3
我有一个使用ColdBox构建的网站,并试图从URL中删除/index.cfm/。我在使用下面的web.config文件在IIS7上运行的ColdFusion 9上工作得很好,但不能让我在CF10/IIS7.5上运行。安装了rewrite模块,并且包含index.cfm(即index.cfm/product/1)的SES URL工作得很好。我知道CF10现在运行在Tomcat上而不是JRun上,并且Tomcat不支持SES URL,但从我所了解的情况来看,CF团队明确地增加了对它们的支持(并且实际上检查web.xml文件表明:是真的)。我真的不相信这是一个ColdBox特定的问题,而是CF10/Tomcat和IIS7.5之间的东西。SES IIS 7.5和ColdFusion 10问题
注意:我没有直接访问Web服务器,但正在与托管提供商合作。我也不是任何想象力的IIS专业人员。最后,不,Apache是不是一种选择 - 相信我,我希望不是这样;-)
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<defaultDocument>
<files>
<clear />
<add value="index.cfm" />
<add value="Default.htm" />
<add value="Default.asp" />
<add value="index.htm" />
<add value="index.html" />
<add value="iisstart.htm" />
<add value="default.aspx" />
</files>
</defaultDocument>
<rewrite>
<rules>
<rule name="SQL Injection - EXEC" stopProcessing="true">
<match url="^.*EXEC\(@.*$" />
<action type="CustomResponse" url="/includes/templates/404.html" statusCode="403" statusReason="Forbidden" statusDescription="Forbidden" />
</rule>
<rule name="SQL Injection - CAST" stopProcessing="true">
<match url="^.*CAST\(.*$" />
<action type="CustomResponse" url="/includes/templates/404.html" statusCode="403" statusReason="Forbidden" statusDescription="Forbidden" />
</rule>
<rule name="SQL Injection - DECLARE" stopProcessing="true">
<match url="^.*DECLARE.*$" />
<action type="CustomResponse" url="/includes/templates/404.html" statusCode="403" statusReason="Forbidden" statusDescription="Forbidden" />
</rule>
<rule name="SQL Injection - DECLARE%20" stopProcessing="true">
<match url="^.*DECLARE%20.*$" />
<action type="CustomResponse" url="/includes/templates/404.html" statusCode="403" statusReason="Forbidden" statusDescription="Forbidden" />
</rule>
<rule name="SQL Injection - NVARCHAR" stopProcessing="true">
<match url="^.*NVARCHAR.*$" />
<action type="CustomResponse" url="/includes/templates/404.html" statusCode="403" statusReason="Forbidden" statusDescription="Forbidden" />
</rule>
<rule name="SQL Injection - sp_password" stopProcessing="true">
<match url="^.*sp_password.*$" />
<action type="CustomResponse" url="/includes/templates/404.html" statusCode="403" statusReason="Forbidden" statusDescription="Forbidden" />
</rule>
<rule name="SQL Injection - xp" stopProcessing="true">
<match url="^.*%20xp_.*$" />
<action type="CustomResponse" url="/includes/templates/404.html" statusCode="403" statusReason="Forbidden" statusDescription="Forbidden" />
</rule>
<rule name="Application Adminsitration" stopProcessing="true">
<match url="^(.*)$" />
<conditions logicalGrouping="MatchAll">
<add input="{SCRIPT_NAME}" pattern="^/(.*(CFIDE|cfide|CFFormGateway|jrunscripts|railo-context|fckeditor)).*$" ignoreCase="false" />
</conditions>
<action type="None" />
</rule>
<rule name="Flash and Flex Communication" stopProcessing="true">
<match url="^(.*)$" ignoreCase="false" />
<conditions logicalGrouping="MatchAll">
<add input="{SCRIPT_NAME}" pattern="^/(.*(flashservices|flex2gateway|flex-remoting)).*$" ignoreCase="false" />
</conditions>
<action type="Rewrite" url="index.cfm/{PATH_INFO}" appendQueryString="true" />
</rule>
<rule name="Static Files" stopProcessing="true">
<match url="^(.*)$" />
<conditions logicalGrouping="MatchAll">
<add input="{SCRIPT_NAME}" pattern="\.(bmp|gif|jpe?g|png|css|js|txt|pdf|doc|xls)$" ignoreCase="false" />
</conditions>
<action type="None" />
</rule>
<rule name="RESTful Applications (not working yet)" stopProcessing="true">
<match url="^(.*)$" />
<conditions logicalGrouping="MatchAll">
<add input="{SCRIPT_NAME}" pattern="^/(.*(rest)).*$" ignoreCase="false" />
</conditions>
<action type="None" />
</rule>
<rule name="Insert index.cfm" stopProcessing="true">
<match url="^(.*)$" ignoreCase="false" />
<conditions logicalGrouping="MatchAll">
<add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
<add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true" />
</conditions>
<action type="Rewrite" url="index.cfm/{PATH_INFO}" appendQueryString="true" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>