Pete Freitag Pete Freitag

Recent Comments

Running PostgreSQL in Docker for local dev

Posted on 02:41 PM Monday June 01, 2020 by Pete Fretiag
@Sam - the volumes line mounts your local folder ./pg/ the path /docker-entrypoint-initdb.d/ inside the docker container. This is handy because it runs the *.sql or *.sh scripts in there on startup.

Recursively Counting files by Extension on Mac or Linux

Posted on 06:00 PM Friday May 15, 2020 by Brendan
find -type f | grep -o ".[^./]\+$" | sort | uniq -c | sort -n include / in [^./] to exclude results with no file extension but . in a directory name in the path

How to run Oracle DB on a Mac with Docker

Posted on 03:06 PM Thursday May 14, 2020 by Pete Freitag
@Robert - I didn't work unless I downloaded it first when I attempted this, maybe that has changed. Let me know if it worked for you. @Venka & Jessica - thanks I fixed the indentation.

SameSite cookies with Apache

Posted on 03:00 PM Thursday May 14, 2020 by Pete Freitag
@Haresh - you would put this in the httpd.conf file if you want it to be global to all sites, or inside a VirtualHost if you want it to be specific to a certain site. @Anonymous - Sounds like you might be using SameSite=strict try using lax instead.

SameSite cookies with Apache

Posted on 07:57 AM Thursday May 14, 2020 by Haresh
Hi, Where do we have to write the below command ion linux Ubuntu Header edit Set-Cookie ^(.*)$ $1;SameSite=lax

6 ways to stay connected with other CF developers

Posted on 11:14 PM Tuesday May 12, 2020 by Geoff Bowers
The Lucee developer forum at https://dev.lucee.org/

Why is my cron.daily script not running?

Posted on 08:25 PM Thursday May 07, 2020 by Anders Markendahl
This was ... exactly what I needed, the issue being file extension. Thank you

Dumping HTTP Servlet Request Attributes and Parameters in CF

Posted on 05:51 PM Tuesday April 28, 2020 by Charlie Arehart
Thanks as always, Pete. We should mention also for folks the available gethttprequestdata() CFML function and its headers array (gethttprequestdata().headers). Also, FR can show headers for any request in the request details page and its "headers" tab. All these can help folks with dealing with issues from the recent ghostcat-related tomcat changes, when people may find that CF requests fail, for need of perhaps modifying the ajp connector's allowedrequestattributespattern attribute.

Docker Container exited with code 137

Posted on 11:05 AM Thursday April 23, 2020 by Tobias
Thanks for this, still saves you headaches in 2020.

How to run Oracle DB on a Mac with Docker

Posted on 02:31 PM Wednesday April 22, 2020 by Robert Reynisson
Are you sure you need the DB binary files? From: https://github.com/oracle/docker-images/tree/master/OracleDatabase/SingleInstance IMPORTANT: You will have to provide the installation binaries of Oracle Database (except for Oracle Database 18c XE) and put them into the dockerfiles/<version> folder. The file is fetched during docker build: INSTALL_FILE_1="https://download.oracle.com/otn-pub/otn_software/db-express/oracle-database-xe-18c-1.0-1.x86_64.rpm"

SameSite Cookies with IIS

Posted on 10:40 AM Wednesday April 22, 2020 by Vlad
Coldfusion 2018 published an update - ColdFusion 2018 Update 9 build 318650 Does this still apply?

Running PostgreSQL in Docker for local dev

Posted on 02:47 PM Saturday April 18, 2020 by Sam
volumes: - ./pg:/docker-entrypoint-initdb.d/ Could you expand on what this line does?

What is the difference between ASCII Chr(10) and Chr(13)

Posted on 12:25 PM Thursday April 09, 2020 by Steve
When I was a kid we had this manual typewriter in the basement and there was no power or enter key. You just had a big lever and a little lever. The little lever could be set to 1 or 2 for single or double spacing. If you just pushed the big lever it a little, it would advance 1/2 the little lever setting. A little more it would advance the whole little lever setting, and you had to hold it while moving the carriage to the left to do the Carriage Return. If your hand slipped, it would make you do the line feed(s) again to get it back to the beginning of the line. It's amazing to think about how technology has change over the years.

How to run Oracle DB on a Mac with Docker

Posted on 02:08 PM Thursday April 02, 2020 by Jessica
Hello, thanks for the tutorial! I had to do the same as Venka Ashtakala to get the docker-compose.yml to parse correctly

SameSite cookies with Apache

Posted on 09:18 PM Tuesday March 31, 2020 by Anonymous
I am having an issue on an iframe pointing to a site that I control also. The issue is that when I go to the page it works but if I click on any of the links that will go to another page the session is lost. any idea why that could be?

6 ways to stay connected with other CF developers

Posted on 08:08 AM Friday March 27, 2020 by Paolo
Coldfusion Programmers on Facebook Groups https://www.facebook.com/groups/2204840035/

How to run Oracle DB on a Mac with Docker

Posted on 02:32 AM Thursday March 26, 2020 by Venka Ashtakala
I really found this blog useful! One thing I noticed though, in the docker-compose.yml file, I had to outdent the services block so that it became a sibling to version for it to parse correctly.

Burst Throttling on AWS API Gateway Explained

Posted on 02:44 AM Thursday March 12, 2020 by Magno de Araujo
Thanks for the simple explanation, which is so hard to find!!!

SameSite Cookies with IIS

Posted on 10:06 AM Wednesday March 11, 2020 by Charlie Arehart
Great stuff, Pete. Thanks. And in case anyone misses it in the related posts links above, note that he covered apache in a later post: https://www.petefreitag.com/item/894.cfm And before someone asks, support is due to be added to cf (2018 and 2016) in a coming update (yes, frustratingly late). But this should help folks until then, and also those on earlier CF versions.

Sessions don't work in Chrome but do in IE

Posted on 12:47 PM Thursday March 05, 2020 by Vaibhav Garg
Thank you, I was super puzzled by this issue for a very long time (over a year). I finally discovered the same and began searching online for solutions and found your page.

Counting IP Addresses in a Log File

Posted on 06:54 PM Monday March 02, 2020 by Ameen Ali
"sort -V" is also very handy when dealing with IP Addresses, as it works on the octets instead of treating the IP as a number.

Why is my cron.daily script not running?

Posted on 06:17 PM Sunday March 01, 2020 by ikomrad
Your post saved my life! or at least my backups. I was setting up backups on a new systems, and decided to copy an existing system. I noticed its backups were dated that same as when I set them up. The run-parts and extension tips did the trick. One thing., my scheduled backup command starts with '$(which duplicity)' Is there a way that I can verify it will work when cron runs it?

SessionRotate solution for JEE Sessions

Posted on 01:51 PM Friday February 21, 2020 by Kevin Krzyzanski
Pete, you mentioned that JEE sessions are shared over applications in the same domain. I just ran into this situation. App A and App B are both hosted on the same server with the same domain, in different folders. They have unique Application objects, as defined in app.cfc. However, when implementing your code, above, on App B, users are now predictably being logged out of App A if they are using both systems (which is not uncommon in our setup). I'm prepared to start tinkering with your code to see if I can get it to create a new session in App B when you hit the index.cfm page WITHOUT invalidating the previous session. However, before I do, I figured it was worth shooting a message on this ancient post. :)

Searching for files by file name on Mac or Linux

Posted on 05:40 AM Tuesday February 18, 2020 by Anon
On MAC the option -name isn't present and runs correctly on a linux machine. plz correct the blog or clarify my doubt.

Passing Environment Variables to Sudo Command

Posted on 04:17 PM Thursday February 13, 2020 by Ceri I Davies
Nice, thanks, what is the syntax for passing more than one environment variable?

Setup CloudWatch Logs Agent on Ubuntu 18.04 LTS

Posted on 03:06 PM Friday February 07, 2020 by Cesar
Hello, How can i send syslog logs from Ubuntu to Cloudwatch with out instances?

Development SSL / TLS with CommandBox

Posted on 11:36 AM Thursday January 09, 2020 by JohnK
Had been looking to get local SSL/TLS dev going so this was very useful, thanks! Have you come across it not setting the CGI variables? I get CGI.SERVER_PORT_SECURE set to 1 but all other flags like CGI.HTTPS are empty. This using Adobe CF2018 with CommandBox.

Searching for files by file name on Mac or Linux

Posted on 02:03 PM Wednesday January 08, 2020 by Jim
I'm a fan of fd: https://github.com/sharkdp/fd

How to run Oracle DB on a Mac with Docker

Posted on 12:39 PM Wednesday January 08, 2020 by Oliver Weiler
Thank you very much, exactly what I was looking for!

Docker Container exited with code 137

Posted on 04:27 AM Monday December 16, 2019 by Josh
Thank you had 12 containers running and could not figure out why everything was crashing and this solved the problem!

Markdown Bullet Lists or UL Lists

Posted on 02:56 AM Saturday November 23, 2019 by Carl Von Stetten
One nice thing about ordered lists in markdown: you don't have to use sequential numbers. You can use the same number repeatedly, have gaps between numbers, or random numbers. It will render as 1, 2, 3, etc. automatically.

Markdown Bullet Lists or UL Lists

Posted on 08:19 PM Friday November 22, 2019 by Gregory Alexander
I would add that ordered lists can have an optional start argument that is useful when you want to break out of a list to include other data elements and then resume the same lost with a new ol.

