Check if Windows server using IIS or Apache

Report · Dec 23, 2021

How can I check if the Windows Server running ColdFusion is using IIS or Apache?

I think we are running IIS since :

IIS installed

Checked Task Manager and cannot see apache or httpd entries.

Looked under cfroot\config\wsconfig\1 and the README file contains :

This file was created by the ColdFusion Connector Installer.
Do not delete this directory or the files in it because your web server
configuration files contain references to the files in this directory.

web server: IIS
web server version: 10.0
IIS web site: All (0)

Is this enough proof or are there more checks I can do?

Report · Dec 23, 2021

Well, the best proof is your check of task manager. Really, that answers your primary question.

As for CF, technically it does not track what web server may be talking to it, at least not by any sort of cf admin config you could look at. The wsconfig files are there because the wsconfig tool was run and put them there. Whether they are or not, an apache (or iis) on some other machine could also talk to cf, via the AJP port configured in the server.xml within cf and its cfusion/runtime/conf folder.

If that news may worry any readers, note that the CF updates in Mar 2020 addressed this, when the broader ghostcat vuln was identified and tomcat added an improved secret feature (where both tomcat/cf and the web server needed to know a shared secret) and a default to only allow tomcat (and therefore cf) to be talked to from a web server on the same machine, unless you specifically configured the address of the web server in an address attribute on the AJP connector in that server.xml file.

So back to how you might know WHAT is the web server talking to CF, if any (and where is it), see the log in that wsconfig numbered folder. That logs the comms into cf from any web server.

Hope that's helpful, though I realize it's far more than you sought.

/Charlie (troubleshooter, carehart.org)

Report · Dec 23, 2021

Thanks - if I understood correctly that means : yes, running IIS not Apache.

Ours is a simple setup with ColdFusion running on a single server, and no other web server messes with it.

It is an internal application, and sits behind our firewall.

Looked at the files. In isapi_redirect.log (in wsconfig/1 folder) we have lots of entries like this (which I have no idea what it really means):
init_jk::jk_isapi_plugin.c (3762): Starting Tomcat/ISAPI/isapi_redirector/1.2.41
init_jk::jk_isapi_plugin.c (4002): Tomcat/ISAPI/isapi_redirector/1.2.41 initialized
jk_log_version::jk_connector_version.h (21): Connector Version: 310348
jk_connector_CF_func::jk_isapi_plugin.c (3272): CF heartbeat started
[info] ajp_process_callback::jk_ajp_common.c (2270): current reuse count is 1 of max reuse connection 250 and total endpoint count 500

And in the wsconfig.properties file (in wsconfig folder) we have :
#ColdFusion Web Server Configuration File
#Thu Mar 18 17:09:05 GMT 2021
1=IIS,0,true,cfusion,"",bitness64
1.srv=localhost,cfusion

Report · Dec 23, 2021

The fact that it's an isapi_redirect.log (vs a mod_jk.log) is indeed confirmation that CF is getting its requests from IIS (over its ISAPI filter, whereas Apache uses a module called mod_jk). I could and should have suggested that also. Though again, technically the logs could appear on the server running CF or on some other configured to TALK to CF, but as you say that's not seemingly a concern.

And indeed your main question was to knoa "if the Windows Server running ColdFusion is using IIS or Apache?" Again the real proof of that was in Task Manager showing no Apache. As for IIS, what you would see is w3wp.exe processes (though only when the IIS app pool each represents was running), but seeing the "world wide publishing service" running (in Windows Services) is another indication that you are running IIS.

You've never said why you are really asking. What is it that you or someone asking you is really wanting to know, do, or confirm, if anything beyond that initial question?

/Charlie (troubleshooter, carehart.org)

Report · Dec 24, 2021

Thanks - that has put my mind to rest.

The reason for the query is that (1) new monitoring and alerts are being set up for Apache in our organisation, and they need to know what to look out for (no surprises) and (2) the Apache Log4j 2 vulnerability.

Also - enjoyed your presentation at the CF Summit 2021.

Paul

Report · Dec 24, 2021

Thanks on the first and last points, Paul. But on the second one, there's a misunderstanding if anyone's connecting the log4j issue and what web server you're using.

You/they may say, "Charlie, it's APACHE log4j". And I'd say, "yes, that's Apache the organization, not Apache the web server". It's a common misunderstanding.

The former is an umbrella org with dozens of projects, nearly all of which have nothing to do with the web server of the same name (and which indeed started it all for the org). I'm sure some are hoping this debacle will motivate some sort of reconsideration of this confusing naming situation.

/Charlie (troubleshooter, carehart.org)

Report · Dec 24, 2021

Thanks for the clarification - I'm sure most people (like me) assume it's all about the Apache web server!

Report · Dec 23, 2021

Is this enough proof or are there more checks I can do?

By @paul_durrant

Yes, there is a check you can do. Run the Web Server Configuration Tool, {INSTANCE_NAME}\runtime\bin\wsconfig.exe. It should show you the web server configured for use.

Report · Dec 24, 2021

Thanks - this confirmed it is indeed running IIS.

Check if Windows server using IIS or Apache

3 Correct answers