You do not have permission to delete messages in this group
Copy link
Report message
Sign in to report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to Lucee
Hi everyone
We're looking to move from ACF to Lucee. We've hit a major roadblock already unfortunately. It appears Lucee doesn't 'execute' virtual directories in IIS. ACF does this fine.
Is there a way to get Lucee to see/execute the virtual directory as ACF does? There must be other Win/IIS converts that have achieved this in Railo/Lucee?
Refactoring is not an option I'm afraid, just too much work, we have too many websites using it.
Thanks in advance
Dave
Julian Halliwell
unread,
Dec 22, 2015, 5:06:22 AM12/22/15
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Sign in to report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to lu...@googlegroups.com
Hi Dave
Try adding the virtual directories as Lucee mappings, either in your
Application.cfc or in the server/web context admin.
Julian.
Jordan Michaels
unread,
Dec 22, 2015, 1:34:11 PM12/22/15
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Sign in to report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to lu...@googlegroups.com
ACF uses a custom connector and a singular J2EE context to handle requests in order to make some things - like IIS virtual directories - easier, however, these methods don't conform to J2EE standards. Lucee has historically tried to adhere to the J2EE standards and uses standard J2EE contexts to handle different sites and web requests.
Since IIS virtual directories only exist within IIS, they have to be "translated" to a standardized Tomcat contexts. This can be done using the BonCode Connector - which adds the 'x-vdir' header to incoming web requests - and the mod_cfml tomcat valve which creates in-memory contexts for non-existent host names in an authorized request.
How did you install Lucee? If you used the Windows installer, the BonCode Connector and mod_cfml should be installed by default unless you opted not to install them.
You do not have permission to delete messages in this group
Copy link
Report message
Sign in to report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to lu...@googlegroups.com
Hi Jordan,
As far as I know, an as I didn't find the word "x-vdirs" in the Lucee source code, Lucee still needs to implement a handler for an incoming x-vdirs header. Also, we still need to add security around this header.
So for the time being, adding the virtual directories as mappings in the Lucee web context is still the way to go. Again, as far as I know.
You do not have permission to delete messages in this group
Copy link
Report message
Sign in to report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to lu...@googlegroups.com
Hey Paul,
Thanks for correcting my misunderstanding there. I assumed that since we had implemented the x-vdir header that it was also supported by subsequent systems. Can you elaborate on what kind of security you're thinking of adding for it? Looking at the valve source, it looks like the authorization key is validated before processing anything else. Are you thinking character filtering maybe?
For implementation, since a Virtual Directory can be represented in a Tomcat context using the following context config:
...do you see any reason we could not add the vdirs from the x-vdir headers to the context xml file that the mod_cfml valve creates for a new context?
Or, while I'm not as familiar as you are with the child context methods, maybe we could implement those in a way that would mimic the above config? Would be something fun to play with and see, if nothing else. ;)
You do not have permission to delete messages in this group
Copy link
Report message
Sign in to report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to lu...@googlegroups.com
Hi Jordan,
When we mailed about this previously with Bilal, I thought the idea was it would be implemented by Lucee as request-only mappings. I sure like the idea of adding it on the Tomcat level, and it sure makes sense.
I will try to implement this on the Tomcat level, probably in January.
The security issue I was worried about, was only applicable when Lucee would handle the mappings, as it currently would not have a way to validate the source of the incoming header. But when done in the Tomcat valve, we have the shared secret key for validation :)
You do not have permission to delete messages in this group
Copy link
Report message
Sign in to report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to Lucee
Thanks Paul.
I think the Tomcat level mapping would be interesting.
we can block out the potential security implication by adding a blacklist directive into the BonCode setting file like so: <HeaderBlackList>x-vdirs</HeaderBlackList>
This will prevent externally passed in headers from being added to the HTTP header.