Coldfusion 10 Lockdown - Apache
So I'm setting up our new Windows/Apache/Coldfusion 10 server, and I'm trying to get it all configured (multiple web sites, multiple instances of CF), and have followed the lockdown guide as closely as possible. I have set up separate web sites to manage the coldfusion administrators, and those are the only web sites that have /CFIDE/ aliased. I also removed the CFIDE mapping from mod_jk.conf In fact, all of my CFIDE directories are denied by apache, as follows (with one of these for each instance) Directory E:/coldfusion10/cfusion/wwwroot/CFIDE/ Order Deny,Allow Deny from all /Directory So, when I go to my.web.site/CFIDE/administrator I get a 404 But when I go to my.web.site/CFIDE/administrator/index.cfm - I'm actually able to log in and access the CF Admin for that specific instance - although all of the images are broken. What's going on here? Rick Root -- *The beatings will continue until morale improves.* ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:354623 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Coldfusion 10 Lockdown - Apache
This would be what dave was talking about recently, check archive for the last discussion on this topic. Regards Russ Michaels www.michaels.me.uk www.cfmldeveloper.com - Free CFML hosting for developers www.cfsearch.com - CF search engine On Feb 22, 2013 3:46 PM, Rick Root rick.r...@gmail.com wrote: So I'm setting up our new Windows/Apache/Coldfusion 10 server, and I'm trying to get it all configured (multiple web sites, multiple instances of CF), and have followed the lockdown guide as closely as possible. I have set up separate web sites to manage the coldfusion administrators, and those are the only web sites that have /CFIDE/ aliased. I also removed the CFIDE mapping from mod_jk.conf In fact, all of my CFIDE directories are denied by apache, as follows (with one of these for each instance) Directory E:/coldfusion10/cfusion/wwwroot/CFIDE/ Order Deny,Allow Deny from all /Directory So, when I go to my.web.site/CFIDE/administrator I get a 404 But when I go to my.web.site/CFIDE/administrator/index.cfm - I'm actually able to log in and access the CF Admin for that specific instance - although all of the images are broken. What's going on here? Rick Root -- *The beatings will continue until morale improves.* ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:354624 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
SOT, but... what the heck is MS FrontPage?
Hi, My sites are hit on a regular basis by this agent: Mozilla/4.0 (compatible; MS FrontPage 14.0) - it makes requests with methods OPTIONS or HEAD which are forbiden in my sites; - it makes requests for pages that does not exist, like - /_vti_inf.html - /_vti_bin/shtml.exe/_vti_rpc The result is that the visitors are tagged as bad bot. What are they looking for? Should I let them go or what? ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:354625 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: SOT, but... what the heck is MS FrontPage?
https://en.wikipedia.org/wiki/Microsoft_FrontPage On Fri, Feb 22, 2013 at 10:26 AM, wrote: Hi, My sites are hit on a regular basis by this agent: Mozilla/4.0 (compatible; MS FrontPage 14.0) - it makes requests with methods OPTIONS or HEAD which are forbiden in my sites; - it makes requests for pages that does not exist, like - /_vti_inf.html - /_vti_bin/shtml.exe/_vti_rpc The result is that the visitors are tagged as bad bot. What are they looking for? Should I let them go or what? ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:354626 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: SOT, but... what the heck is MS FrontPage?
My sites are hit on a regular basis by this agent: Mozilla/4.0 (compatible; MS FrontPage 14.0) - it makes requests with methods OPTIONS or HEAD which are forbiden in my sites; - it makes requests for pages that does not exist, like - /_vti_inf.html - /_vti_bin/shtml.exe/_vti_rpc The result is that the visitors are tagged as bad bot. What are they looking for? Should I let them go or what? FrontPage is an HTML authoring tool from Microsoft. It's no longer available, and is famous for crappy HTML. It uses WebDAV to publish to sites. The HTTP verbs it's using are WebDAV verbs. It's looking for FrontPage Extensions. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:354627 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: SOT, but... what the heck is MS FrontPage?
- it makes requests with methods OPTIONS or HEAD which are forbiden in my sites; Why on earth would you forbid HEAD? Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:354628 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
SOT: Graphic Artist Software for HTML CSS
I have not kept track of all the graphic artist software adobe has come out with to go from mockups to HTML/CSS. If I were to tell a graphic designer to design me some mockups for a web site, what is the best adobe software that will export out to _CLEAN_ (looks like hand written J) HTML/CSS that I can inject my CF code easily into? Muse? Thanks! ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:354629 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Coldfusion 10 Lockdown - Apache
I see the discussion, but the solution, which is to review the Coldfusion Lockdown Guide, isn't quite right for me because the lockdown guide makes some assumptions - most importantly that you are running UNIX if you're using Apache. Location /CFIDE only sort of works with Apache on Windows. Coldfusion still seemed to respond to /cfide/administrator/index.cfm - because windows is case insenstive. So, I decided to use the Directory block instead... but clearly, that's not working for cfm requests. SO, I toyed around a little with LocationMatch instead and came up with this: LocationMatch /[cC][fF][iI][dD][eE] Order deny,allow Deny from all /LocationMatch Blocking all requests to /CFIDE no matter what the case Then, in my specific virtual hosts, aliasing /CFIDE and using Location /CFIDE there... This seems to prevent coldfusion from responding to any requests outside the specified virtual hosts - and in those hosts will only respond to requests using /CFIDE (all caps). Rick ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:354630 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: Coldfusion 10 Lockdown - Apache
That's great info. You should forward it to the author, maybe he can update the document with the update. Steve -Original Message- From: Rick Root [mailto:rick.r...@gmail.com] Sent: Friday, February 22, 2013 11:53 AM To: cf-talk Subject: Re: Coldfusion 10 Lockdown - Apache I see the discussion, but the solution, which is to review the Coldfusion Lockdown Guide, isn't quite right for me because the lockdown guide makes some assumptions - most importantly that you are running UNIX if you're using Apache. snip / ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:354631 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: SOT: Graphic Artist Software for HTML CSS
In the past I have used Photoshop's Slice tool. It does a fairly decent job but I have always had to go in and massage it by hand. It does not by any means leave you with finished product out of the box but it takes care of a lions share of the grunt work. HTH G! On Fri, Feb 22, 2013 at 11:38 AM, Chad Gray cg...@careyweb.com wrote: I have not kept track of all the graphic artist software adobe has come out with to go from mockups to HTML/CSS. If I were to tell a graphic designer to design me some mockups for a web site, what is the best adobe software that will export out to _CLEAN_ (looks like hand written J) HTML/CSS that I can inject my CF code easily into? Muse? Thanks! ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:354632 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: SOT: Graphic Artist Software for HTML CSS
Fireworks does a good job as well. Sent from my iPhone 4S. On Feb 22, 2013, at 12:04 PM, Gerald Guido gerald.gu...@gmail.com wrote: In the past I have used Photoshop's Slice tool. It does a fairly decent job but I have always had to go in and massage it by hand. It does not by any means leave you with finished product out of the box but it takes care of a lions share of the grunt work. HTH G! On Fri, Feb 22, 2013 at 11:38 AM, Chad Gray cg...@careyweb.com wrote: I have not kept track of all the graphic artist software adobe has come out with to go from mockups to HTML/CSS. If I were to tell a graphic designer to design me some mockups for a web site, what is the best adobe software that will export out to _CLEAN_ (looks like hand written J) HTML/CSS that I can inject my CF code easily into? Muse? Thanks! ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:354633 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Coldfusion 10 Lockdown - Apache
As long ad you do have a real cfide vdir in the site, which u need for ajax,.cfform etc anyway, then you wont have that problem. Regards Russ Michaels www.michaels.me.uk www.cfmldeveloper.com - Free CFML hosting for developers www.cfsearch.com - CF search engine On Feb 22, 2013 4:53 PM, Rick Root rick.r...@gmail.com wrote: I see the discussion, but the solution, which is to review the Coldfusion Lockdown Guide, isn't quite right for me because the lockdown guide makes some assumptions - most importantly that you are running UNIX if you're using Apache. Location /CFIDE only sort of works with Apache on Windows. Coldfusion still seemed to respond to /cfide/administrator/index.cfm - because windows is case insenstive. So, I decided to use the Directory block instead... but clearly, that's not working for cfm requests. SO, I toyed around a little with LocationMatch instead and came up with this: LocationMatch /[cC][fF][iI][dD][eE] Order deny,allow Deny from all /LocationMatch Blocking all requests to /CFIDE no matter what the case Then, in my specific virtual hosts, aliasing /CFIDE and using Location /CFIDE there... This seems to prevent coldfusion from responding to any requests outside the specified virtual hosts - and in those hosts will only respond to requests using /CFIDE (all caps). Rick ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:354634 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
