emails from it, send an email to lucee+unsubscribe@googlegroups.com.
To post to this group, send email to lucee@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/lucee/1417637034.215084.1450809247999.JavaMail.zimbra%40viviotech.net.
For more options, visit https://groups.google.com/d/optout.

Hey Paul,

Thanks for correcting my misunderstanding there. I assumed that since we had implemented the x-vdir header that it was also supported by subsequent systems. Can you elaborate on what kind of security you’re thinking of adding for it? Looking at the valve source, it looks like the authorization key is validated before processing anything else. Are you thinking character filtering maybe?

For implementation, since a Virtual Directory can be represented in a Tomcat context using the following context config:

www.lucee.org

…do you see any reason we could not add the vdirs from the x-vdir headers to the context xml file that the mod_cfml valve creates for a new context?

Or, while I’m not as familiar as you are with the child context methods, maybe we could implement those in a way that would mimic the above config? Would be something fun to play with and see, if nothing else. ;)–
Kind regards,
Jordan Michaels
Vivio Technologies

----- Original Message -----
From: “Paul Klinkenberg” <@Paul_Klinkenberg>
To: lucee@googlegroups.com
Sent: Tuesday, December 22, 2015 11:36:12 AM
Subject: Re: [Lucee] Lucee & virtual directories in IIS

Hi Jordan,

As far as I know, an as I didn’t find the word “x-vdirs” in the Lucee source code, Lucee still needs to implement a handler for an incoming x-vdirs header. Also, we still need to add security around this header.
So for the time being, adding the virtual directories as mappings in the Lucee web context is still the way to go. Again, as far as I know.

Kind regards,

Paul Klinkenberg

Op 22 dec. 2015, om 19:34 heeft Jordan Michaels <@Jordan_Michaels> het volgende geschreven:

ACF uses a custom connector and a singular J2EE context to handle requests in order to make some things - like IIS virtual directories - easier, however, these methods don’t conform to J2EE standards. Lucee has historically tried to adhere to the J2EE standards and uses standard J2EE contexts to handle different sites and web requests.

Since IIS virtual directories only exist within IIS, they have to be “translated” to a standardized Tomcat contexts. This can be done using the BonCode Connector - which adds the ‘x-vdir’ header to incoming web requests - and the mod_cfml tomcat valve which creates in-memory contexts for non-existent host names in an authorized request.

How did you install Lucee? If you used the Windows installer, the BonCode Connector and mod_cfml should be installed by default unless you opted not to install them.

Documentation for the BonCode connector is here (created and maintained by Bilal Soylu):
http://boncode.net/connector/webdocs/Tomcat_Connector.htm (Under the “EnableHeaderDataSupport” config option)

Documentation for mod_cfml and the ‘x-vdir’ header is here (support for ‘x-vdir’ added by Paul Klinkenberg):
http://www.modcfml.org/index.cfm/documentation/modcfml-so-apache-module/an-in-depth-look-at-modcfml/


Kind regards,
Jordan Michaels
Vivio Technologies

----- Original Message -----
From: “Dave Quested” <@Dave_Quested>
To: “Lucee” lucee@googlegroups.com
Sent: Tuesday, December 22, 2015 1:47:35 AM
Subject: [Lucee] Lucee & virtual directories in IIS

Hi everyone

We’re looking to move from ACF to Lucee. We’ve hit a major roadblock
already unfortunately. It appears Lucee doesn’t ‘execute’ virtual
directories in IIS. ACF does this fine.

Is there a way to get Lucee to see/execute the virtual directory as ACF
does? There must be other Win/IIS converts that have achieved this in
Railo/Lucee?

Refactoring is not an option I’m afraid, just too much work, we have too
many websites using it.

Thanks in advance

Dave


Love Lucee? Become a supporter and be part of the Lucee project today! - http://lucee.org/supporters/become-a-supporter.html

You received this message because you are subscribed to the Google Groups “Lucee” group.
To unsubscribe from this group and stop receiving emails from it, send an email to lucee+unsubscribe@googlegroups.com.
To post to this group, send email to lucee@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/lucee/8ad9b4ed-aaf1-4a92-8ad0-06605b0b2176%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Love Lucee? Become a supporter and be part of the Lucee project today! - http://lucee.org/supporters/become-a-supporter.html

You received this message because you are subscribed to the Google Groups “Lucee” group.
To unsubscribe from this group and stop receiving emails from it, send an email to lucee+unsubscribe@googlegroups.com.
To post to this group, send email to lucee@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/lucee/1417637034.215084.1450809247999.JavaMail.zimbra%40viviotech.net.
For more options, visit https://groups.google.com/d/optout.


Love Lucee? Become a supporter and be part of the Lucee project today! - http://lucee.org/supporters/become-a-supporter.html

You received this message because you are subscribed to the Google Groups “Lucee” group.
To unsubscribe from this group and stop receiving emails from it, send an email to lucee+unsubscribe@googlegroups.com.
To post to this group, send email to lucee@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/lucee/83627EAD-48BB-48FC-AB96-59A6FCABAFB2%40ongevraagdadvies.nl.
For more options, visit https://groups.google.com/d/optout.

Hi Jordan,

When we mailed about this previously with Bilal, I thought the idea was it would be implemented by Lucee as request-only mappings. I sure like the idea of adding it on the Tomcat level, and it sure makes sense.

I will try to implement this on the Tomcat level, probably in January.
The security issue I was worried about, was only applicable when Lucee would handle the mappings, as it currently would not have a way to validate the source of the incoming header. But when done in the Tomcat valve, we have the shared secret key for validation :slight_smile:

Kind regards,

Paul Klinkenberg------------

Op 22 dec. 2015 om 21:38 heeft Jordan Michaels <@Jordan_Michaels> het volgende geschreven:

Hey Paul,

Thanks for correcting my misunderstanding there. I assumed that since we had implemented the x-vdir header that it was also supported by subsequent systems. Can you elaborate on what kind of security you’re thinking of adding for it? Looking at the valve source, it looks like the authorization key is validated before processing anything else. Are you thinking character filtering maybe?

For implementation, since a Virtual Directory can be represented in a Tomcat context using the following context config:

www.lucee.org

…do you see any reason we could not add the vdirs from the x-vdir headers to the context xml file that the mod_cfml valve creates for a new context?

Or, while I’m not as familiar as you are with the child context methods, maybe we could implement those in a way that would mimic the above config? Would be something fun to play with and see, if nothing else. :wink:


Kind regards,
Jordan Michaels
Vivio Technologies

----- Original Message -----
From: “Paul Klinkenberg” <@Paul_Klinkenberg>
To: lucee@googlegroups.com
Sent: Tuesday, December 22, 2015 11:36:12 AM
Subject: Re: [Lucee] Lucee & virtual directories in IIS

Hi Jordan,

As far as I know, an as I didn’t find the word “x-vdirs” in the Lucee source code, Lucee still needs to implement a handler for an incoming x-vdirs header. Also, we still need to add security around this header.
So for the time being, adding the virtual directories as mappings in the Lucee web context is still the way to go. Again, as far as I know.

Kind regards,

Paul Klinkenberg

Op 22 dec. 2015, om 19:34 heeft Jordan Michaels <@Jordan_Michaels> het volgende geschreven:

ACF uses a custom connector and a singular J2EE context to handle requests in order to make some things - like IIS virtual directories - easier, however, these methods don’t conform to J2EE standards. Lucee has historically tried to adhere to the J2EE standards and uses standard J2EE contexts to handle different sites and web requests.

Since IIS virtual directories only exist within IIS, they have to be “translated” to a standardized Tomcat contexts. This can be done using the BonCode Connector - which adds the ‘x-vdir’ header to incoming web requests - and the mod_cfml tomcat valve which creates in-memory contexts for non-existent host names in an authorized request.

How did you install Lucee? If you used the Windows installer, the BonCode Connector and mod_cfml should be installed by default unless you opted not to install them.

Documentation for the BonCode connector is here (created and maintained by Bilal Soylu):
http://boncode.net/connector/webdocs/Tomcat_Connector.htm (Under the “EnableHeaderDataSupport” config option)

Documentation for mod_cfml and the ‘x-vdir’ header is here (support for ‘x-vdir’ added by Paul Klinkenberg):
http://www.modcfml.org/index.cfm/documentation/modcfml-so-apache-module/an-in-depth-look-at-modcfml/


Kind regards,
Jordan Michaels
Vivio Technologies

----- Original Message -----
From: “Dave Quested” <@Dave_Quested>
To: “Lucee” lucee@googlegroups.com
Sent: Tuesday, December 22, 2015 1:47:35 AM
Subject: [Lucee] Lucee & virtual directories in IIS

Hi everyone

We’re looking to move from ACF to Lucee. We’ve hit a major roadblock
already unfortunately. It appears Lucee doesn’t ‘execute’ virtual
directories in IIS. ACF does this fine.

