somethingJava is a website design company that specializes in development of content managed websites at an affordable cost. Web design for all, to us, means we can fit the needs of small to enterprise businesses.
   To learn more about bluApple click here

bluApple ColdPress current release 2.5
Blogs
Posted: 01/11/2011 at 6:24 AM by Atticus Craft
Tags: apache, linux, cent os, coldfusion, orbital defender, virtual hosts
This was a problem I was recently faced with for our project Orbital Defender. We needed to remotely connect to a ColdFusion Component (CFC) by calling it directly. Unfortunately, every time we attempted to do so, the server would return a 503 Forbidden message.

We are running a Linux Cent OS box with Apache Virtual Hosts. The latter is the key, but I'll get to that in a minute.

Let's use the following (fake) string as an example:
http://www.mysitename.com/modules/modname/my_component.cfc

I verified repeatedly that the path was indeed correct (it was) and then checked the file permissions, which were set properly and in the proper group and owner. Next step was to try searching Google and surprisingly this was one of those rare occasions where no matter what search string I gave it, I was getting back nothing helpful on this topic for close to four hours.

After failing miserably for over four hours, my desire to keep at it was long gone and I would have liked nothing more than to just pretend the problem didn't exist, but it did... and it was mission critical.

I began to make assumptions (as I often do when debugging) about what it could be. I knew that it had previous worked, prior to us switching to using Virtual Hosts on apache, back when we were using the  directives directly in the httpd.conf file. So I made the assumption that it was related to that.

A lot more searching and I noticed that the directive had an option called "Allow from All" which was no where to be found in the directive's documentation. This seemed like a logical conclusion (that it was the root of the issue) as no where did it state "Allow from", the only problem was... doesn't have a way of telling apache anything about who is allowed based on the apache documentation:

<VirtualHost 10.1.2.3>
ServerAdmin webmaster@host.foo.com
DocumentRoot /www/docs/host.foo.com
ServerName host.foo.com
ErrorLog logs/host.foo.com-error_log
TransferLog logs/host.foo.com-access_log
</VirtualHost>

So I did the next logical step (in my opinion) and added in a directive right below my virtual host:
   
<Directory "/path/to/cfc/">
    AllowOverride None
    Order allow,deny
    Allow from all
</Directory>

It worked! Both the ColdFusion component explorer and the ability to browse directly to the CFC were restored and functional as expected. I later went back and locked it down for tighter security, but I rejoiced in the fact at that moment that I was finally able to get to the CFC without being "forbidden".

I wrote this post for two reasons, the first being that I am not 100% if this is the best way to resolve the issue, but it's the only way I have found, and so look to the community for feedback, but also in the hopes that anyone else who may be struggling with a similar issue will stumble across it and resolve their problem as well, because the amount of topics on this seemed severely lacking.

Thanks for taking the time and I really hope to hear back from someone on how they think a better way of going about this would be.

Comments:

No Comments have been posted.

Add a Comment:








You may post code in your comments by surrounding it with [code] and [/code]
Notify me of follow-up comments via email.


I originally built bluApple as a personal utility to rapidly produce websites. Over several years it has slowly grown into a respectable CMS tool. I feel that with support from the community, bluApple Coldpress can become a contender as one of the top CMS products on the market.

Marco G. Williams
Lead Developer & CEO