asaworker
asked on
ColdFusion 403 errors
Is it possible to put restrictions on folders in ColdFusion that doesn't allow users outside the netword to access them. Is this only possible in IIS?
AN example would be if a user were mto access http://www.somesite.com/somefolderurl. If they were on the network, they would get it no problem, if they were outside the network a 403 error would display. Can this happen at a directory level if you have a couple of directories this needs to happen at?
AN example would be if a user were mto access http://www.somesite.com/somefolderurl. If they were on the network, they would get it no problem, if they were outside the network a 403 error would display. Can this happen at a directory level if you have a couple of directories this needs to happen at?
ASKER
I am using login and authenication.. using isUserInRoleI was hoping to add a layer for the ip
<cfif isUserInRole("test") and newvar neq "test1" and newvar neq "test2" and not find("20.20.20.", cgi.REMOTE_ADDR)>
<cflocation url="/index.cfm" addtoken="no">
</cfif>
But the not find doesn't seem to work right.
<cfif isUserInRole("test") and newvar neq "test1" and newvar neq "test2" and not find("20.20.20.", cgi.REMOTE_ADDR)>
<cflocation url="/index.cfm" addtoken="no">
</cfif>
But the not find doesn't seem to work right.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
This is perfect, what I was looking to do.
<cfif not find("10.10.10.", cgi.REMOTE_ADDR) >
<cflocation url="http://google.com">
</cfif>
to application.cfm
you would just modify the find param to match the partial ip of your local network
this isn't fool proof as IP addresses can be spoofed and only applies to files processed by cfserver ...media files or documents would not be protected for direct url access
more secure would be to set up login and authentication
search for cflogin in the documentation
you can protect media and documents by serving these files via cfcontent after login