I’ve been trying to setup ModCFML and have not been able to get it to work.
My setup:
MacBook Air m1 with macoS 12 Monterrey
Latest version of CommandBox
My directory where I placed two of my websites for this test named foo1 and foo2:
/Users/Jose/Sites/foo1
/Users/Jose/Sites/foo1
I placed my server.json file in /Users/Jose/Sites/
I also edited my /etc/hosts file to have foo1 and foo2 point to 127.0.0.1
And i launch CommandBox with the following command inside the /Users/Jose/Sites/ directory (I use sudo to have access to port numbers under 1024): sudo box start
Launching like this seems to launch everything but when I try to access the website at http://foo1 or https://foo1 fails with the string “Unauthorized” showing in the web browser.
Yep, what Gavin said. The last rule which was meant to reject any traffic coming into unrecognized domains is firing!
If this is just for local dev, then simply remove the last rule entirely! If this is for production, you can force all unknown hosts to just hit the default web root if you remove the last rule and add this rule as the first rule:
"set(attribute=%{i,X-Tomcat-DocRoot},value='')"
which basically just defaults the header so any malicious headers sent in from a hacker wouldn’t be used. That won’t be as brittle since you can add additional hosts as you wish without needing to keep another rule in sync.
Also, for anyone coming across this thread, there’s a bunch of additional context and answers here in the facebook “ColdFusion Programmers” group where the question originated. (I asked Jose to move it here so we could better help!)