I tried to disable Script permission on a folder for uploads and realized if I don't remove the JWildCardHandler, I would get,
HTTP Error 403.1 - Forbidden
You have attempted to run a CGI, ISAPI, or other executable program
from a directory that does not allow executables to run.
Would someone please explain what does JWildCardHandler do? Was it meant for handling some SEO-friendly URL? Why is it enabled by default? Wouldn't that mean requesting static files would also invoke this unnecessary handler?
The only plausible use-case I can think of is something like:
http://mydomain.com/index.cfm/something
Is this what something JWildCardHandler would handle?
Thanks
Would someone please explain what does JWildCardHandler do?
This is ColdFusion's catch-all handler for interpreting requests for ColdFusion pages.
Was it meant for handling some SEO-friendly URL? Why is it enabled by default?
If you have ColdFusion installed and have your site configured to use ColdFusion, this handler will be installed to catch those requests. It's not related to SEO.
Wouldn't that mean requesting static files would also invoke this unnecessary handler?
Considering that it's a catch-all and defined as an ISAPI filter, all requests will go through it.
Related
I am making a Chrome extension which makes an AJAX call to a local http server. The local server is not https. My extension doesn't work when visiting an https site, because of mixed-content rules.
This is disappointing because I thought the content scripts were totally isolated from the main DOM, so these rules wouldn't matter.
Is there a way to get around this?
You don't have to make the request from the content script itself.
You can delegate that to a background page by requesting it via Messaging.
Also, make sure you have host permissions for your local server. It may even solve the original issue.
Question for you guys.
If I am capturing a 404 error through an isapi filter in IIS and calling a handler with code to redirect the user by taking in their url request as a parameter and running a query on the database. Can I run into issues making that dynamic server side redirect if multiple users are being caught by the error handler simultaneously. I believe the first execution is being terminated, the second one completes, and both users are redirected to the same url.
Any thoughts?
Thanks
I am capturing a 404 error through an isapi filter in IIS...
I am not clear if you are writing the filter, or if the filter already exists. I'll assume you are writing it yourself since this is stackoverflow, and I'll assume C or C++ since you said ISAPI.
In that case....An ISAPI filter will get an HTTP_FILTER_CONTEXT for each request incoming request. You need to structure your code so as to keep those things separate; pass the pointer to that structure around to each function in your code, if using C, or store it in object state if using C++. Also your code needs to be thread-safe.
Can I run into issues making that dynamic server side redirect if multiple users are being caught by the error handler simultaneously.
Yes, if you don't follow the requirements for writing a multi-threaded filter.
There are simpler ways to accomplish what you want, I think. IIS allows administrators to specify URLs to deliver a "custom HTTP Error Response". The URL can be anything on the webserver, including a dynamic web script, like a page written in ASPNET or PHP or whatever. You may want to use a 302 redirect to your dynamic page; that's a common pattern. There's no need to resort to writing an ISAPI filter.
Without having a url rewriter such as ISAPI_Rewrite available, is it possible to achieve the following:
I would like a user to browse to http://www.jjj.com/directory where /directory does not actually exist. IIS transfers the user to not-found.cfm.
At this point I can serve index.cfm i.e. http://www.jjj.com/directory/index.cfm.
The url will display just fine and the page loads even though the directory or index.cfm doesn't exist. However I'd like to be able to not have index.cfm in the url.
Ideal:
Page Request to http://www.jjj.com/directory
IIS loads not-found.cfm as the default 404 errorhandler.
Not found strips the CGI.query_string and uses cfswitches to funnel the user to the appropriate controller function. May use onMissingTemplate?
The page request never changes in the URL and the page loads transparently the user with 200 OK status
If a user requests http://www.jjj.com/directory/index.cfm I would 301 redirect to http://www.jjj.com/directory
Current:
Page Request to http://www.jjj.com/directory
IIS loads not-found.cfm as default 404 error handler.
Not found strips the CGI.query_string and uses cfswitches to funnel the user to the appropriate controller function.
The page request changes to http://www.jjj.com/directory/index.cfm with a 200 OK status
You're asking how to cut something but telling us you're not allowed to use a knife or anything resembling one.
Here's my only clever idea using onMissingTemplate().
GET /directory/
-> 404.cfm
-> <cfinclude template="#cgi.script_name#/special.cfm" />
-> fires onMissingTemplate() where you ignore the "special.cfm" bit and just use the rest of the requested path to figure out what controller to wire up to.
This is a kludgy hack, though, so I would try to avoid it myself. Maybe if you explain why ISAPI Rewriting isn't an option, then we might be able to help further.
You can tell IIS to have 404 and 403 errors execute a custom URL on your site (such as /urlhandler.cfm).
Then, you can parse the 'cgi.query_string' and route the application anyway you desire using cfinclude to simply include the correct 'template.cfm', or, you can reformat the input your framework is expecting, or, use a project like http://coldcourse.riaforge.org/.
Just one note, IIS will give you a URL that looks like this: '404;http://yoursite.com/the/url/you/wanted/to/route'.
Is IIS7 on the approved list of software? That can get you native url rewriting and side-step the whole issue.
Second option -- my CFM voodoo is rusty, but I think you can setup IIS6 to look for a CFM page (like you are doing) but then step in at the application level and do the url rewriting/repointing before it actually hits the 404 page.
Another way around it -- find an ISAPI url rewriter that is, say, under the MIT license. Build your own copy. Then have them install that as part of your software package.
Is it possible on an IIS to redirect all files with the file extension .asp to one single file (i.e. switch.php, switch.cfm) and how?
Thx in advance for the upcoming solutions :)
EDIT:
version of IIS is "IIS 6.0"
Here’s a few different thoughts off the top of my head:
Use an ISAPI filter. Either write your own or use a commercial one like Helicon ISAPI Rewrite (the reverse proxy feature should be able to do this).
Add a global.asa file to the root of the site and Response.Redirect to the page you want in the Session_OnStart event (I think this event still fires if the requested page doesn’t actually exist but am not 100% sure). More info here.
Define a new 404 “File not found” page in IIS which loads a custom page with a redirect to your desired URL. You could do this with either client or server side script and make it conditional on the requested URL having a .asp extension so as not to catch genuine 404s for other file types.
I’d say option 1 is your “best practice” approach but option 3 would get you up and running very quickly. Good luck!
your going to want to look into "iis modrewrite" on google :)
lets you use regular expressions to define rules and you can set a global match to rewrite to 1 page
Is there any way in IIS to map requests to a particular URL with no extension to a given application.
For example, in trying to port something from a Java servlet, you might have a URL like this...
http://[server]/MyApp/HomePage?some=parameter
Ideally I'd like to be able to map everything under MyApp to a particular application, but failing that, any suggestions about how to achieve the same effect would be really helpful.
You can set the IIS6 to handle all requests, but the key to handle files without extensions is to tell the IIS not to look for the file.
http://weblogs.asp.net/scottgu/archive/2007/03/04/tip-trick-integrating-asp-net-security-with-classic-asp-and-non-asp-net-urls.aspx
You can also create an ISAPI filter that re-writes urls. The user enters a url with no extension, but the filter will interpret the request so that it does. Note that in IIS it's real easy to screw this up, so you might want to find a pre-written one. I haven't used any myself so I can't recommend a specific product that's any different than what you'd find via google, especially as I don't know your specific use case. But at least now you know what to search for.
You can also rewrite your urls using ASP.Net:
http://msdn.microsoft.com/en-us/library/ms972974.aspx