CF10 Std Educational Pricing
All: In the past there has been reduced pricing for educational licenses of ColdFusion Standard. From what I can tell from the Adobe website, there does not appear to be such a reduced price for CF10. Is that the case? If not, can anyone recommend a vendor for educationally-priced CF10 Standard? Thanks. -- Mosh Teitelbaum evoch, LLC http://www.evoch.com/ ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:354635 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: CF10 Std Educational Pricing
Does this help? http://www.adobe.com/products/coldfusion-family.edu.html On Feb 22, 2013, at 12:41 PM, Mosh Teitelbaum mosh.teitelb...@evoch.com wrote: All: In the past there has been reduced pricing for educational licenses of ColdFusion Standard. From what I can tell from the Adobe website, there does not appear to be such a reduced price for CF10. Is that the case? If not, can anyone recommend a vendor for educationally-priced CF10 Standard? Thanks. -- Mosh Teitelbaum evoch, LLC http://www.evoch.com/ ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:354636 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: CF10 Std Educational Pricing
Disregard that last one. I saw the tiny print that it does not have an edu pricing scheme anymore. Bruce On Feb 22, 2013, at 12:41 PM, Mosh Teitelbaum mosh.teitelb...@evoch.com wrote: All: In the past there has been reduced pricing for educational licenses of ColdFusion Standard. From what I can tell from the Adobe website, there does not appear to be such a reduced price for CF10. Is that the case? If not, can anyone recommend a vendor for educationally-priced CF10 Standard? Thanks. -- Mosh Teitelbaum evoch, LLC http://www.evoch.com/ ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:354637 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: CF10 Std Educational Pricing
From http://www.adobe.com/uk/products/coldfusion-family/buying-guide.displayTab5.edu.html : Adobe ColdFusion 10 Enterprise application server and Adobe ColdFusion Builder 2 software are both free to education customers for teaching and learning purposes. Visit the registration site to determine if you are eligible. -- Adam On 23 February 2013 07:06, Bruce Sorge sor...@gmail.com wrote: Disregard that last one. I saw the tiny print that it does not have an edu pricing scheme anymore. Bruce On Feb 22, 2013, at 12:41 PM, Mosh Teitelbaum mosh.teitelb...@evoch.com wrote: All: In the past there has been reduced pricing for educational licenses of ColdFusion Standard. From what I can tell from the Adobe website, there does not appear to be such a reduced price for CF10. Is that the case? If not, can anyone recommend a vendor for educationally-priced CF10 Standard? Thanks. -- Mosh Teitelbaum evoch, LLC http://www.evoch.com/ ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:354638 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: CF10 Std Educational Pricing
Thanks Adam. The wording is a bit vague as to whether or not it means for the purposes of teaching/learning ColdFusion specifically or for any type of education. I'll give a call to find out. Thanks. -- Mosh Teitelbaum evoch, LLC http://www.evoch.com/ From: Adam Cameron [mailto:adamcameroncoldfus...@gmail.com] From http://www.adobe.com/uk/products/coldfusion-family/buying- guide.displayTab5.edu.html Adobe ColdFusion 10 Enterprise application server and Adobe ColdFusion Builder(tm) 2 software are both free to education customers for teaching and learning purposes. Visit the registration site to determine if you are eligible. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:354639 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: SOT: Graphic Artist Software for HTML CSS
In the beginning, I actually sliced designs. When I did, I used Image Ready. It was much better suited for the slicing part than Photoshop. On 2/22/13 12:04 PM, Gerald Guido gerald.gu...@gmail.com wrote: In the past I have used Photoshop's Slice tool. It does a fairly decent job but I have always had to go in and massage it by hand. It does not by any means leave you with finished product out of the box but it takes care of a lions share of the grunt work. HTH G! On Fri, Feb 22, 2013 at 11:38 AM, Chad Gray cg...@careyweb.com wrote: I have not kept track of all the graphic artist software adobe has come out with to go from mockups to HTML/CSS. If I were to tell a graphic designer to design me some mockups for a web site, what is the best adobe software that will export out to _CLEAN_ (looks like hand written J) HTML/CSS that I can inject my CF code easily into? Muse? Thanks! ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:354640 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Coldfusion 10 Lockdown - Apache
In a case like this, would this work: create a /cfide/administrator/ directory in every website... and have an index.cfm file there that looks like the real administrator log in, but responds that every password is invalid... and also bans that IP address from the rest of the websites on the server? This way - they waste thier time hitting a page that has no database connection so it shouldn't tax the server too much - and it won't allow them in on the real pages? As long ad you do have a real cfide vdir in the site, which u need for ajax,.cfform etc anyway, then you wont have that problem. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:354641 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: SOT: Graphic Artist Software for HTML CSS
I have been messing around with Fireworks CS6 and it does a really good job of slicing pages. I never really messed with Photoshop though so I cannot compare them. On Feb 22, 2013, at 3:50 PM, Bobby bo...@acoderslife.com wrote: In the beginning, I actually sliced designs. When I did, I used Image Ready. It was much better suited for the slicing part than Photoshop. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:354642 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Call of a soap webservice passing headers
Hello, usually I have no problem consuming webservices, but this time I don't understand what I do wrongly; before being able to call any method, I should login, passing username and password in the soap headers; and there comes the pain : I try to call it via createboject, cfinvoke or even with cfhttp like mentionned in this post (http://blog.brijeshradhika.com/2011/04/consuming-webservice-using-coldfusion.html), I can't make it work. The documentation of the webservice provides a php example (see below). Anyone of you guys being able to translate into Coldfusion code? Thanks in advance /* Create the UsernameToken class */ class UsernameToken { public $Username; public $Password; public function __construct($username, $password) { $this - Username = $username; $this - Password = $password; } } /* Initialise the SOAP client */ $client = new SoapClient('http://www.thesite.nl/api/thesite.wsdl', array( trace = 1 )); /* Send user authentication headers */ $ut = new UsernameToken('username', 'password'); $soapHeaders[] = new SoapHeader('http://schemas.xmlsoap.org/ws/2002/07/utility/', 'UsernameToken', $ut); $client - __setSoapHeaders($soapHeaders); ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:354643 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Magento CFC or sample code
I need to interact with a Magento store and was wondering if there were any existing CFCs or sample code for interacting with the Magento API. I search the forum but couldn't find anything initially. Thanks. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:354644 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: SOT: Graphic Artist Software for HTML CSS
Photoshop is very powerful for all aspects of image creation and manipulation, but there is absolutely nothing intuitive about the interface. It was the hardest software for me to learn in all my years in the industry. Fortunately, I have a son who is a PS expert, so I can call him when I get in over my head. Fireworks is much easier to learn and use and works well for web stuff. On Fri, Feb 22, 2013 at 12:53 PM, Bruce Sorge sor...@gmail.com wrote: I have been messing around with Fireworks CS6 and it does a really good job of slicing pages. I never really messed with Photoshop though so I cannot compare them. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:354645 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Coldfusion 10 Lockdown - Apache
Why don't you just define two aliases in your vhosts config? Alias /CFIDE Alias /cfide I've done this for years, and it works 100% of the time, with no muss and no fuss. Steve 'Cutter' Blades Adobe Community Professional Adobe Certified Expert Advanced Macromedia ColdFusion MX 7 Developer http://cutterscrossing.com Co-Author Learning Ext JS 3.2 Packt Publishing 2010 https://www.packtpub.com/learning-ext-js-3-2-for-building-dynamic-desktop-style-user-interfaces/book The best way to predict the future is to help create it On 2/22/2013 3:52 PM, Al Musella, DPM wrote: In a case like this, would this work: create a /cfide/administrator/ directory in every website... and have an index.cfm file there that looks like the real administrator log in, but responds that every password is invalid... and also bans that IP address from the rest of the websites on the server? This way - they waste thier time hitting a page that has no database connection so it shouldn't tax the server too much - and it won't allow them in on the real pages? As long ad you do have a real cfide vdir in the site, which u need for ajax,.cfform etc anyway, then you wont have that problem. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:354646 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Coldfusion 10 Lockdown - Apache
Why don't you just define two aliases in your vhosts config? Alias /CFIDE Alias /cfide I've done this for years, and it works 100% of the time, with no muss and no fuss. That seems easily defeated by: /cFidE/ etc. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:354647 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: SOT, but... what the heck is MS FrontPage?
FrontPage is an HTML authoring tool from Microsoft. So, do I suppose well if I suppose the user is trying to see if he can edit my site if it is accessible to FrontPage and is not protected? ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:354648 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: SOT, but... what the heck is MS FrontPage?
