Solved

ColdFusion 403 errors

Posted on 2008-06-17
4
421 Views
Last Modified: 2013-12-24
Is it possible to put restrictions on folders in ColdFusion that doesn't allow users outside the netword to access them. Is this only possible in IIS?

AN example would be if a user were mto access http://www.somesite.com/somefolderurl. If they were on the network, they would get it no problem, if they were outside the network a 403 error would display. Can this happen at a directory level if you have a couple of directories this needs to happen at?
0
Comment
Question by:asaworker
  • 2
  • 2
4 Comments
 
LVL 36

Expert Comment

by:SidFishes
ID: 21805991
There is a simple way to do a redirect to a different page by adding

<cfif not find("10.10.10.",  cgi.REMOTE_ADDR) >
<cflocation url="http://google.com">
</cfif>

to application.cfm

you would just modify the find param to match the partial ip of your local network

this isn't fool proof as IP addresses can be spoofed and only applies to files processed by cfserver ...media files or documents would not be protected for direct url access

more secure would be to set up login and authentication

search for cflogin in the documentation

you can protect media and documents by serving these files via cfcontent after login
0
 

Author Comment

by:asaworker
ID: 21806070
I am using login and authenication.. using isUserInRoleI was hoping to add a layer for the ip

<cfif isUserInRole("test") and newvar neq "test1" and newvar neq "test2" and not find("20.20.20.",  cgi.REMOTE_ADDR)>
            <cflocation url="/index.cfm" addtoken="no">
      </cfif>

But the not find doesn't seem to work right.
0
 
LVL 36

Accepted Solution

by:
SidFishes earned 500 total points
ID: 21806281
what's with the 20.20.20. ?

private network ranges should be

10.0.0.0 -      10.255.255.255
172.16.0.0 - 172.31.255.255
192.168.0.0 - 192.168.255.255

anything else is potentially an internet (ie: public) IP

in any case, you have to use find not find based on what you are trying to do.. my example says "if you are from the IP range 10.10.10.*" then go to google. you'd use only find if you want say "if you _are_ from 10.10.10.* then go to index.cfm else go to not authorized page
<cfif isUserInRole("test") and newvar neq "test1" and newvar neq "test2" and find("20.20.20.",  cgi.REMOTE_ADDR)>
<cflocation url="/index.cfm" addtoken="no">
<cflese>
<cflocation url="http://google.com">
</cfif>

Open in new window

0
 

Author Comment

by:asaworker
ID: 21807036
This is perfect, what I was looking to do.
0

Featured Post

Master Your Team's Linux and Cloud Stack

Come see why top tech companies like Mailchimp and Media Temple use Linux Academy to build their employee training programs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
502 - Web server received an invalid response 4 88
Problem to go to Web page 2 118
Coldfusion Complex Structure Reference 4 35
Application gets hammered - IIS 2 36
This is an updated version of a post made on my blog over 3 years ago. It is unfortunately, still very relevant as we continue to see both SQLi (SQL injection) and XSS (cross site scripting) attacks hitting some of the most recognizable website and …
CFGRID Custom Functionality Series -  Part 1 Hi Guys, I was once asked how it is possible to to add a hyperlink in the cfgrid and open the window to show the data. Now this is quite simple, I have to use the EXT JS library for this and I achiev…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now