• Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0

Stop access to specific URL

Explorer ,
Mar 25, 2024 Mar 25, 2024

Copy link to clipboard

Copied

Hello there. Me again 😛

I have a website where I have a link https://whatever.com/membersData

Now, this folder membersData has other folders as well but the main point is that access to it should not be allowed. There should be a new page that is being shown each time somebody tries to enter and its IP doesn't match the IP of the website owner. 

 

I would like to do this with Application.cfc or if it's not possible, do it with  https://whatever.com/membersData/index.cfm file inside. Keep in mind that index.cfm is always hidden in URL. 

Views

202

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Mar 25, 2024 Mar 25, 2024

Copy link to clipboard

Copied

For example,

 

	<cffunction name="onRequestStart" returntype="boolean">
	 	<cfargument name = "targetPage" type="String" required="true"> 	
          <!--- You may use arguments.targetPage in place of CGI.SCRIPT_NAME --->	 	      
		<cfif findNoCase("/membersData/", CGI.SCRIPT_NAME) gt 0 and CGI.REMOTE_ADDR is not "123.123.123.123" >
             <!--- Required: the substring "/membersData/" does not occur in the URL to the page tst.cfm --->
			<cflocation url="rerouteDir/tst.cfm" >
		</cfif>

     	<cfreturn true>
	</cffunction>
	

 

 

 

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Mar 25, 2024 Mar 25, 2024

Copy link to clipboard

Copied

Thanks for sharing the code fragments, bkbk (though it's not quite clear why it appears twice).

 

That said, it seems like Aleksandar is new enough to not realize you're proposing that as a method to be added to an application.cfc file, to be placed in the root of the site. (And if none exists, one must be created and with a cfcomponent tag surrounding what is offered above--and yes it could all be written as cfscript, for anyone preferring that). Also, note that if there's already an application.cfm file, there's more to do. 

 

First, Aleksandar, let's clarify that an important feature of cf is that before any request is processed, cf seeks first if there's any such application.cfc (or application.cfm file) in the same folder, and that's run first. If there's none, cf looks in the folder above that and so on. It runs any that it finds, and doesn't seek any other in folders above that.

 

So yes, this is a very common way to introduce the sort of "gate" you seek, where something is checked before the requested template runs. People have for decades been using it for login checking/processing, and much more. 

 

Finally, the reason it can be application.cfc or cfm is that the latter came first, until about cf7 which introduced application.cfc--which is more powerful, and offers methods that are called implicitly like this onrequeststart which bkbk offered. To be clear, application.cfm does NOT support such implicitly called methods. You'd just put that code he offered (within the method) into the application.cfm file, like any other code to be found there, which is run sequentially like any other cfml.

 

And I say all that because if you DO already have an application.cfm, you can't JUST create a new application.cfc and plunk in that code. Cf would then run that and NOT your application cfm found in the same directory (nor any above it). You'd need to merge this code into that, as I indicated.

 

This matter of choosing between the two was a popular topic the past 15 years but has been rarely discussed more recently. It (along with the basics of application.cfc/cfm) has been covered in some docs and books (even older ones, still valuable for this sort of reason).

 

But let's hear if you're able to move forward with what's been offered here, perhaps even solely based on you already knowing what to do with bkbk's offered code. I offer the rest, then, for future readers who may benefit. 🙂 


/Charlie (troubleshooter, carehart.org)

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Mar 25, 2024 Mar 25, 2024

Copy link to clipboard

Copied

Thanks for your feedback, Charlie. I have duly deleted the second suggestion, and added a comment to the first.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Explorer ,
Mar 25, 2024 Mar 25, 2024

Copy link to clipboard

Copied

So, I added your code like this: 

 

	<cffunction name = "onRequestStart">

		<cfargument name = "thisRequest" required="true"/>		

			 	<cfargument name = "targetPage" type="String" required="true"> 	
          <!--- You may use arguments.targetPage in place of CGI.SCRIPT_NAME --->	 	      
		<cfif findNoCase("/membersOnly/ControlPanel/ErrorReports/", CGI.SCRIPT_NAME) gt 0 and CGI.REMOTE_ADDR is not "123.123.123.123" >
             <!--- Required: the substring "/membersData/" does not occur in the URL to the page tst.cfm --->
			<cflocation url="/" >
		</cfif>
     	<cfreturn true>
<!-- SOME OTHER STUFF I HAVE THERE --->
</cffunction>

And this gives me 

500 - Internal server error.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Mar 25, 2024 Mar 25, 2024

Copy link to clipboard

Copied

Aleksandar, you can't stop at "I get a 500 error".  You need to find/tell us what is the actual error. You should find it in cf's application.log, in cf's cfusion/logs folder.

 

There may be a typo in what bkbk wrote, or in your copy/paste of it, or perhaps you missed the need for this application.cfc to have also a component tag (beyond what he shared) if the file did not exist, as I discussed above. 


/Charlie (troubleshooter, carehart.org)

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Mar 26, 2024 Mar 26, 2024

Copy link to clipboard

Copied

The HTTP 500 error is likely caused by the cflocation or by the "stuff" underneath the cfreturn line.

 

Suggestions:

  1.  The  following line is not actually a CFML comment
    <!-- SOME OTHER STUFF I HAVE THERE --->​

    It might therefore disrupt something somewhere. 
    In your test, remove all that "stuff". Make sure the function ends with the line  <cfreturn true>.

  2.  Don't use 123.123.123.123. That was just an example. In your test, use your own IP address.
  3.  The path "/" is a system path in ColdFusion. So don't use it in your application. Instead, do the following, for example.
    You said, "There should be a new page that is being shown each time somebody tries to enter and its IP doesn't match the IP of the website owner. " So, let's give the new page the name welcome.cfm. Create in the web-root a directory called nonMember., and place the welcome.cfm in it. The file's path relative to the root is therefore /nonMember/welcome.cfm.
    Now modify the redirect code to
    <cflocation url="/nonMember/welcome.cfm" >​

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Explorer ,
Mar 28, 2024 Mar 28, 2024

Copy link to clipboard

Copied

Hello guys, thank you for you help. I decided to do this in a different way (login authentification). 

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Mar 28, 2024 Mar 28, 2024

Copy link to clipboard

Copied

It's nice that you have decided on a different solution. Screening users by authentication at the very start does indeed seem to be a more efficient solution.

 

But one question remains. Has the specific question you asked here been solved? If so, please share the solution. It will help others who land here in future. 

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Explorer ,
Mar 28, 2024 Mar 28, 2024

Copy link to clipboard

Copied

LATEST

Sadly I still had issues with it so instead of debugging the issue further I went straight for login authentification. 😞

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation