403 Forbidden with Taffy 3.0
57 views
Skip to first unread message
Jordan Michaels
Feb 25, 2015, 7:43:21 PM2/25/15
to taffy...@googlegroups.com
I'm installing Taffy 3.0 on a Lucee/CentOS/Apache2.2 server and I'm
getting a "403 Forbidden" error when I attempt to access the Taffy
dashboard. Using 2.2.4 version of Taffy works just fine.
I am using the generic framework variables as provided in the "api"
example in the example directory. I've tried setting the
"disableDashboard" variable to "false" but it had no effect.
Has anyone else experienced this issue? Any suggestions on some setting
I might have overlooked?
--
Warm Regards,
Jordan Michaels
getting a "403 Forbidden" error when I attempt to access the Taffy
dashboard. Using 2.2.4 version of Taffy works just fine.
I am using the generic framework variables as provided in the "api"
example in the example directory. I've tried setting the
"disableDashboard" variable to "false" but it had no effect.
Has anyone else experienced this issue? Any suggestions on some setting
I might have overlooked?
--
Warm Regards,
Jordan Michaels
Adam Tuttle
Feb 26, 2015, 10:17:21 AM2/26/15
to taffy...@googlegroups.com
I don't think I've seen anyone having that problem.
- Start by verifying that this is a 403 from Taffy, and not from your webserver config/etc. If you include the reload url param, that should initiate a reload, which will cause the X-TAFFY-RELOADED: TRUE header to be returned. That's what we want to see... if you don't see it, the issue is before Taffy is ever involved.
- Look for everywhere in core/api.cfc that could return a 403 (just search for "403") and start doing dump-based debugging.
If you find anything that seems wrong or weird, let us know!
Adam
--
You received this message because you are subscribed to the Google Groups "Taffy Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to taffy-users+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Jordan Michaels
Feb 26, 2015, 3:29:20 PM2/26/15
to taffy...@googlegroups.com
Okay, here's what I did before I posted yesterday:
1) I'm running Lucee as root to ensure it's not a CFML file permission issue
2) I've verified there are no file read errors in the apache error log
3) I've tested all versions of Taffy from 2.0 up to 3, and only 3 returns the 403 error (restarting lucee to clear in-memory cache after each version upgrade)
4) I've verified that simple CFM documents render fine with an empty App.cfc
5) I get an error with Taffy 3 as soon as I add the <cfcomponent extends="taffy.core.api"> to App.cfc (with nothing but the closing tag)
6) I've changed the two 403 error responses I found in the api.cfc file to 404's, and still get a 403's.
With the above I'm fairly certain the 403 is coming from Taffy, but I'm not sure where to look at this point without combing through the code, adding stops, etc. Maybe that's what I need to do though. I was just hoping for some quick direction if anyone had encountered this before or perhaps knew of a good place to start looking.
I'll keep at it today and let you know if I find anything conclusive.
-Jordan
----- Original Message -----
From: "Adam Tuttle" <ad...@fusiongrokker.com>
To: taffy...@googlegroups.com
Sent: Thursday, February 26, 2015 7:16:40 AM
Subject: Re: 403 Forbidden with Taffy 3.0
I don't think I've seen anyone having that problem.
1. Start by verifying that this is a 403 from Taffy, and not from your
1) I'm running Lucee as root to ensure it's not a CFML file permission issue
2) I've verified there are no file read errors in the apache error log
3) I've tested all versions of Taffy from 2.0 up to 3, and only 3 returns the 403 error (restarting lucee to clear in-memory cache after each version upgrade)
4) I've verified that simple CFM documents render fine with an empty App.cfc
5) I get an error with Taffy 3 as soon as I add the <cfcomponent extends="taffy.core.api"> to App.cfc (with nothing but the closing tag)
6) I've changed the two 403 error responses I found in the api.cfc file to 404's, and still get a 403's.
With the above I'm fairly certain the 403 is coming from Taffy, but I'm not sure where to look at this point without combing through the code, adding stops, etc. Maybe that's what I need to do though. I was just hoping for some quick direction if anyone had encountered this before or perhaps knew of a good place to start looking.
I'll keep at it today and let you know if I find anything conclusive.
-Jordan
----- Original Message -----
From: "Adam Tuttle" <ad...@fusiongrokker.com>
To: taffy...@googlegroups.com
Sent: Thursday, February 26, 2015 7:16:40 AM
Subject: Re: 403 Forbidden with Taffy 3.0
I don't think I've seen anyone having that problem.
webserver config/etc. If you include the reload url param, that should
initiate a reload, which will cause the X-TAFFY-RELOADED: TRUE header to be
returned. That's what we want to see... if you don't see it, the issue is
before Taffy is ever involved.
2. Look for everywhere in core/api.cfc that could return a 403 (just
initiate a reload, which will cause the X-TAFFY-RELOADED: TRUE header to be
returned. That's what we want to see... if you don't see it, the issue is
before Taffy is ever involved.
search for "403") and start doing dump-based debugging.
If you find anything that seems wrong or weird, let us know!
Adam
On Wed, Feb 25, 2015 at 7:43 PM, Jordan Michaels <jor...@viviotech.net>
wrote:
> I'm installing Taffy 3.0 on a Lucee/CentOS/Apache2.2 server and I'm
> getting a "403 Forbidden" error when I attempt to access the Taffy
> dashboard. Using 2.2.4 version of Taffy works just fine.
>
> I am using the generic framework variables as provided in the "api"
> example in the example directory. I've tried setting the "disableDashboard"
> variable to "false" but it had no effect.
>
> Has anyone else experienced this issue? Any suggestions on some setting I
> might have overlooked?
>
> --
> Warm Regards,
> Jordan Michaels
>
> --
> You received this message because you are subscribed to the Google Groups
> "Taffy Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to taffy-users...@googlegroups.com.
If you find anything that seems wrong or weird, let us know!
Adam
On Wed, Feb 25, 2015 at 7:43 PM, Jordan Michaels <jor...@viviotech.net>
wrote:
> I'm installing Taffy 3.0 on a Lucee/CentOS/Apache2.2 server and I'm
> getting a "403 Forbidden" error when I attempt to access the Taffy
> dashboard. Using 2.2.4 version of Taffy works just fine.
>
> I am using the generic framework variables as provided in the "api"
> example in the example directory. I've tried setting the "disableDashboard"
> variable to "false" but it had no effect.
>
> Has anyone else experienced this issue? Any suggestions on some setting I
> might have overlooked?
>
> --
> Warm Regards,
> Jordan Michaels
>
> --
> You received this message because you are subscribed to the Google Groups
> "Taffy Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
--
You received this message because you are subscribed to the Google Groups "Taffy Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to taffy-users...@googlegroups.com.
You received this message because you are subscribed to the Google Groups "Taffy Users" group.
Jordan Michaels
Feb 26, 2015, 5:07:45 PM2/26/15
to taffy...@googlegroups.com
Narrowed the problem down to the highlight.min.js file in dashboard.cfm.
Commenting out this file caused the dashboard.cfm to render without the
403 forbidden error I was getting previously. Looking over the file, I
noticed it was version 8.2, so went and grabbed the non-minified version
8.4, and put that in the previous files place. Now everything works.
Pretty crazy.
Had to be something in the magnified code throwing something else off,
but no idea beyond that. This was definitely a strange one...
Warm Regards,
Jordan Michaels
Commenting out this file caused the dashboard.cfm to render without the
403 forbidden error I was getting previously. Looking over the file, I
noticed it was version 8.2, so went and grabbed the non-minified version
8.4, and put that in the previous files place. Now everything works.
Pretty crazy.
Had to be something in the magnified code throwing something else off,
but no idea beyond that. This was definitely a strange one...
Warm Regards,
Jordan Michaels
Jordan Michaels
Feb 26, 2015, 5:14:27 PM2/26/15
to taffy...@googlegroups.com
I'll bet it has something to do with the fact that these JS's are
included using CFINCLUDE instead of a script tag. I bet Lucee does some
interpretation that perhaps Adobe doesn't when you include a JS file.
Something along those lines maybe...
Warm Regards,
Jordan Michaels
included using CFINCLUDE instead of a script tag. I bet Lucee does some
interpretation that perhaps Adobe doesn't when you include a JS file.
Something along those lines maybe...
Warm Regards,
Jordan Michaels
Adam Tuttle
Feb 27, 2015, 8:59:45 AM2/27/15
to taffy...@googlegroups.com
Interesting. I wonder if it's a rogue # somewhere that causes things to go haywire. Sounds like a Lucee bug to me, though, since it's not compatible with the way ACF is working.
Adam
email to taffy-users+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "Taffy Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to taffy-users+unsubscribe@googlegroups.com.
Gerry Gurevich
Feb 27, 2015, 10:39:41 AM2/27/15
to taffy...@googlegroups.com
Could be completely unrelated. Could be file level permissions that got corrected when you replaced the old file with the new one.
