Browsed by
Category: Apache

Server-side upload verification with Taffy and Lucee

Server-side upload verification with Taffy and Lucee

I was dismayed to learn recently that every image upload process I had ever developed before now was vulnerable to improper file uploads. Like many developers, I used the HTML <input type=”file”> type form fields to allow users to upload images. I made sure to restrict (I thought) those uploads to just images, but it turns out that a lot of the “security” around image uploads is based on nothing more than the file extension or, even worse, on the…

Read More Read More

Railo/Lucee CGI remote_addr/remote_host says 127.0.0.1

Railo/Lucee CGI remote_addr/remote_host says 127.0.0.1

When installed on to a Linux/Apache machine, the Railo installers will install mod_proxy_http as the default connector for Apache to Tomcat/Railo. The result is the same as you’d get with any other proxy, where the remote host is replaced with the address of the proxy (in this case 127.0.0.1) and the original requester’s IP address is placed in the “X-Forward-For” header. If you need to find the original requestors IP address you can accomplish this in one of two easy…

Read More Read More

Apache 2.4 – 403 Forbidden (AH01630: client denied by server configuration)

Apache 2.4 – 403 Forbidden (AH01630: client denied by server configuration)

I recently updated one of my development machines to Ubuntu 13.10 which now uses Apache 2.4 by default. In my case, I had updated a machine that was previously running Ubuntu version 13.04 and had been running Apache 2.2. After the upgrade, I was disturbed to find that none of my sites worked! I kept getting Apache 403 (Forbidden) error messages. I figured the upgrade had changed my configurations or something… but after fruitlessly messing with the config files (and…

Read More Read More

Making CFIDE Available to all Apache VirtualHosts

Making CFIDE Available to all Apache VirtualHosts

When working with ColdFusion on Linux, you may encounter a situation where you want to make the contents of the CFIDE folder available to all sites that are hosted on that server. The reason you might want to do this is for things like CFFORM to work properly on a host that doesn’t physically have the CFIDE directory located in that site. The solution for this is an Apache Alias. Add an alias to the Apache httpd.conf file similar to…

Read More Read More