Blocking URL's

I have used this approach to secure web based administration tools including the ColdFusion administrator. If you wanted to prevent external access to the ColdFusion Administrator and allow access behind your firewall on a private IP you could do the following. Enable the JRun Webserver (default instance runs on port 8500) and access the administrator through http://internalIP:8500/CFIDE/administrator/index.cfm. With IIS configured to the JRun server you would still have external access to the administrator. This is where ISAPI Rewrite comes in. Within the httpd.ini file we can add the following rule that blocks external access to /CFIDE/administrator/

#Block ColdFusion Administrator
RewriteRule /CFIDE/administrator.* [F,I,O]

We could also block RDS using this same approach

#Block ColdFusion RDS
RewriteRule /CFIDE/main/ide.cfm.* [F,I,O]

You can use this approach to block any URL all that is needed is a simple regular expression.

Rewriting SES (Search Engine Safe) URL's

The following rule will convert search engine safe (SES) URL to a standard URL so you don't have to handle them in your ColdFusion code.

#Convert SES URLs to standard URLs before passing them to ColdFusion
RewriteRule (.*?\.cfm)(\?[^/]*)?/([^/]*)/([^/]*)(.+?)? $1(?2$2&:\?)$3=$4?5$5: [N,I]
RewriteRule (.*?\.cfc)(\?[^/]*)?/([^/]*)/([^/]*)(.+?)? $1(?2$2&:\?)$3=$4?5$5: [N,I]

For example the following URL gets converted

http://host/page.cfm/var1/value1/var2/value2 -> http://host/page.cfm?var1=value1&var2=value2

Rewriting URL's for SEO optimization

I am not going to go into depth on search engine optimization (SEO) as I could spend a year just writing about it. One of the common things I have found is that a URL with keywords early after the hostname is rated better than including them in the query string at the end. You can create URL's that are easier to read as well and make it look like the pages the user is surfing is static content although it is generated on the fly. The following is not a real world example but I will say that I have used this approach with much success for data drill down applications to get search engines to rate the content highly. I don't want to give away any secrets though :-)

Let say we wanted a search engine to crawl our site for specific keyword that would be common search terms. If this were a dynamic ColdFusion page the URL's would look something like this.

http://host/search.cfm?keyword=keyword1
http://host/search.cfm?keyword=keyword1

With the following rule in httpd.ini we could rewrite the above URL

RewriteRule /search/(.*)\.htm /search.cfm\?keyword=$1 [I,O]

The following URL's
http://host/search/keyword1.htm -> http://host/search.cfm?keyword=keyword1
http://host/search/keyword2.htm -> http://host/search.cfm?keyword=keyword2
gets rewritten to the URL's that we examined in the beginning, to ColdFusion it doesn't know the difference. We could provide a page with links to all of the common keywords and let the search engine walk through and index them. It may not seem apparent right away how this is such a cool thing but with a little imagination you can use this approach for a lot of things

Rewriting URL's to hide the file extension

This is similar to the example above except we are just hiding the actual file extension. For example we could rewrite .html requests to .cfm requests.

RewriteRule (.*)/(.*)\.html(.*) /$2.cfm [I]

Proxying Requests to Other Hosts

Lets say you had a single web server and host and multiple backend systems that you wanted to integrate through the same hostname. One system running ColdFusion, another system that is servlet based running on Tomcat. Of course you could integrate them but lets assume that is not an option. With J2EE applications you normally have a context root or prefix to every request. Lets assume that we have a context root of /myapp so all requests look like the following http://host/myapp/page.jsp. Lets also assume that this application is running on a different server other than the one ColdFusion or JRun is running on (192.168.1.50 on port 8080). The following rule would proxy requests from IIS to the server running our other application.

RewriteProxy (/.*myapp.*) http\://192.168.1.50\:8080$1 [I]

Proxying requests to remove the JRun connector

This is the approach I used in my article for JRun clustering with a hardware load balancer in between the webserver and application server. Since the standard protocol for the JRun connector is JRPP it does not work well through a hardware based load balancer. If you are using a context root in your ColdFusion application of / you will need to proxy by extension and can use the following rules. This will handle nearly every extension that CF needs and passes them to the JWS

#Rewrites to proxy requests back to the appserver level (CF)
RewriteProxy (/.*\.cfm.*) http\://192.168.1.1\:8501$1 [I]
RewriteProxy (/.*\.cfc.*) http\://192.168.1.1\:8501$1 [I]
RewriteProxy (/.*\.jsp.*) http\://192.168.1.1\:8501$1 [I]
RewriteProxy (/.*\.jws.*) http\://192.168.1.1\:8501$1 [I]
RewriteProxy (/.*\.jst.*) http\://192.168.1.1\:8501$1 [I]
RewriteProxy (/flashservices.*) http\://192.168.1.1\:8501$1 [I]
RewriteProxy (/.*servlet.*) http\://192.168.1.1\:8501$1 [I]
RewriteProxy (/.*CFIDE/GraphData.*) http\://192.168.1.1\:8501$1 [I]

One issue I ran into with this configuration is that a request for http://host will not use the default document in IIS of index.cfm so you can use the following rule to map http://host to http://host/index.cfm

#Fix final slash for /dir
RewriteCond Host: (.*)
RewriteRule ([^.?]+[^.?/]) http\://$1$2/ [R]

#Append index.cfm to any dir
RewriteRule ((?!.+\.cfm).*/) $1index.cfm [I,O]

I would like to mention that I do not recommend removing the JRun connector unless you expect to handle supporting this configuration yourself. This approach is not directly supported by Macromedia but it does work as I have used it in the past. Don't expect Macromedia support to assist you with issues regarding this configuration.