I am trying to implement a simple upload feature in CF 11 but it fails with 403 Forbidden error while uploading GPX format file.
But when I try uploading other format files like .csv, .txt, .jpg the same code works as expected.
Please help and let me know if I am missing something.
Code to upload:
<form method="post" id="fileinfo" name="fileinfo" action="Upload.cfm" enctype="multipart/form-data"> <label>Select a file:</label><br> <input type="FileUpload" name="upload" required /> <input type="submit" value="Upload" /> </form>
<cfoutput> <cffile action="upload" destination="C:\gpx\" nameConflict="overwrite" filefield="Form.FileUpload"> </cfoutput>
I'm not aware of any limit in cf on an extension of gpx. What update of 11 are you on? The Mar 1 update of cf added some built-in protection of uploading server executable extensions, but gpx is not among them by default.
Indeed, the 403 error sounds more like an iis issue. Are you getting details from iis about the error? If not, try running the browser request on the server if possible. By default, that shows more details than a request from off the server.
Also, when you test for other file extensions, did you try just renaming the file from gpx to txt? Did it still fail?
CF 11 is up-to-date.
ColdFusion 11 Update 19
Update Level: 19
Update Type: Security
Install Date: Fri, 19 Jul 2019 12:24:11 -0600
ColdFusion 11 Update 19 addresses the vulnerabilities mentioned in the security bulletin APSB19-27.
I do not find any details error message from IIS and I have tried running the browser request on the server which works fine and does not give any errors.
I just now tested by re-naming a .gpx file as .txt which also failed with 403 error.
You make statements now without offering conclusions (you answer my questions, without seeming to understand the points I was getting at). Let me be more explicit. I see two important observations from what you share.
First, you had said initially that "when I try uploading other format files like .csv, .txt, .jpg the same code works as expected", and yet now you say that in renaming the gpx file to a txt, it fails. So assuming NOTHING else changed (you're using the same URL to test the "other txt files", then this would indicate that the problem is about this particular file (whether it's a gpx or a txt).
So now let's focus on that: what is the size of the file? You may be hitting a limit in IIS related to that (though I'd not expect a 403, but it's possible).
Second (and as important), you say now that you did try "running the browser request on the server which works fine and does not give any errors." So do you mean that with regard to the gpx file upload? It works when done ON the server but fails when done from OFF the server? That would be significant.
But here again, let's be very clear: are you saying that the URL you use from ON and OFF the server is the exact same URL (and so the exact same IIS site)? If there was any variation, what was the difference?
I press all this because knowing that the gpx uploads one way but not another means it's not (seemingly) a CF problem. And knowing that the file does not upload whether it's a gpx or txt file tells you it's not about being a gpx file. These are all clues that should help you/us get to the bottom of what the problem is.
Sorry if all this seems like too much for you to take in. I don't know where you're coming from (experience-wise), but you hit the problem and asked for help, which I am offering. If the problem was easily solved, you'd not have to have asked here. Sometimes, problems like this do take a bit of sleuthing to get to the bottom of. And for now, we can only go on what you are able to offer in reply.
I will say that if you are in a time-crunch, you don't need to wait for back and forth like this, but instead you can get direct help (remotely) from folks like myself. I offer a list of such consultants at cf411.com/cftrouble. But otherwise, I will of course try to help here, as may other folks.
I agree that I made statements that contradict each other. When I mentioned that other formats(especially .txt) files uploads properly, the file contains only text and numbers. Following your suggestion, I tried renaming the same .gpx file as .txt where the upload failed (I have never tested this way before which helped me to explore this issue in a new direction but still couldn't crack!). I further tested by reducing the file size, used a different .gpx file nothing worked thus indicating that the issue is not about a particular file or file size. I have also verified the size limit in IIS.
With regards to "running the browser request on the server which works fine and does not give any errors.", I use the domain name in the URL while running OFF the server and use "localhost" instead of the domain name while running ON the server which is the only difference but both requests hit IIS. And both are specific to the same upload process/page and same file.
This upload feature is in a legacy CF application, we do not have any CF developers to consult. I am very new to it and tried resolving this issue with all possible means, NOTHING worked so I finally came to this forum.