Is there a way to get Lucee to see/execute the virtual directory as ACF
does? There must be other Win/IIS converts that have achieved this in
Railo/Lucee?

Refactoring is not an option I’m afraid, just too much work, we have too
many websites using it.

Thanks in advance

Dave


Love Lucee? Become a supporter and be part of the Lucee project today! - http://lucee.org/supporters/become-a-supporter.html

You received this message because you are subscribed to the Google Groups “Lucee” group.
To unsubscribe from this group and stop receiving emails from it, send an email to lucee+unsubscribe@googlegroups.com.
To post to this group, send email to lucee@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/lucee/8ad9b4ed-aaf1-4a92-8ad0-06605b0b2176%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Love Lucee? Become a supporter and be part of the Lucee project today! - http://lucee.org/supporters/become-a-supporter.html

You received this message because you are subscribed to the Google Groups “Lucee” group.
To unsubscribe from this group and stop receiving emails from it, send an email to lucee+unsubscribe@googlegroups.com.
To post to this group, send email to lucee@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/lucee/1417637034.215084.1450809247999.JavaMail.zimbra%40viviotech.net.
For more options, visit https://groups.google.com/d/optout.


Love Lucee? Become a supporter and be part of the Lucee project today! - http://lucee.org/supporters/become-a-supporter.html

You received this message because you are subscribed to the Google Groups “Lucee” group.
To unsubscribe from this group and stop receiving emails from it, send an email to lucee+unsubscribe@googlegroups.com.
To post to this group, send email to lucee@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/lucee/83627EAD-48BB-48FC-AB96-59A6FCABAFB2%40ongevraagdadvies.nl.
For more options, visit https://groups.google.com/d/optout.


Love Lucee? Become a supporter and be part of the Lucee project today! - http://lucee.org/supporters/become-a-supporter.html

You received this message because you are subscribed to the Google Groups “Lucee” group.
To unsubscribe from this group and stop receiving emails from it, send an email to lucee+unsubscribe@googlegroups.com.
To post to this group, send email to lucee@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/lucee/1194127527.215462.1450816728057.JavaMail.zimbra%40viviotech.net.
For more options, visit https://groups.google.com/d/optout.

Thanks Paul.
I think the Tomcat level mapping would be interesting.
we can block out the potential security implication by adding a blacklist
directive into the BonCode setting file like
so: x-vdirs
This will prevent externally passed in headers from being added to the HTTP
header.

Cheers,
B.On Wednesday, December 23, 2015 at 4:30:34 AM UTC-5, Paul Klinkenberg wrote:

Hi Jordan,

When we mailed about this previously with Bilal, I thought the idea was it
would be implemented by Lucee as request-only mappings. I sure like the
idea of adding it on the Tomcat level, and it sure makes sense.

I will try to implement this on the Tomcat level, probably in January.
The security issue I was worried about, was only applicable when Lucee
would handle the mappings, as it currently would not have a way to validate
the source of the incoming header. But when done in the Tomcat valve, we
have the shared secret key for validation :slight_smile:

Kind regards,

Paul Klinkenberg


Op 22 dec. 2015 om 21:38 heeft Jordan Michaels <jor...@viviotech.net <javascript:>> het volgende geschreven:

Hey Paul,

Thanks for correcting my misunderstanding there. I assumed that since we
had implemented the x-vdir header that it was also supported by subsequent
systems. Can you elaborate on what kind of security you’re thinking of
adding for it? Looking at the valve source, it looks like the authorization
key is validated before processing anything else. Are you thinking
character filtering maybe?

For implementation, since a Virtual Directory can be represented in a
Tomcat context using the following context config:

<Context path="/vdir/"

docBase="/home/other_user/public_html/some_other_directory/" />

www.lucee.org

…do you see any reason we could not add the vdirs from the x-vdir
headers to the context xml file that the mod_cfml valve creates for a new
context?

Or, while I’m not as familiar as you are with the child context methods,
maybe we could implement those in a way that would mimic the above config?
Would be something fun to play with and see, if nothing else. :wink:


Kind regards,
Jordan Michaels
Vivio Technologies