SES problems with IIS 7.5 and ColdFusion 10

I've got a site built using ColdBox and am trying to remove the /index.cfm/ from the URL. I have this working great on ColdFusion 9 running on IIS7 using the below web.config file, but can't for the life of me get it to work on CF10/IIS7.5. The rewrite module is installed and SES URLs that include index.cfm (i.e. index.cfm/product/1) work just fine. I know CF10 now runs on Tomcat instead of JRun and that out of the box Tomcat doesn't support SES URLs, but from what I understand, the CF team explicitly added support for them (and indeed checking the web.xml file shows that to be true.) I really don't believe this is a ColdBox specific issue, but rather something between CF10/Tomcat and IIS7.5.

NOTE: I don't have direct access to the web server, but am working with the hosting provider. I'm also not an IIS pro by any stretch of the imagination. And lastly, no, Apache is not an option - trust me, I wish it were otherwise ;-)

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
    <defaultDocument>
        <files>
            <clear />
            <add value="index.cfm" />
            <add value="Default.htm" />
            <add value="Default.asp" />
            <add value="index.htm" />
            <add value="index.html" />
            <add value="iisstart.htm" />
            <add value="default.aspx" />
        </files>
    </defaultDocument>
    <rewrite>
        <rules>
            <rule name="SQL Injection - EXEC" stopProcessing="true">
                <match url="^.*EXEC\(@.*$" />
                <action type="CustomResponse" url="/includes/templates/404.html" statusCode="403" statusReason="Forbidden" statusDescription="Forbidden" />
            </rule>
            <rule name="SQL Injection - CAST" stopProcessing="true">
                <match url="^.*CAST\(.*$" />
                <action type="CustomResponse" url="/includes/templates/404.html" statusCode="403" statusReason="Forbidden" statusDescription="Forbidden" />
            </rule>
            <rule name="SQL Injection - DECLARE" stopProcessing="true">
                <match url="^.*DECLARE.*$" />
                <action type="CustomResponse" url="/includes/templates/404.html" statusCode="403" statusReason="Forbidden" statusDescription="Forbidden" />
            </rule>
            <rule name="SQL Injection - DECLARE%20" stopProcessing="true">
                <match url="^.*DECLARE%20.*$" />
                <action type="CustomResponse" url="/includes/templates/404.html" statusCode="403" statusReason="Forbidden" statusDescription="Forbidden" />
            </rule>
            <rule name="SQL Injection - NVARCHAR" stopProcessing="true">
                <match url="^.*NVARCHAR.*$" />
                <action type="CustomResponse" url="/includes/templates/404.html" statusCode="403" statusReason="Forbidden" statusDescription="Forbidden" />
            </rule>
            <rule name="SQL Injection - sp_password" stopProcessing="true">
                <match url="^.*sp_password.*$" />
                <action type="CustomResponse" url="/includes/templates/404.html" statusCode="403" statusReason="Forbidden" statusDescription="Forbidden" />
            </rule>
            <rule name="SQL Injection - xp" stopProcessing="true">
                <match url="^.*%20xp_.*$" />
                <action type="CustomResponse" url="/includes/templates/404.html" statusCode="403" statusReason="Forbidden" statusDescription="Forbidden" />
            </rule>
            <rule name="Application Adminsitration" stopProcessing="true">
                <match url="^(.*)$" />
                <conditions logicalGrouping="MatchAll">
                    <add input="{SCRIPT_NAME}" pattern="^/(.*(CFIDE|cfide|CFFormGateway|jrunscripts|railo-context|fckeditor)).*$" ignoreCase="false" />
                </conditions>
                <action type="None" />
            </rule>
            <rule name="Flash and Flex Communication" stopProcessing="true">
                <match url="^(.*)$" ignoreCase="false" />
                <conditions logicalGrouping="MatchAll">
                    <add input="{SCRIPT_NAME}" pattern="^/(.*(flashservices|flex2gateway|flex-remoting)).*$" ignoreCase="false" />
                </conditions>
                <action type="Rewrite" url="index.cfm/{PATH_INFO}" appendQueryString="true" />
            </rule>
            <rule name="Static Files" stopProcessing="true">
                <match url="^(.*)$" />
                <conditions logicalGrouping="MatchAll">
                    <add input="{SCRIPT_NAME}" pattern="\.(bmp|gif|jpe?g|png|css|js|txt|pdf|doc|xls)$" ignoreCase="false" />
                </conditions>
                <action type="None" />
            </rule>
            <rule name="RESTful Applications (not working yet)" stopProcessing="true">
                <match url="^(.*)$" />
                <conditions logicalGrouping="MatchAll">
                    <add input="{SCRIPT_NAME}" pattern="^/(.*(rest)).*$" ignoreCase="false" />
                </conditions>
                <action type="None" />
            </rule>
            <rule name="Insert index.cfm" stopProcessing="true">
                <match url="^(.*)$" ignoreCase="false" />
                <conditions logicalGrouping="MatchAll">
                    <add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
                    <add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true" />
                </conditions>
                <action type="Rewrite" url="index.cfm/{PATH_INFO}" appendQueryString="true" />
            </rule>
        </rules>
    </rewrite>
</system.webServer>
</configuration>

Answers


The only work around I have found was to install a different URL rewriter, such as Helicon's.

BUT this has been fixed in the 10.0.1 update released this weekend! http://blogs.coldfusion.com/post.cfm/coldfusion-10-update-1-10-0-1-released


Need Your Help

CP-ABE and ABE API

security encryption cryptography cloud

Is there any Java or .Net implementation (API) available for Ciphertext-Policy Attribute-Based Encryption or for Attribute-Based Encryption