Pages loading blank with Lucee 4.5.1.022

[rrho...@gmail.com]

I have been having a problem where I am suddenly loading blank pages on a site that was working several days ago. Over those few days, I had made many changes to the site so I was sure it was some mistake I made. But tracking back through my revisions, I found the issue.

As we know, BonCodeAJP13.settings now has <ModCFMLSecret>{string}</ModCFMLSecret>, and that should be added to the Mod_CFML valve (in server.xml) as: sharedKey="{string}".  

So my BonCodeAJP13.settings file looks like this:

<Settings>

  <Port>8009</Port>

  <Server>localhost</Server>   

  <MaxConnections>200</MaxConnections>

  <LogLevel>0</LogLevel>

  <LogDir>c:\temp</LogDir>

  <FlushThreshold>0</FlushThreshold>

  <EnableRemoteAdmin>False</EnableRemoteAdmin>

  <ModCFMLSecret>{myString}</ModCFMLSecret>

</Settings>

And here: http://www.modcfml.org/index.cfm/documentation/modcfml-tomcat-valve/config-options/, we also see that the "shared secret" (aka. ModCFMLSecret and sharedKey and requiredSecret) should also be added to the mod_cfml valve in Tomcat's server.xml file, like this:

<Valve className="mod_cfml.core"

loggingEnabled="false"

maxContexts="200"

timeBetweenContexts="2000"

scanClassPaths="false"

sharedKey="{myString}"

/>

Next, the BonCode manual says that we also need to set: EnableHeaderDataSupport=True

So now my BonCode settings looks like this:

<Settings>

  <Port>8009</Port>

  <Server>localhost</Server>   

  <MaxConnections>200</MaxConnections>

  <LogLevel>0</LogLevel>

  <LogDir>c:\temp</LogDir>

  <FlushThreshold>0</FlushThreshold>

  <EnableRemoteAdmin>False</EnableRemoteAdmin>

  <EnableHeaderDataSupport>True</EnableHeaderDataSupport>

  <ModCFMLSecret>{myString}</ModCFMLSecret>

</Settings>

So far, so good.

Next, the manual says that our shared secret also needs to be added to the connector like this:

<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" requiredSecret="{myString}" />

And here is the issue:  When I add the requiredSecret to the <connector> all I get are blank pages in the browser.

But if I remove that requiredSecret, the pages load fine.

Am I doing something wrong, or has something changed since the Manual was written?

Thanks,

-RR

[Tom Chiverton]

Maybe your versions of the connector and valve are out of sync ?

Tom

[Paul Klinkenberg]

As far as mod_cfml is concerned, the "requiredSecret" setting is not necessary in the <Connector> tag.

You could try to remove that from the <Connector> tag to see if it helps.

But in the end, Bilal will know what to do...

Cheers, Paul

> Next, the manual says that our shared secret also needs to be added to the connector like this:

> <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" requiredSecret="{myString}" />

--
You received this message because you are subscribed to the Google Groups "Lucee" group.
To unsubscribe from this group and stop receiving emails from it, send an email to lucee+un...@googlegroups.com.
To post to this group, send email to lu...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/lucee/142482ad-5acb-427d-9082-c13b36e47952%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Jordan Michaels]

The following 'requiredSecret' parameter:

<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" requiredSecret="{myString}" />

... is for locking down AJP protocol communication. While it is very similar function, it is separate from the security built in to mod_cfml and has a separate configuration parameter within the BonCode settings file. I do not remember what it is right off the top of my head, but it's generally not necessary if your web server and tomcat are on the same machine. The mod_cfml secret key, however, is recommended in all circumstances.

Kind regards,
Jordan Michaels

To unsubscribe from this group and stop receiving emails from it, send an email to lucee+un...@googlegroups.com <mailto:lucee+un...@googlegroups.com>.
To post to this group, send email to lu...@googlegroups.com <mailto:lu...@googlegroups.com>.
To view this discussion on the web visit https://groups.google.com/d/msgid/lucee/142482ad-5acb-427d-9082-c13b36e47952%40googlegroups.com <https://groups.google.com/d/msgid/lucee/142482ad-5acb-427d-9082-c13b36e47952%40googlegroups.com?utm_medium=email&utm_source=footer>.
For more options, visit https://groups.google.com/d/optout <https://groups.google.com/d/optout>.

--
You received this message because you are subscribed to the Google Groups "Lucee" group.
To unsubscribe from this group and stop receiving emails from it, send an email to lucee+un...@googlegroups.com.
To post to this group, send email to lu...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/lucee/609813AF-7EC5-453F-ACB3-922AECE3D3C2%40ongevraagdadvies.nl.