Front Page is an abomination made by Microsoft a few years ago, It was a piss poor attempt at drag/drop HTML. The only thing worse than Front Page were the IIS extensions that would routinely bring IIS to it's knees, or blow up IIS entirely. It looks like someone is trying to hit your sites with a Front Page Editor or trying to find the FP specific files/folders to attempt an exploit. deny.. deny...deny Every time someone uses MS Front Page, a kitten dies.. On 2/22/2013 11:26 AM, =?ISO-8859-1?Q?Claude_Schn=E9egans wrote: Hi, My sites are hit on a regular basis by this agent: Mozilla/4.0 (compatible; MS FrontPage 14.0) - it makes requests with methods OPTIONS or HEAD which are forbiden in my sites; - it makes requests for pages that does not exist, like - /_vti_inf.html - /_vti_bin/shtml.exe/_vti_rpc The result is that the visitors are tagged as bad bot. What are they looking for? Should I let them go or what? ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:354649 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: SOT, but... what the heck is MS FrontPage?
Frontpage was not originally development by Microsoft, they bought ir or the original company, realised Frontpage was an abomination and dumped it. It has been discontinued and unsupported for many years, it has all kinds of security issues. On Sat, Feb 23, 2013 at 12:04 AM, Scott Stewart webmas...@sstwebworks.comwrote: Front Page is an abomination made by Microsoft a few years ago, It was a piss poor attempt at drag/drop HTML. The only thing worse than Front Page were the IIS extensions that would routinely bring IIS to it's knees, or blow up IIS entirely. It looks like someone is trying to hit your sites with a Front Page Editor or trying to find the FP specific files/folders to attempt an exploit. deny.. deny...deny Every time someone uses MS Front Page, a kitten dies.. On 2/22/2013 11:26 AM, =?ISO-8859-1?Q?Claude_Schn=E9egans wrote: Hi, My sites are hit on a regular basis by this agent: Mozilla/4.0 (compatible; MS FrontPage 14.0) - it makes requests with methods OPTIONS or HEAD which are forbiden in my sites; - it makes requests for pages that does not exist, like - /_vti_inf.html - /_vti_bin/shtml.exe/_vti_rpc The result is that the visitors are tagged as bad bot. What are they looking for? Should I let them go or what? ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:354650 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: SOT, but... what the heck is MS FrontPage?
Front Page is an abomination made by Microsoft a few years ago, As we used to say back in the day: Friends don't let friends use FrontPage. IIRC it dates back to '95. It mangled code. The only thing worse was NetScape's authoring tool which rendered HTML utterly unreadable. A the bad old days === SHUDDER. G! On Fri, Feb 22, 2013 at 7:04 PM, Scott Stewart webmas...@sstwebworks.comwrote: It was a piss poor attempt at drag/drop HTML. -- Gerald Guido http://www.myinternetisbroken.com ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:354651 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: SOT, but... what the heck is MS FrontPage?
So, do I suppose well if I suppose the user is trying to see if he can edit my site if it is accessible to FrontPage and is not protected? Not necessarily. I think if you have FP installed and you use IE and you have things configured a certain way, FP will just try to see if the site supports FP Extensions. I think that's more likely than someone actively looking for FP sites nowadays. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:354652 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: SOT, but... what the heck is MS FrontPage?
Front Page is an abomination made by Microsoft a few years ago, As we used to say back in the day: Friends don't let friends use FrontPage. IIRC it dates back to '95. It mangled code. The only thing worse was NetScape's authoring tool which rendered HTML utterly unreadable. A the bad old days === SHUDDER. G! On Fri, Feb 22, 2013 at 7:04 PM, Scott Stewart webmas...@sstwebworks.comwrote: It was a piss poor attempt at drag/drop HTML. -- Gerald Guido http://www.myinternetisbroken.com ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:354653 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Apostrophes in email addresses
As much as I wonder why you would do it apparently the odd network admin does and its valid. 100% of the time this little bit of regex has served me well until now. ^[\w\.-]{1,}\@([\da-zA-Z-]{1,}\.){1,}[\da-zA-Z-]+$ But I have a need to validate an email address that has an apostrophe before the @ e.g. fred.o'ke...@annoyingemailaddresses.com - I've tried a variety of suggestions but all have caused errors in CF. The context I'm using it in is. CFIF REFindNoCase(^[A-Za-z0-9_\.-]{1,}\@([[:digit:]a-zA-Z-]{1,}\.){1,}[[:digit:] a-zA-Z-]+$ , TheEmailAddress) EQ 0 I found this which took a standards based approach but they error in CF - http://www.regular-expressions.info/email.html I wonder if any you good folk have a little bit of regex or suggestions that might fix this annoying little problem. Thank you. ++ Kevin Parker m: 0418 815 527 ++ ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:354654 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm