tracker issue : CF-3426811

select a category, or use search below
(searches all categories and all time range)

CGI server_port not correct

| View in Tracker

Status/Resolution/Reason: Closed/Fixed/

Reporter/Name(from Bugbase): Nikolas Stephens / Nikolas Stephens (Nikolas Stephens)

Created: 12/11/2012

Components: Web Container (Tomcat)

Versions: 10.0

Failure Type: Non Functioning

Found In Build/Fixed In Build: Final / 283578

Priority/Frequency: Major / Some users will encounter

Locale/System: English / Win 2008 Server R2 64 bit

Vote Count: 14

Duplicate ID:	CF-3435653

Problem Description:
CGI.server_port is not correct when using any type of port forwarding, such as in the case of an enterprise environment using SSL offloading.  If specified in the URL, the CGI.server_port is correct.  When forwarded by any other means, it is incorrectly reflected as port 80.  In IIS, it is correctly reflected, but ColdFusion 10 incorrectly reports port "80" for any http request.  This was working just fine in ColdFusion 6, 7, 8, and 9.

Adobe CF Customer Support has already verified this bug.  Please get this fixed in the product ASAP!.

Steps to Reproduce:

STEP 1 - Install ColdFusion 10 on a clean installation of Microsoft Windows Server 2008 R2. Make sure to install the CF 10 mandatory update and the most recent CF update 5.

STEP 2 - Configure CF connector for IIS using default settings and procedures as outline by Adobe's installation guides.

STEP 3 - In IIS, configure the Default Web Site.  Edit Bindings, and ensure that the only Binding is on the primary IP address of the server, and ONLY on port 81.  There should be no bindings for port 80, and there should be NO other sites listed in the Internet Information Services (IIS) Manager

STEP 4 - In the webroot that Default Web Site points to, create a simple index.cfm file containt <cfdump var="#cgi#" abort />.  Verify that you can access the site in your browser with the following URL:  http://<insert IP address>:81/index.cfm

STEP 5 - Verify that you see a dump of the CGI scope, with server_port = 81

STEP 6 - Verify that you can NOT access the site with the following URL:  http://<insert IP address>/index.cfm  (note that the port has been removed)

STEP 7 - Download the NetworkActiv advanced port forwarding application from the following site:  (download the version for Windows 2003, it works fine on 2008).  This will simulate the port forwarding done by any load balancer or ssl-handler

STEP 8 - Run the downloaded NetworkActivAUTAPFv1.1u.exe file

STEP 9 - When prompted to install, choose No, which will run the program as a self-contained application

STEP 10 - In the NetworkActive AUTAPF window, click New to define a new port forwarding rule.

STEP 11 - Configure the Local Port = 80, and the Local interface IP address as the primary IP to which the Default Web Site in IIS is bound.  Configure the Remote Port = 81, and the Remote host address again as the primary IP to which the Default Web Site in IIS is bound.  OL binding port = 0, and Outbound-Local address should remain for auto.

STEP 12 - Click OK to save the rule

STEP 13 - In the main window for NetworkActiv AUTAPF, highlight the newly created rule and click Enable.  The rule may be Enabled by default already.

STEP 14 - Now, in your browser, attempt to access the local server on port 80 again using the following URL:  http://<insert IP address>/index.cfm

STEP 15 - You should now see the dump of the CGI scope.   Note that server_port reads "80", when in reality IIS is only listening on port 81.  This SHOULD ready server_port 81.

Actual Result:
CGI.server_port = 80

Expected Result:
CGI.server_port = <the actual port the http traffic is being received on>

Any Workarounds:
In IIS 7.5, I am using URL Rewriter to overwrite CGI.server_port_secure = 1 if it detects traffic on CGI.server_port = 81, this is then causing Tomcat (CF10) to render cgi.server_port = 443 and CGI.https = ON, which is also incorrect (another bug?).  Regardless, this overwriting of CGI.server_port_secure is at least a usable workaround until Adobe resolves this issue.

----------------------------- Additional Watson Details -----------------------------

Watson Bug ID:	3426811


External Customer Info:
External Company:  
External Customer Name: Nik S.
External Customer Email:  
External Test Config: My Hardware and Environment details:

Windows Server 2008 R2

VMware host, 2cpu, 6GB RAM

IIS 7.5

ColdFusion 10, Update 5



I have several product enhancements that I would like to implement, and it is not possible without this issue being fixed.
Vote by External U.
16975 | December 11, 2012 11:47:21 AM GMT
We have product enhancements that rely upon CF10, but can't go live until this bug is fixed.
Vote by External U.
16976 | December 11, 2012 11:47:48 AM GMT
This bug is preventing us from upgrading CF in our production environment, and by extension, preventing us from implementing new features that leverage CF 10.
Vote by External U.
16977 | December 11, 2012 11:57:26 AM GMT
We cannot upgrade CF in our production environment because of this bug.
Vote by External U.
16978 | December 11, 2012 12:52:35 PM GMT
This is preventing our roll-out of CF10.
Vote by External U.
16979 | December 11, 2012 01:57:14 PM GMT
This prevents us from upgrading CF which prevents us from using the new CF10 features in our product.
Vote by External U.
16980 | December 11, 2012 02:19:07 PM GMT
We can't upgrade CF in our production environment because of this bug.
Vote by External U.
16981 | December 12, 2012 09:14:01 AM GMT
We have also verified this but and it could prevent us from upgrading to CF10.
Vote by External U.
16982 | December 17, 2012 08:24:29 PM GMT
This would be a very big issue with several applications I maintain. That's approximately 40 enterprise licenses that would stay at previous versions.
Vote by External U.
16983 | January 09, 2013 10:52:57 AM GMT
We can't upgrade our environemnt until this bug is fixed.
Comment by External U.
16967 | January 25, 2013 02:30:22 PM GMT
I can't deploy this in my environment until this bug is fixed.
Vote by External U.
16984 | January 25, 2013 02:33:36 PM GMT
I've received a HotFix from Adobe to address this issue. I was told it will be included in the next Updater.
Comment by External U.
16968 | February 01, 2013 08:47:43 AM GMT
I'm experiencing the same issue, has anyone have any idea how I can get the hotfix? Been trying to do the suggested workaround with no luck, any one can give me a sample, but obviously we still prefer this to be fixed rather than using the workaround.
Comment by External U.
16969 | February 21, 2013 09:50:26 PM GMT
Can't put our new server into production. Need this to be fixed ASAP.
Vote by External U.
16985 | February 21, 2013 09:52:24 PM GMT
I would be curious about when this fix might actually make it into an update. A hotfix was given to the Nik S. 5 weeks ago, but no word since. Is there any way I can get the hotfix, if nothing else, but to test with a new server that is currently dead in the water. I may not have 40 enterprise licenses, but I have 3, and this is preventing us from a much needed upgrade. We'd like to take advantage of enhancements from CF8, especially those that would make PCI compliance a lot easier!
Comment by External U.
16970 | March 06, 2013 11:36:13 AM GMT
Our upgrade is dead in the water without it.
Vote by External U.
16986 | March 06, 2013 11:37:19 AM GMT
We have a customer that is implementing CF 10 into production and can not move forward with upgrade until issue has been fixed! Go live dat was supposed to be 3/29/2013, now it postponed indefinitely.
Vote by External U.
16987 | March 15, 2013 03:40:19 PM GMT
Nik S - Can you send us the Hotfix?? Please reply and I will make arrangements
Comment by External U.
16971 | March 19, 2013 09:31:15 AM GMT
I was told by Support this hot fix is only for people with support. I guess i wasted my money on 3 copies of CF10.
Comment by External U.
16972 | March 22, 2013 10:21:24 AM GMT
Closed? As duplicated? Yet, the duplicate bug ID referenced, CF-3435653, is NOT found. Come on Adobe, you're killing us here!!
Comment by External U.
16973 | March 27, 2013 01:36:58 PM GMT
All, CF10 made corrections to the CGI scope. I believe CGI.SERVER_PORT should return getPageContext().getRequest().getServerPort(). Based on CF-3426811, CF10 correctly does this but pre-CF10 it incorrectly returned getPageContext().getRequest().getLocalPort(). Adobe, is there an ER for adding the now-necessary CGI.LOCAL_PORT => getPageContext().getRequest().getLocalPort()? When fixing bugs, orphaned functionality should be restored. Thanks!, -Aaron More info on the difference between getLocalPort() and getServerPort() in servlets:
Comment by External U.
16974 | March 28, 2013 12:45:42 AM GMT
We need this fixed! We offload our SSL and have several places in the site where we reference the port.
Vote by External U.
16988 | May 15, 2013 03:40:54 PM GMT