Domain for images only, don't want cookie

35 views
Skip to first unread message

Derrick Peavy

unread,
Dec 7, 2011, 7:11:10 PM12/7/11
to Railo
I'm a bit lost here.

I have a static domain that I am using to serve images in my content.

My content domain is www.something.com and it's Railo on Tomcat and
Apache, using AJP.

My static domain is images.something.com and it's nothing but images
(and/or directories with images), no html, no cfm, no text at all.

So, when I load my page, cookies are being set by Railo for BOTH
domains.

Is there a magic way to tell Railo to not set a cookie for
images.something.com?

Judah McAuley

unread,
Dec 7, 2011, 7:17:38 PM12/7/11
to ra...@googlegroups.com
If there is really nothing but static images, I'd use a web server,
create an entry that does host header parsing to grab all the requests
for images.something.com and then let it use the static file handler
to serve them up. No reason for Tomcat or Railo to ever touch those
requests.

Judah

Derrick Peavy

unread,
Dec 7, 2011, 7:24:49 PM12/7/11
to Railo
Right, that's my point.

The domain images.something.com IS NOT configured under Tomcat to be
used for CFM at all. There is no Railo config or WEB-INF folder in
that domain. There are no CFM files in that domain. Yet, Railo IS
sending a cookie for images.something.com

-D

On Dec 7, 7:17 pm, Judah McAuley <judah.mcau...@gmail.com> wrote:
> If there is really nothing but static images, I'd use a web server,
> create an entry that does host header parsing to grab all the requests
> for images.something.com and then let it use the static file handler
> to serve them up. No reason for Tomcat or Railo to ever touch those
> requests.
>
> Judah
>
>
>
>
>
>
>
> On Wed, Dec 7, 2011 at 4:11 PM, Derrick Peavy <derr...@derrickpeavy.com> wrote:
> > I'm a bit lost here.
>
> > I have a static domain that I am using to serve images in my content.
>

> > My content domain iswww.something.comand it's Railo on Tomcat and

Todd Rafferty

unread,
Dec 7, 2011, 7:26:59 PM12/7/11
to ra...@googlegroups.com
Can you show us screenshot of these cookies, domain information, etc? You shouldn't be getting anything except images. Furthermore, can you load up a program like wireshark and watch the traffic come across?
--
~Todd Rafferty
Volunteer
Community Manager
Railo Server - Open Source
----

Judah McAuley

unread,
Dec 7, 2011, 7:37:15 PM12/7/11
to ra...@googlegroups.com
But why is it hitting Tomcat at all? You should be able to make a
virtual host that doesn't proxy to Tomcat and then there is no way
that Tomcat or Railo could be setting cookies.

Also, what are the cookies you're seeing? Are you sure they are from
Railo and not something else?

Cheers,
Judah

Derrick Peavy

unread,
Dec 7, 2011, 7:52:05 PM12/7/11
to Railo
URL for examination:

- http://images.collegeclassifieds.com/campusbooks/720x089.png

...Look at that with whatever tools you desire, you will see a cookie
for images.collegeclassifieds.com


Then look at
- http://images.collegeclassifieds.com/

....No cookie


Then try
- http://images.collegeclassifieds.com/anythingyouwant.html

... and you will see a default Railo config page


Would upload pic of document elements, but don't see a way to do that.


More info...

In Apache, the images.collegeclassifieds.com is a completely separate
conf file, no cfm docs at all. And there is no doc base or other conf
setting in Tomcat for images.collegeclassifieds.com either.

Only thing I can think of is that there is an issue with hosting this
domain technically inside of another. And this may be where I am so in
the wrong, but it was an easy shortcut, something tells my I will have
to change it.

In other words /images is a folder under www.collegeclassifieds.com
and images.collegeclassifieds.com is a separate host under apache, but
the root is at www/images, where www is the root for www.collegeclassifieds.com

My assumption was that Apache doesn't care, why should Tomcat? Even
though the images folder is nested inside the main www domain, it's a
separate conf file in Apache, and no connection to Tomcat, no cfm
files, etc.

So, maybe that's the problem, but it just seems that from a technical
point of view, this should be OK to do.

-Derrick

Peter Boughton

unread,
Dec 7, 2011, 8:04:57 PM12/7/11
to ra...@googlegroups.com
Derrick wrote:
> The domain images.something.com IS NOT configured under Tomcat to be
> used for CFM at all. There is no Railo config or WEB-INF folder in
> that domain. There are no CFM files in that domain. Yet, Railo IS
> sending a cookie for images.something.com

If Tomcat hasn't been told what to do with the domain then Railo is
not sending a cookie for it.
If Railo is sending a cookie then something has been configured to
tell it to do so.

So, the first thing is to determine what makes you think cookies are being set?

Specifically, are you sure what you're looking at is not the *browser*
sending the cookies back to the web server?

