Enable SES

Nolan_Dubeau · December 2, 2010, 1:32pm

Hi folks,

Last night I took a crack at enabling SES on my app, and didn’t have much luck getting it to work. Reading the documentation, it seems that it should be quick and easy to get this up and running. I thought I would run through my steps, and see if anyone can point me in the right direction.

Add SES interceptor to Coldbox.cfc

//SES
{class=“coldbox.system.interceptors.SES”,
properties={configfile=“config/routes.cfm”,loosematching=“false”}

Enable settings in routes.cfm

setEnabled(true);
setUniqueURLS(true);

3.Place .htaccess file in app root - Using .htaccess contents found here: http://blog.coldboxframework.com/post.cfm/htacces-rules-to-protect-against-SQL-Injection-attacks

Verify mod_rewrite is enabled

//confirmed
LoadModule rewrite_module libexec/apache2/mod_rewrite.so in httpd.conf

From what I’ve read this should be all I need, however If I navigate to a handler without /index.cfm/ I receive a 404 error.

Any assistance on this is greatly appreciated.

Thanks very much.

Nolan

Aaron1 · December 2, 2010, 1:41pm

Try this:

RewriteEngine On

RewriteCond %{HTTP_HOST} ^www.aarongreenlee.com$ [NC]
RewriteRule ^(.*)$ http://aarongreenlee.com/$1 [R=301,L]

#Images, css, javascript and docs, add your own extensions if needed.
RewriteCond %{REQUEST_URI} .(bmp|gif|jpe?g|png|css|js|txt|pdf|doc|xls|
xml)$
RewriteRule ^(.*)$ - [NC,L]

RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.cfm/$1 [L,QSA]

#Compress
SetOutputFilter DEFLATE
#AddOutputFilterByType DEFLATE text/plain text/xml text/css text/html
application/x-javascript application/javascript text/javascript

Aaron1 · December 2, 2010, 1:43pm

I should note, you will need to remove the references to ‘aarongreenlee.com’ or replace with your domain. The second and third line simply remove the ‘www’ prefix.

Thanks.

Nolan_Dubeau · December 2, 2010, 2:57pm

Hi Aaron,

Thanks for your email. I’ll give this a shot.

Is there a way I can make the script domain agnostic or modify to have the script apply on multiple domains?

i.e on my local system my url might be http://dev.mysite.com or http://localhost/mysite/ and on staging it might be http://staging.mysite.com

Basically I’m looking for a way to have the rules apply on multiple systems, not just my production domain.

Thanks much.

Nolan

Aaron1 · December 2, 2010, 3:38pm

I’m no .htaccess master, but, if you remove line 2 and 3, it will support any domain. I should have removed those lines before sharing.

Nolan_Dubeau · December 2, 2010, 9:20pm

So I’ve placed the following .htaccess file into the v01 directory of my app. v01 contains all of my handlers, includes, model folders, index.cfm, etc…

//.htaccess

RewriteEngine On

#Images, css, javascript and docs, add your own extensions if needed.
RewriteCond %{REQUEST_URI} .(bmp|gif|jpe?g|png|css|js|txt|pdf|doc|xls|
xml)$
RewriteRule ^(.*)$ - [NC,L]

RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.cfm/$1 [L,QSA]

#Compress
SetOutputFilter DEFLATE
#AddOutputFilterByType DEFLATE text/plain text/xml text/css text/html
application/x-javascript application/javascript text/javascript

so now instead of going to: http://local.mysite.com/v01/index.cfm/user/

…i’m trying to browse…

http://local.mysite.com/v01/user/

… and I’m presented with a 404

No dice. Any ideas what i’m missing to get this to work?

Thanks guys.

Nolan

Nolan_Dubeau · December 3, 2010, 5:27pm

Hi folks,

I’ve put my .htaccess issue aside for now, as ultimately i’m deploying to a windows machine, which is using IIS7. I deployed the following web.config file to my test server and it’s tripping up on the rules part of the config. I tried removing the rules for SQL injection so that only the CB index.cfm rules applied and I get a 500.19 server error saying the config is invalid. Just wondering if anyone has been able to get the script running on IIS 7. This is the default script that came with the CB download extras folder.

Cheers.

<?xml version="1.0" encoding="UTF-8"?>

Aaron1 · December 3, 2010, 5:40pm

Check your user on your IIS folder. You need to make sure IUSR has access.

If that is not it, here is a config I use on an IIS site:

<?xml version="1.0" encoding="UTF-8"?>

andrews · December 3, 2010, 9:17pm