Custom request_timeout_error.cfm page

Report · Jul 26, 2016

Hello, all,

We recently received a new STIG for our environment, and one of the "findings" is for request timeout error template. Basically, if the CFAdmin setting is blank or set to default, it's a finding. We are required to create a custom request timeout error page and place it in the webroot (where CFIDE is not), then update the CFAdmin to point to it.

Problem is that I have no idea what the request timeout error page is supposed to do. I tried to review the code for the default .cfm page that handles this, but (of course) Adobe encrypted it, so I can't see what it's doing.

Pointers greatly appreciated.

V/r,

^_^

Report · Jul 27, 2016

Does anyone know what the request_timeout_error.cfm page does? I mean, besides display a message that there has been a timeout. Does it send an email to the admin? We already have that covered in the onError() in application.cfc. Does it do anything else?

V/r,

^_^

Report · Jul 28, 2016

Its just a default holding page with default text in. It does nothing special.

It source just looks a bit like this:

<body>
  <div id="header"></div>
  <div id="spot">
    <img src="data:image/png;base64, .... >
    <div id="titleDoubleLine">Server Timeout</div>
  </div>
  <div id="content">
    A task has run for longer than it should and has caused the server to terminate it. Please try again or contact the administrator.
  </div>
</body>

The idea is you replace these with your own and have the extra functionality programmed your self.

Report · Jul 28, 2016

Hi, haxtbh,

The idea is you replace these with your own and have the extra functionality programmed your self.

I figured as much; but the View Source doesn't indicate what the extra functionality is. That's what I'm asking.

V/r,

^_^

Report · Jul 28, 2016

Thats up to you.

Typically they are just like replacement 404 / 500 pages etc. They just have a bit of text that says why they have arrived there. Just like the templates built into IIS or Apache.

There is no functionality unless you intend there to be.

So you might send an email if they arrived at the page, but if you have that somewhere else then it wont be needed. Your page will simply just have text to explain the error.

The point I was making in my post was that its simple a barebone page giving an error. There is nothing more to it.

Report · Jul 28, 2016

Notice the description for the Request Queue Timeout Page on the CF11 admin page for Request Tuning:

Specify a relative path from the web root to an HTML page to send to clients when a template request times out before running, for example /CFIDE/timeout.html. The page you specify cannot contain CFML. If you do not specify a page, clients receive a 500 Request Timeout error when their request does not run.

So the page must be a static HTML page, not a CFM with stuff that needs to be processed server-side.

Report · Jul 28, 2016

Oh. I figured (being a CF setting) that it would contain extra processing (like cflog or cfmail). But if it cannot be a .cfm page, then there really isn't anything else; just a "hey, it timed out, sucks to be you" kind of thing.

D'OH!

Thanks, Carl.

V/r,

^_^

UPDATE: Except I'm even more confused, now. The default page is "/CFIDE/administrator/templates/request_timeout_error.cfm", not .html. Hmmm..

Report · Jul 28, 2016

OK, to clarify, it's not the file extension that's at issue, it's that the page can't have any CFML in it (it must be static HTML). So you can use a file with a .cfm extension, but you can't put any CFML in it.

Custom request_timeout_error.cfm page

1 Correct answer