• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 526
  • Last Modified:

can't secure cfm page

Hi there.  I'm running Apache and railo (open source coldfusion) on my server.  I'm trying to prevent someone from accessing my cfm page in the browser.  In apache I set the permission but railo seems to loosen the restrictions in apache.  any idea how to fix that in railo or at least set a file in railo to prevent someone from accessing it from the browser?
0
COwebmaster
Asked:
COwebmaster
  • 3
  • 2
1 Solution
 
dgrafxCommented:
there are different ways to secure a website or webpage.
it depends on what you are trying to do
 
one very typical scenario is that a website may have public pages that anyone can browse around on and then it has "member" pages where in order to browse around there you need to be logged in and you also might have "admin" pages where not only do you need to be logged in but you need to be an administrator.

or

i have also seen people want to disallow everyone except their own ip address

and

many other scenarios ....
============================

would you please describe in just a bit more detail what you are trying to do?

and also when you say "prevent someone from accessing my cfm page" do you mean a specific individual or machine or do you mean prevent everyone except me?
0
 
COwebmasterAuthor Commented:
I'm just trying to set permissions on a sub directory under root so that no one can access any files in that directory via their browser.  How do I set file and directory permissions in railo?
0
 
dgrafxCommented:

i guess i have no idea about railio (dont even know what it is)
but something real simple in ColdFusion would be:

<cfset This.AuthIP="123.02.14.55,123.02.14.56"><!--- a list of authorized ips --->
<cfset This.Seper="\"><!--- windows is back slash - otherwise a / --->
<cfset This.RestrictedDirectoryName="myFolder">

<cfif Not listfind(This.AuthIP,cgi.remote_addr) and
      listfindnocase(getdirectoryfrompath(getbasetemplatepath()),This.RestrictedDirectoryName,This.Seper)>
      <cflocation url="/" addtoken="0"><!--- locates back to default page of root directory --->
</cfif>      
now if someone who is not in authip list enters the directory myfolder - they will be thrown out.

That code would be put into your Application.cfc file under onRequestStart function.
or if using Application.cfm just put it anywhere after the cfapplication tag
in this case also just change the "This." to "Variables." without any quotes of course!
good luck ...
0
 
COwebmasterAuthor Commented:
That worked great!  Thank you!
0
 
dgrafxCommented:
glad it worked ...
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now