When you set a cookie for domain.com (in any software), you can make
it specific to that domain (excluding sub-domains), or you can make it
apply to all sub-domains - and the latter is probably what you have in
this situation.

When you are looking at images.domain.com, do you see a "cookie"
request header or a "set-cookie" response header?

If you are seeing the request header, it's likely as I've just
described (i.e. cookie applies to domain.com and all sub-domains).

If the response header is what you get, it's because something is
configured to set the cookies.


Based on your latest message:

> URL for examination:
>
>       - http://images.collegeclassifieds.com/campusbooks/720x089.png
>
> ...Look at that with whatever tools you desire, you will see a cookie
> for images.collegeclassifieds.com


No, I don't see any cookies when I look at that.

When I visit the other link I get the set cookie, and when I come back
then I see the Request header sending that cookie back to the server -
as I've described.

Again, this is a cookie being provided by the browser (not by Railo).

If you've only got a web server involved you don't really need to
worry about this, it'll just ignore the cookies, so it's just making
the request a few bytes bigger.
You could configure the cookies to only apply for
collegeclassifieds.com - but of course this would apply to all
subdomains (including www) so may not be an option depending on how
your application works.

(I'm not sure why you're getting the railo welcome page when you
should get a 404 - that indicates a configuration issue that you need
to check out.)

Todd Rafferty

unread,
Dec 7, 2011, 8:07:21 PM12/7/11
to ra...@googlegroups.com
I visited http://images.collegeclassifieds.com/anythingyouwant.html and I got 2 cookies. Why is the Railo welcome page here? Did you copy / paste that into this file or is Railo actually rendering this page?

So, you're saying that you're hosting it like this?
/root_folder_for_website_a/subdomain_folder/

If that's the case, then Application.cfc/Application.cfm is technically still running and will traverse up the tree.

Also, do you have Railo setup to parse .html files?

I think you need to post your httpd.conf and your server.xml - if you need to, send it to me off-list.

Peter Boughton

unread,
Dec 7, 2011, 8:09:14 PM12/7/11
to ra...@googlegroups.com
Derrick wrote:
> In Apache, the images.collegeclassifieds.com is a completely separate
> conf file, no cfm docs at all. And there is no doc base or other conf
> setting in Tomcat for images.collegeclassifieds.com either.

You need to double-check your configuration, because the Railo Admin
login page is accessible:
http://images.collegeclassifieds.com/railo-context/admin/server.cfm

That means that *something* is configured to connect Apache to Railo
for that sub-domain.

Peter Boughton

unread,
Dec 7, 2011, 8:24:36 PM12/7/11
to ra...@googlegroups.com
Ok, so here's a summary of some requests:

/ => Apache 403
/campusbooks => Apache 403
/campusbooks/720x089.png => Apache 200
/campusbooks/720x089.png/test => Tomcat 404
/campusbooks/non-existing-file.png => redirected to index.cfm
/non-existing-file.png => redirected to index.cfm
/non-existing-file.png/test => redirected to index.cfm
/index.cfm => Tomcat 200
/index.cfm/test => Tomcat 404 with message "HTTP Status 404 -
/index.cfm%3Fpath_info=/test"

This last one of course looks like an attempt to rewrite the URL.

So, in addition to seeing httpd.conf and server.xml, it'd be useful to
also see any mod_rewrite and/or Tuckey URL Rewrite rules which are in
place, and might be causing mischief.

Derrick Peavy

unread,
Dec 7, 2011, 8:58:38 PM12/7/11
to Railo
Good point.

So, this is on Ubuntu and under /usr/local/tomcat/webapps/root is the
original WEB-INF folder (RAILO)

Then, on each CF domain (and only this domains running CF), there is a
copy of the original WEB-INF folder.

The OS is on one RAID 0 drive pair and the web files are on another.
As I have been able to understand it, this is the way to set things up
to multi home with Railo/Tomcat. No?

But something is whacky because if you go to a domain that does not
use CF, and has no WEB-INF folder in the site, is 100% apart from any
other site, you can get to the admin as well:
http://www.janetmetzger.com/railo-context/admin/server.cfm is one
example and that's a site with no relation to CF at all.

I think first, I have to pull the images.xxxx home folder out and into
it's own directory outside of the www.xxxx structure.

And then second, as you say, I've missed something in my set up.
Posted below is the relevant config info

Running Apache 2.2 - in the /etc/apache2/httpd.conf file:


#
# Start: Tomcat for Railo configuration with proxy+ajp13:
#

<IfModule !proxy_module>
LoadModule proxy_module libexec/apache2/mod_proxy.so
</IfModule>

<IfModule !rewrite_module>
LoadModule rewrite_module libexec/apache2/mod_rewrite.so
</IfModule>

ProxyPreserveHost On
ProxyPass /images !
ProxyPass /lib !
ProxyPass /mint !
ProxyPassMatch ^/(.+\.cf[cm])$ ajp://localhost:8009/$1
ProxyPassMatch ^/(.+\.cf[cm])(/.*)$ ajp://localhost:8009/$1?path_info=$2
ProxyPassMatch ^/((flashservices/gateway|messagebroker/|flex2gateway/|
openamf/gateway/).*) ajp://localhost:8009/$1

#
# End: Tomcat for Railo configuration with proxy+ajp13:
#

-Derrick

Sean Daniels

unread,
Dec 8, 2011, 7:17:37 AM12/8/11
to ra...@googlegroups.com

On Dec 7, 2011, at 8:58 PM, Derrick Peavy wrote:

> But something is whacky because if you go to a domain that does not
> use CF, and has no WEB-INF folder in the site, is 100% apart from any
> other site, you can get to the admin as well:
> http://www.janetmetzger.com/railo-context/admin/server.cfm is one
> example and that's a site with no relation to CF at all.

You say it's 100% apart from any other site, and on the file system this may be so, but if it's hosted by the same Apache server the conf file below is set up with, it looks to me like *all domains* hosted by this Apache will be proxied to Tomcat via the single localhost tomcat host.

I.e., all of your requests are being served by Tomcat except for the ones you've explicitly blocked (images, lib, mint).

I wonder if your browser is making a call to /favicon.ico with image requests which it then sent to Tomcat, which then sets the cookie.

If what I'm guessing is correct, you need to set up your sites with Virtual Hosts in Apache so you can avoid proxying the ones you don't want to go to Tomcat.

Todd Rafferty

unread,
Dec 8, 2011, 9:33:09 AM12/8/11
to ra...@googlegroups.com
What Sean says is correct.  Thank you for picking up on this Sean. I completely glazed over that fact.

Derrick Peavy

unread,
Dec 8, 2011, 2:37:49 PM12/8/11
to Railo
All sites ARE set up as virtual hosts.

And over the last 18 or so hours, the image directories have been
corrected to be stand alone. So, for instance,
images.collegeclassifieds.com is a virtual host and is located outside
of the www.collegeclassifieds.com le structure. They exist in two
separate areas of the drive now. Each site (www and images) have their
own non connected and non nested (within each other) file structure.
They each have their own .conf virtual host file in Apache.

If I understand the rest of your reply, then you are saying that the
particular AJP configuration I have set up in the Apache httpd.conf
file is being applied to all domains, and virtual domains.

OK. Not sure that is true, but assuming it is, the only files that
should be proxied to Tomcat are cfc and cfm files. Yes?

I will move the config settings into the appropriate virtual hosts
conf files and see what that does.

-Derrick

On Dec 8, 7:17 am, Sean Daniels <daniels.s...@gmail.com> wrote:
> On Dec 7, 2011, at 8:58 PM, Derrick Peavy wrote:
>
> > But something is whacky because if you go to a domain that does not
> > use CF, and has no WEB-INF folder in the site, is 100% apart from any
> > other site, you can get to the admin as well:

> >http://www.janetmetzger.com/railo-context/admin/server.cfmis one

Derrick Peavy

unread,
Dec 8, 2011, 4:12:50 PM12/8/11
to Railo
Peter,

Can you give the site a check again, I think I've solved it. I checked
with a Firefox plug in and I don't see any cookies being set now from
images.collegeclassifies.com and the Railo admin page is no longer
available under that domain.

-D

Derrick Peavy

unread,
Dec 8, 2011, 4:15:20 PM12/8/11
to Railo
Todd,

I've changed the httpd.conf file and the Tomcat/AJP proxy settings
have been removed from that file and are now in each virtual host conf
file where required. Seems like a pain, but on the other hand, I'm not
in the hosting business, I just have a lot of domains. So, who cares
if I have to do it per conf file, set it once, move on.

So non CF domains no longer appear to be being passed to Tomcat.

-Derrick


On Dec 8, 9:33 am, Todd Rafferty <t...@getrailo.org> wrote:
> What Sean says is correct.  Thank you for picking up on this Sean. I
> completely glazed over that fact.
>
>
>
>
>
>
>
>
>
> On Thu, Dec 8, 2011 at 7:17 AM, Sean Daniels <daniels.s...@gmail.com> wrote:
>
> > On Dec 7, 2011, at 8:58 PM, Derrick Peavy wrote:
>
> > > But something is whacky because if you go to a domain that does not
> > > use CF, and has no WEB-INF folder in the site, is 100% apart from any
> > > other site, you can get to the admin as well:

> > >http://www.janetmetzger.com/railo-context/admin/server.cfmis one

> ~Todd Rafferty*
> Volunteer** *Community Manager

Peter Boughton

unread,
Dec 8, 2011, 7:07:23 PM12/8/11
to ra...@googlegroups.com
Yep, no admin or welcome pages appearing, and no Railo cookies set/sent.


I can still get to Tomcat/Railo on port :8080 though - if you want to
force everything to go through Apache you could probably block that
port at a firewall level.

Reply all
Reply to author
Forward
0 new messages