Orange is my favorite color

I read a post by Jared Rypka-Hauer this morning on the Model-Glue list about his Apache-CF configuration that got me nodding in agreement. He sets up his Apache like so:

I leave CFIDE and WEB-INF in the default location and create a symbolic link to it in the webroot of any vhost that needs access to it. You need access to it for the scripts and CSS for any AJAX stuff, so it may be important to do this. I like having CFIDE in a consistent, central location and adding links to it where needed, and I like having a fully-default CF install so that things are always the same.

I agree with his closing sentiment; the longer I administer servers the more I have become a fan of default installs and default settings. While getting it “just the way you like it” is great, it’s not a method that scales and it’s not easy to replicate unless you fully automate from the beginning.

Jared’s post made me want to share a quick tip I use in my Apache configuration files for the CFIDE directory. I work on both Windows and Linux so I try to avoid symbolic links which are difficult to manage in Subversion and on multiple platforms. Instead, I use a single-line Apache directive to accomplish the same thing in httpd.conf:

Alias /CFIDE /opt/jrun4/servers/cfusion/cfusion-ear/cfusion-war/CFIDE

Although the administrator has its own password, I like to further secure the ColdFusion administrator to prevent people from probing for vulnerabilities or attempting a DoS:

<Location /CFIDE/administrator>
Options +FollowSymLinks
Order deny,allow
Allow from all
AuthUserFile /opt/jrun4/servers/cfusion/cfusion-ear/cfusion-war/CFIDE/.htpasswd
AuthName "Administrators"
AuthType Basic
<Limit GET POST>
require valid-user
</Limit>
</Location>

I have a few other Apache tips and tricks if anyone finds these interesting?

2 Comments

  1. Kevin Parker said:

    on January 15, 2009 at 5:27 pm

    I’m game for more tips!

    I humbly ask (as a brand new admin to Apache): Why did you use “” instead of “” since it appears your CFIDE folder resides on the same file system? Sorry if I missed something–like I said, I’m new to Apache.

    I’ve been struggling with Apache and CF8 for weeks now. More specifically,

    > Leopard Server 10.5.x (64-bit)
    > Apache 2.x (64-bit tuned down to 32-bit)
    > ColdFusion 8.0.1 (32-bit because Enterprise is beyond our needs and budget, and hence the 32-bit Apache2)

    Previously I only administered Windows Servers with IIS which from a CF setup standpoint is pretty painless. However, getting CF8 on Leopard (client or server) seems to be a regular pain the OSX+CF community. After weeks of carefully piecing together others’ solutions, I FINALLY have it all working and have a comprehensive install guide. But I got stuck at aliasing the CFIDE folder correctly.

    I worked kung fu enough to get multiple websites served by Apache + ColdFusion (using vhosts.conf on my development macbook pro), and each site happily serves up it’s index.cfm, correctly showing me their host names via my test #CGI.HOST_HTTP# code. And I can get to http://mywebsite/CFIDE/install.cfm (which seems to do nothing in my case other than look like a reject page from CF 6.x).

    But I can’t get to http://mywebsite/CFIDE/administrator/index.cfm. I get the CF error: “File not found: /CFIDE/administrator/index.cfm”.

    I am starting to know and love Apache, and was glad to stumble upon your post to help me with CFIDE. So please, do share more! :)

  2. Kevin Parker said:

    on January 16, 2009 at 1:17 am

    Sorry, I see that I forgot to htmlmanualencode my brackets. The question was about <Location> and <Directory>

    Then I only had to read a little further (the next sentence in fact) in the documentation to answer the question I posed:

    When to use <Location>

    Use <Location> to apply directives to content that lives outside the filesystem. For content that lives in the filesystem, use <Directory> and <Files>. An exception is <Location />, which is an easy way to apply a configuration to the entire server.

    Like I said, I’m new to Apache. Thanks again for sharing the tip.

    I got /CFIDE/administrator working, but I had to do it BEFORE I setup vhosts and aliases. Even then, I now can access the administrator and run my coldfusion apps, but I cannot seem to get there unless I remove your “Limit GET POST” statement:

    Alias /CFIDE /Library/WebServer/Documents/CFIDE
    Alias /cfide /Library/WebServer/Documents/CFIDE
    <Location /CFIDE/administrator>
    Options +FollowSymLinks
    Order deny,allow
    Allow from all
    AuthUserFile /Library/WebServer/Documents/CFIDE/.htpasswd
    AuthName “Administrators”
    AuthType Basic
    # <Limit GET POST>
    # require valid-user
    # </Limit>
    </Location>

    Any ideas? Thanks again, you have saved me a lot of time already! I look forward to going through your other posts.

{ RSS feed for comments on this post}