tracker issue : CF-3607474

select a category, or use search below
(searches all categories and all time range)

Unable to set file/folder level authentication or SSL.

| View in Tracker

Status/Resolution/Reason: Closed/Withdrawn/NotABug

Reporter/Name(from Bugbase): DONALD BAERT / DONALD BAERT (Donald Baert)

Created: 08/05/2013

Components: Installation/Config, Connector

Versions: 10.0

Failure Type:

Found In Build/Fixed In Build: Final /

Priority/Frequency: Trivial / Unknown

Locale/System: English / Win 2008 Server R2 64 bit

Vote Count: 0

Problem Description:

Entire site’s authentication and/or SSL is set to whatever the root of the site is.  If site root is set to Windows Authentication we are unable to set any individual file to Anonymous Authentication.  If site root is set to require SSL we are unable to set any directory or file to not require SSL.  Problem seems to be restricted to .cfm files as we created a .htm file and put it in both a directory that is SSL protected and one that is not SSL protected.  It worked fine. That is if it was in a directory that should have been protected by SSL it prompted me for my authentication.  When I put it in the non-SSL secured directory and tried opening it with a standard http:// it worked fine.  I then tried to open a .cfm in the same directory and I got the standard 403-Forbidden: Access is denied.  You do not have permission to view this directory or page using the credentials that you supplied

Steps to Reproduce:

Modify any subdirectory/file and changes are ignored

Actual Result:

Individual folders/files are treated the same as the root site, vice as individuals

Expected Result:

Authentication/SSL settings should be based per folder/file vice entire site

Any Workarounds:

----------------------------- Additional Watson Details -----------------------------

Watson Bug ID:	3607474

External Customer Info:
External Company:  
External Customer Name: Donald Baert
External Customer Email:  
External Test Config: My Hardware and Environment details:

Windows Sever 2008 R2 64 bit boxes running IIS 7.5, Microsoft SQL Server 2005



Problem was overcome by modifying the JAKARTA SSL and Authentication settings in IIS. Set the SSL to not required and added anonymous authentication and things work like they did in ColdFusion 9.
Comment by External U.
14744 | August 21, 2013 11:20:49 AM GMT
In this scenario where root directory's Anonymous Authentication was disabled but one subdirectory's Anonymous Authentication was enabled, user has to enable Anonymous Authentication for "jakarta" subdirectory too. CFM files being served depends on this directory. User has to set it manually because once authentication is disabled for root directory, for all subdirectories too it gets disabled. So it has to be set manually in this situation.
Comment by Milan C.
14745 | November 21, 2014 06:27:55 AM GMT