To unsubscribe from this group and stop receiving emails from it, send an email to taffy-users...@googlegroups.com.
Jordan Michaels
Feb 27, 2015, 9:02:20 PM2/27/15
to taffy...@googlegroups.com
So, had some more time to dig into this issue this afternoon and I
finally figured out what was going on.
I was getting additional 403 forbidden errors in really unusual
places... so I eventually figured out it didn't have to do with Lucee or
Taffy at all.
This particular machine is behind a Sophos UTM security appliance, which
was filtering outbound communication. The idea of this particular filter
was to prevent information disclosures, like SQL data, from being
exposed in the event of a partial breach, so I was getting 403's in
places like Lucee's DataSource page, and other odd locations.
So, for the highlight.min.js file, I didn't review the logs for it but
I'm guessing there was a specific pattern in the minified JS that the
UTM was catching. Since the UTM was causing the 403's, that would
explain why there were no actual logs of issues on the VM. Everything
appeared to be working just fine from the VM's point of view. It was
only once the packets reached the UTM that they were filtered into a 403
response.
I disabled the outbound filtering on the UTM and poof, everything works
as expected now. Thanks for letting me "think out loud" on your list,
and even more, thanks for providing Taffy to the public. It's really
excellent software and our community is better for it. Thank you.
Warm Regards,
Jordan Michaels
> <jor...@viviotech.net <mailto:jor...@viviotech.net>>
> email to taffy-users+unsubscribe@__googlegroups.com
> <mailto:taffy-users%2Bunsu...@googlegroups.com>.
> For more options, visit
> https://groups.google.com/d/__optout
> <https://groups.google.com/d/optout>.
> <mailto:taffy-users%2Bunsu...@googlegroups.com>.
> For more options, visit https://groups.google.com/d/__optout
> <https://groups.google.com/d/optout>.
> <mailto:taffy-users...@googlegroups.com>.
finally figured out what was going on.
I was getting additional 403 forbidden errors in really unusual
places... so I eventually figured out it didn't have to do with Lucee or
Taffy at all.
This particular machine is behind a Sophos UTM security appliance, which
was filtering outbound communication. The idea of this particular filter
was to prevent information disclosures, like SQL data, from being
exposed in the event of a partial breach, so I was getting 403's in
places like Lucee's DataSource page, and other odd locations.
So, for the highlight.min.js file, I didn't review the logs for it but
I'm guessing there was a specific pattern in the minified JS that the
UTM was catching. Since the UTM was causing the 403's, that would
explain why there were no actual logs of issues on the VM. Everything
appeared to be working just fine from the VM's point of view. It was
only once the packets reached the UTM that they were filtered into a 403
response.
I disabled the outbound filtering on the UTM and poof, everything works
as expected now. Thanks for letting me "think out loud" on your list,
and even more, thanks for providing Taffy to the public. It's really
excellent software and our community is better for it. Thank you.
Warm Regards,
Jordan Michaels
> <mailto:taffy-users%2Bunsu...@googlegroups.com>.
> For more options, visit
> https://groups.google.com/d/__optout
> <https://groups.google.com/d/optout>.
>
>
>
>
> --
> You received this message because you are subscribed to the Google
> Groups "Taffy Users" group.
> To unsubscribe from this group and stop receiving emails from it,
> send an email to taffy-users+unsubscribe@__googlegroups.com
>
>
>
> --
> You received this message because you are subscribed to the Google
> Groups "Taffy Users" group.
> To unsubscribe from this group and stop receiving emails from it,
> <mailto:taffy-users%2Bunsu...@googlegroups.com>.
> For more options, visit https://groups.google.com/d/__optout
> <https://groups.google.com/d/optout>.
>
>
> --
> You received this message because you are subscribed to the Google
> Groups "Taffy Users" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to taffy-users...@googlegroups.com
>
> --
> You received this message because you are subscribed to the Google
> Groups "Taffy Users" group.
> To unsubscribe from this group and stop receiving emails from it, send
> <mailto:taffy-users...@googlegroups.com>.
Adam Tuttle
Feb 27, 2015, 9:10:48 PM2/27/15
to taffy...@googlegroups.com
Nice job debugging! Sounds like a fun one!
an email to taffy-users+unsubscribe@googlegroups.com
<mailto:taffy-users+unsub...@googlegroups.com>.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "Taffy Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to taffy-users+unsubscribe@googlegroups.com.
Reply all
Reply to author
Forward
0 new messages