• Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0

CF2016 - Alias for /cf_scripts/scripts in the Built-In Web Server

Participant ,
Mar 14, 2016 Mar 14, 2016

Copy link to clipboard

Copied

I'm following the lockdown guide here:

http://wwwimages.adobe.com/content/dam/acom/en/products/coldfusion/pdfs/coldfusion-2016-lockdown-gui...

The guide suggests moving the /cf_scripts/scripts directory, so I did.

The guide also suggests using only the built-in web server for accessing ColdFusion Administrator, so that's how I have it set up.

The guide also states that you should create an alias for the moved directory in the built-in web server.  See page 58 of the PDF.

If you plan on using the built-in web server to access ColdFusion administrator you may need to create an alias for /cf_scripts/scripts if you changed the Default Script Src setting in ColdFusion administrator.

To Create a new Alias for /cf_scripts/scripts in the built-in web server

If you plan to use the built-in web server for accessing ColdFusion administrator then you must also add an alias by adding a Context tag inside the Host tag of server.xml located: /opt/cf11/cfusion/runtime/conf/server.xml

<Context path="/"

docBase="/opt/cf11/cfusion/wwwroot"

Workie="/opt/cf11/fusion/runtime/cone/Catalina/localhost/tamp"

aliases="/coscripts=/opt/cf11/fusion/wwwroot/CFIDE/scripts" />

Restart ColdFusion, then test by visiting /cfscripts/cfform.js on your builtin server.

There are a ton of typos in this (Workie vs WorDir, cone vs conf, tamp vs tmp, coscripts vs cfscripts, etc.

This also appears to be referencing the cf11 paths (CFIDE/scripts vs cf_scripts/scripts, and /cfscripts/cfform.js vs cf_scripts/scripts/cfform.js).

Further, coldfusion-error.log notes the following:

WARNING: A context path must either be an empty string or start with a '/' and do not end with a '/'. The path [/] does not meet these criteria and has been changed to []

WARNING: [SetPropertiesRule]{Server/Service/Engine/Host/Context} Setting property 'aliases' to '/cf_scripts/scripts=/cf_scripts/test_scripts' did not find a matching property.

The first line isn't an issue, but the second line is.  aliases isn't a valid property of context.

The server.xml file has an example, and it's as follows:

<Context path="" docBase="<cf_home>/wwwroot" WorkDir="<cf_home>/runtime/conf/Catalina/localhost/tmp" >

<Resources>

    <PreResources base="docBase1" className="org.apache.catalina.webresources.DirResourceSet" webAppMount="/aliasPath1"/>

    <PreResources base="docBase2" className="org.apache.catalina.webresources.DirResourceSet" webAppMount="/aliasPath2"/>

  </Resources>

</Context>

This aligns with the Apache docs.

I have CF installed on Windows, at F:\CF_2016\ .  This is what I've done to alias the scripts directory (renamed to test_scripts for testing) for the built-in web server:

<Context path="/" docBase="F:/CF_2016/cfusion/wwwroot" WorkDir="F:/CF_2016/cfusion/runtime/conf/Catalina/localhost/tmp">

  <Resources>

    <PreResources base="F:/CF_2016/cfusion/wwwroot/cf_scripts/test_scripts" className="org.apache.catalina.webresources.DirResourceSet" webAppMount="/cf_scripts/scripts"/>

  </Resources>

</Context>

It seems to work.  Is this correct? Should it be aliased as /scripts or /cfscripts instead of /cf_scripts/scripts ?

Why exactly do I need to alias this for the administrator?

Thanks

Views

3.7K

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines

correct answers 1 Correct answer

Deleted User
May 03, 2016 May 03, 2016

Hello,

I was in the same boat (we're setting up a secure profile for testing) and I can see that no one has answered you so I'd like to offer what we did.

<Context path="/" docBase="{YOUR_DRIVE}:/{CFROOT}/cfusion/wwwroot" WorkDir="{YOUR_DRIVE}:/{CFROOT}/cfusion/runtime/conf/Catalina/localhost/tmp">

  <Resources>

    <PreResources base="{YOUR_DRIVE}:/{CFROOT}/cfusion/wwwroot/cf_scripts/scripts"           className="org.apache.catalina.webresources.DirResourceSet"

           webAppMount="/{NEW_CFSCRIPT

...

Votes

Translate

Translate
Guest
May 03, 2016 May 03, 2016

Copy link to clipboard

Copied

Hello,

I was in the same boat (we're setting up a secure profile for testing) and I can see that no one has answered you so I'd like to offer what we did.

<Context path="/" docBase="{YOUR_DRIVE}:/{CFROOT}/cfusion/wwwroot" WorkDir="{YOUR_DRIVE}:/{CFROOT}/cfusion/runtime/conf/Catalina/localhost/tmp">

  <Resources>

    <PreResources base="{YOUR_DRIVE}:/{CFROOT}/cfusion/wwwroot/cf_scripts/scripts"           className="org.apache.catalina.webresources.DirResourceSet"

           webAppMount="/{NEW_CFSCRIPTS_VIRTUAL_DIRTORYNAME"/>

  </Resources>

</Context>

You see, I believe the problem you had above was that the base should be the physical directory and the webAppMount should be the Virtual Directory.

You were correct about the typos in the "official" document.

I'm not sure if it matters or not but we also created the "tmp" directory (referenced above) within the "{YOUR_DRIVE}:/{CFROOT}/cfusion/runtime/conf/Catalina/localhost/" because it isn't there by default.

Regards,
David

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Participant ,
May 11, 2016 May 11, 2016

Copy link to clipboard

Copied

Thanks for the response, it looks like you did basically the same thing we did.

However, in your answer aren't your base and webAppMount switched?  It looks like you're mapping the physical scripts directory to a new logical name.  You should be moving the physical scrips directory and creating the mapping with the same logical name to the new physical location.  Right?

See Apache Tomcat 8 Configuration Reference (8.0.33) - The Resources Component

base

Identifies where the resources to be used are located. This attribute is required by the org.apache.catalina.WebResourceSet implementations provided by Tomcat and should specify the absolute path to the file, directory or JAR where the resources are located. Custom implementations may not require it.

webAppMount

Identifies the path within the web application that these resources will be made available. For the org.apache.catalina.WebResourceSet implementations provided by Tomcat, this attribute is required and must start with '/'. Custom implementations may not require it. If not specified, the default value of '/' will be used.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Guest
May 13, 2016 May 13, 2016

Copy link to clipboard

Copied

LATEST

The snippet I posted is correct.  base is my physical locations (in CF2016) and the webAppMount is my virtual directory (ex. /autumnCFScripts/).  If this were CF11 and below, that default physical location would be:

{YOUR_DRIVE}:/{CFROOT}/cfusion/wwwroot/CFIDE/scripts

For CF2016, that particular part of the "Lockdown Guide" can probably be removed now because the security concern behind remapping your cfscripts directory was that it was located inside the CFIDE and nothing about the CFIDE should be open to the public.  This concern was raised over several versions and now in CF2016, it happily resides in the wwwroot, not the CFIDE which is good enough in my book.

The secondary reason to change all the default mappings is pretty much to avoid attacks on commonly used virtual directory names.  Changing the mapping for the CF scripts directory makes it harder for a robot to find.  There are still many, many, many CF servers out there with a basic, non-secure install (with CFIDE open to the public!).  That's why Adobe came up with the "secure-profile" AND move move scripts out of the CFIDE in the first place.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation