Highlighted

Can't access CF administrator page when using Apache

New Here ,
Jun 15, 2020

Copy link to clipboard

Copied

I have enabled Apache support on ColdFusion 2018. I can render http://127.0.0.1:8750/CFIDE/administrator/index.cfm using the built in webserver, but when I try from Apache http://127.0.0.1/CFIDE/administrator/index.cfm I get an error that the page is not found on the server. I have /CFIDE/* = cfusion enabled in the uriworkermap.properties file. I also tried enabling a virtual host Alias in the  mod_jk_vhost.conf to point to the location of the administrator page. Neither works. How would I go about accessing the administrator page from Apache? Is this possible?

Views

71

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more

Can't access CF administrator page when using Apache

New Here ,
Jun 15, 2020

Copy link to clipboard

Copied

I have enabled Apache support on ColdFusion 2018. I can render http://127.0.0.1:8750/CFIDE/administrator/index.cfm using the built in webserver, but when I try from Apache http://127.0.0.1/CFIDE/administrator/index.cfm I get an error that the page is not found on the server. I have /CFIDE/* = cfusion enabled in the uriworkermap.properties file. I also tried enabling a virtual host Alias in the  mod_jk_vhost.conf to point to the location of the administrator page. Neither works. How would I go about accessing the administrator page from Apache? Is this possible?

Views

72

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Jun 15, 2020 0
Adobe Community Professional ,
Jun 15, 2020

Copy link to clipboard

Copied

My understanding is that CF won't serve any /CFIDE/administrator/ URLs through the connected web server. This is an intentional security restriction. I suspect the blocking happens in CF rather than in the connector itself.

 

Dave Watts, Eidolon LLC

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jun 15, 2020 1
New Here ,
Jun 15, 2020

Copy link to clipboard

Copied

Dave.

This is helpful. If I put the CF 2018 server behind a load balancer that accesses the CF built in webserver directly ( no Apache) would I still be able to access the administrator page?

 

Thanks for your help,

CDB

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jun 15, 2020 0
Adobe Community Professional ,
Jun 15, 2020

Copy link to clipboard

Copied

I think it would, but I haven't tried. Is there a reason you want to expose the CF Administrator to external and potentially untrusted users?

 

Dave Watts, Eidolon LLC

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jun 15, 2020 0
Adobe Community Professional ,
Jun 15, 2020

Copy link to clipboard

Copied

In addition to Dave's great points (and at the risk of helping someone open a door they really should not open), I'll ask if you have confirmed whether you can have Apache serve ANY CFM page from the folder in which the CFIDE folder lives, which is CF's cfusion/wwwroot folder (unless you have defined more than one instance, in which case it's [instancename]/wwwroot.

 

If you get a 404 trying ANY CFM page in that folder, then your problem isn't really about the CFIDE underneath it. And in that case, you may want to clarify how you have your virtualhost element configured.

 

Finally, if that works but NOT the CFIDE, are you sure you restarted Apache after making the change to the uroworkermap.properties file? (That is indeed the file where the protection lives. I discussed it in more detail in a post back in 2016 when all these was added.)

 

As for the risk of doing this, I will reiterate (as I state in my post) that Adobe has good reason to be blocking access to the CF Admin via external web servers by default, for everyone's own good. Too many people simply would not heed their warnings of how to protect access to the Admin via such an external web server.

 

And one should only "open that hole in the wall" with the greatest care and consideration (indeed, adding security to the web server, if it will be open to visitors from outside the server). But opening that hole should possible for someone determined to do it.

 

Let us know how it goes.

/Charlie (server troubleshooter, carehart.org)

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jun 15, 2020 0