Requests to my /tags
directory is being internally mapped to a mapping named "/tags"
in my application.cfc file. I didn’t know that mappings worked this way with http requests… I thought they were only used internally in my code to reference directories for custom tags or cfmodule calls. But now I’m seeing that Lucee is using my mappings to determine the location of http requests. Is this new to Lucee 6? I never ran into this before with Lucee5/Windows(both IIS and tomcat directly).
Here’s what’s going on:
In application.cfc
, I’ve got a mapping to my custom tags folder like so:
this.mappings = {
"/tags": "project/custom-tags
}
I’ve also got a directory named “tags” in my web root
folder:
project/www/tags
What’s happening is that the the /tags
request is being mapped internally by Lucee to my /tags
mapping, and is returning a 404 because there is no index.cfm in that location. I verified this by adding an index.cfm file in my custom tags folder and it was served by Lucee.
I recently moved my app over from Lucee 5 to 6, from Windows (IIS in production, direct to tomcat in development) to Linux/nginx with Docker, and this behavior does not exist in my 5x world… it doesn’t confuse the /project/www/tags/
folder with the /product/custom-tags
folder in the mappings.
I did verify (to my horror) that I can access some of my custom tag folders from a web request (I can’t believe I have not noticed this before!) So I guess the question is, how do I define a mapping that I can use for custom tags, etc., but is not accessible from a web request? Do I need to block access to those directories from the web server?
OS: Linux (5.15.167.4-microsoft-standard-WSL2) 64bit
Java Version: 21.0.7 (Eclipse Adoptium) 64bit
Tomcat Version: 11.0.6
Lucee Version: 6.2.1.122