Link to home
Start Free TrialLog in
Avatar of asaworker
asaworker

asked on

ColdFusion 403 errors

Is it possible to put restrictions on folders in ColdFusion that doesn't allow users outside the netword to access them. Is this only possible in IIS?

AN example would be if a user were mto access http://www.somesite.com/somefolderurl. If they were on the network, they would get it no problem, if they were outside the network a 403 error would display. Can this happen at a directory level if you have a couple of directories this needs to happen at?
Avatar of SidFishes
SidFishes
Flag of Canada image

There is a simple way to do a redirect to a different page by adding

<cfif not find("10.10.10.",  cgi.REMOTE_ADDR) >
<cflocation url="http://google.com">
</cfif>

to application.cfm

you would just modify the find param to match the partial ip of your local network

this isn't fool proof as IP addresses can be spoofed and only applies to files processed by cfserver ...media files or documents would not be protected for direct url access

more secure would be to set up login and authentication

search for cflogin in the documentation

you can protect media and documents by serving these files via cfcontent after login
Avatar of asaworker
asaworker

ASKER

I am using login and authenication.. using isUserInRoleI was hoping to add a layer for the ip

<cfif isUserInRole("test") and newvar neq "test1" and newvar neq "test2" and not find("20.20.20.",  cgi.REMOTE_ADDR)>
            <cflocation url="/index.cfm" addtoken="no">
      </cfif>

But the not find doesn't seem to work right.
ASKER CERTIFIED SOLUTION
Avatar of SidFishes
SidFishes
Flag of Canada image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
This is perfect, what I was looking to do.