Unknown folders under C:\lucee\tomcat\conf\Catalina


#1

Does anyone know the purpose of so many folders that sound like some domain names. This is scaring me to death. So if anyone knows that tis is expected and whats the reason for this, I’ll appreciate.
Thanks.


#2

Are they domains you host under lucee?


#3

No they are not and thats why its puzzling to me. I saw one more post about this problem somewhere else so its just not mine. I was thinking may be this is blacklisting or something.


#4

Are you using mod_cfml? Could be your webserver config accepts any host headers for one of your websites and mod_cfml is automatically creating contexts from them


#5

Doesn’t look good off hand except they all seem old directories. What version of Tomcat? I wonder if at sometime you upgraded and patched a hole. I would take time to make sure you are updated with latest Java and Tomcat. Follow the Security Reports section on the Tomcat site. Make sure you are updated to a version the same or higher from the last one for your version.

You also might want to wipe the lucee directory sometime and reinstall. Also maybe do a quick code and website scan.

Hopefully it is nothing.


#6

This is expected.

Tomcat creates the Catalina directory for you if it does not exist. The right way to configure contexts in Tomcat is inside that directory and not in server.xml as many users do, because changes to server.xml require a Tomcat restart.


#7

This is not an issue with mod_cfml, but an issue with the web server. The web server is configured to accept requests for unknown domains and pass them to the default host. This means that any time any script kiddie scans your web server for an open proxy or something like that using an unknown domain, your web server will hand them the default host. If your default host is a CFML-enable website, mod_cfml will do it’s job and accommodate those requests - just like your web server did.

There are two ways you can address that issue:

  1. Set up your default site to be a non-CFML-enabled site
  2. Configure your web server to refuse requests for domains it’s not configured for

Once you do either of those things, those strange domains in your catalina folder will no longer appear.

Hope this helps.


#8

How exactly do you do that, Igal? We don’t use mod_cfml and would love to be able to avoid restarts each time we add a host.


#9

Julian, it’s very simple. You create a directory for each hostname in the following format:

$CATALINA_BASE/conf/[engine-name]/[hostname]/

$CATALINA_BASE is your Tomcat instance config directory (see my post with accompanying video on the subject at http://blog.rasia.io/blog/how-to-easily-setup-lucee-in-tomcat.html)

[engine-name] by default is Catalina

[hostname] is the hostname that Tomcat is listening on, e.g. localhost, blog.simplicityweb.co.uk, etc.

That’s the reason that the OP sees all of the sub-directories inside {tomcat}/conf/Catalina. In the absence of these directories, Tomcat creates them on the fly.

Inside that directory you will put a file for each Context in the format of [context-name].xml. For the default context you will use ROOT.xml.

So for your blog site, you would create the file

/{tomcat}/conf/Catalina/blog.simplicityweb.co.uk/ROOT.xml

That XML file can be as simple as an empty <Context /> element which will use all of the defaults, or define custom configurations for the Context, e.g.

<Context docBase="/srv/www/simplicityweb-blog">
  <!-- more configurations can go here !-->
</Context>

Reference: https://tomcat.apache.org/tomcat-9.0-doc/config/context.html#Defining_a_context


Defining Tomcat hosts without restarting Lucee
#10

I think this is what was happening. When I posted the question, I was working on fixing some OWASP list of vulnerabilities for a client and found those folders in there. By the time I read this, I had fixed the loophole that was accepting any given host value in the header which was creating all those folders as you mentioned. Now that its fixed, I dont see any strange folders getting created.
Thanks for confirming my suspicions.
Everybody else, your comments definitely added to my knowledge. Thanks.