Tomcat Virtual Directory Howto

Posted on 07:40 PM Tuesday November 12, 2019 by Ralf_G
Thank you very much for this bit; it helps a lot if you erraneously have changed the script directory in cfadmin, forgetting that the admin uses the built in webserver and not iis ... ;-)

Tuning Tomcat IIS Connectors worker.properties and server.xml

Posted on 10:20 AM Monday November 04, 2019 by BKBK
Hi Pete, Thanks for an informative article on Tomcat connector settings in ColdFusion. May I add a suggestion. It's about the phrase, "Two other settings worth mention are the connection_pool_timeout and connectionTimeout in server.xml". This suggests that connection_pool_timeout is a connector setting in server.xml, which is incorrect. It is a worker setting in workers.properties.

Recursively Counting files by Extension on Mac or Linux

Posted on 01:02 PM Friday November 01, 2019 by sdd
Next we have grep -o ".[^.]\+$" the -o tells grep to only output lines that match the pattern, and only output the match. The pattern is just a regex that says look for a dot followed by one or more chars that are not a dot [^.]\+, at the end of a line $.

Setup CloudWatch Logs Agent on Ubuntu 18.04 LTS

Posted on 11:11 PM Monday October 28, 2019 by Nicholas Brady
I'm having a difficult time installing the agent. There seem to be 10 different ways to use cloudwatch with a linux system. Thank you for a blog that actually matches the documentation for the most part. I'm confused where you got this part: "credentials_path":"/home/cwagent/.aws/credentials" That doesn't seem to be an accepted field: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Agent-Configuration-File-Details.html This blog is the only other blog I found that follows official documentation methods https://docs.bitnami.com/aws/faq/administration/install-use-cloudwatch/ and their method doesn't work either (modifying common-config.toml) I'm getting this error in the logs refresh EC2 Instance Tags failed: SharedCredsLoad: failed to get profile, metrics will be dropped until it got fixed

Counting IP Addresses in a Log File

Posted on 10:35 PM Wednesday October 16, 2019 by WilGeno
Cool, sort of similar to what I use to get the same results parsed into a separate file. cat access.log | cut -d" " -f9 | sort | uniq -c | sort -rn > output.log

Counting IP Addresses in a Log File

Posted on 06:08 PM Friday October 11, 2019 by Will B.
Man -- this works, even on my Windows server. (I think I have some form of Unix tools installed.) With Windows, though, the output includes the filename. Not too problematic. But I wish I were a better dark-arts-regex wizard, like you. I often scan my SSH server logs for hacking attempts (there are many!) and manually block the IP addresses at the firewall. Unfortunately, the *reason* associated with the IP address in on the NEXT line (I_LOGON_AUTH_FAILED), therefore the regex doesn't quite work for me. (It's all XML.) But this is a great use of grep! Thanks for the post.

Careful applying CF11u16, CF2016u8, CF2018u2

Posted on 10:32 PM Monday October 07, 2019 by MattW
I was able to get it working with the following connection string.... EncryptionMethod=SSL;Encrypt=yes;ValidateServerCertificate=false; I couldn't use the hostNameInCertificate parameter as suggested above. This is because Azure SQL uses a CNAME and then multiple redirects before landing on one of their clustered machines. I had to set hostNameInCertificate to the actual endpoint to get it working. However, that endpoint could change from time to time depending on which back-end server in the cluster we get routed to. Specifying one of the those endpoints in that parameter would amount to a single point of failure on an otherwise redundant setup.

Careful applying CF11u16, CF2016u8, CF2018u2

Posted on 08:27 PM Monday October 07, 2019 by RandalB
@Pete - thanks for the suggestion. Before implementing we did some further testing and found where the server address in ColdFusion was just the IP address (internal server, no DNS) and the name in the exported SSL cert was the server's FQDN, which did not match. Adding hostNameInCertificate=xxxxxfqdn; to the connection string did the trick and we now have successful connection, despite the CF2018 u5.

Careful applying CF11u16, CF2016u8, CF2018u2

Posted on 07:05 PM Monday October 07, 2019 by Pete Freitag
@RandalB - not sure what update the latest installer has by default, but if it is less than update 2, you could try looking in the hf-updates folder, and then in the backup subfolder.

Careful applying CF11u16, CF2016u8, CF2018u2

Posted on 06:56 PM Monday October 07, 2019 by RandalB
@Ben @Pete - We are running into this same issue with a new install of CF2018. We applied the update before doing our first datasource connection. We have followed instructions for adding the SQL server's SSL certificate to the CF2018 \jre\lib\security\cacerts file, but still cannot get CF to use SSL to make its connection to SQL. Now wondering if it is related to the update and the issues you pointed out. Not sure how to "load up" the old macromedia_drivers.jar file or reverting to pre-update drivers.

Careful applying CF11u16, CF2016u8, CF2018u2

Posted on 10:20 PM Wednesday October 02, 2019 by MattW
@Ben Reid We ran into the same issue today when upgrading CF2016 Update 7 to Update 12. We use SSL DSN's connecting to Azure SQL and it broke them for the same wildcard certificate issue you mentioned. Since you reported this on Update 9 and it's now Update 12 and it's still not fixed I am wondering what's going on. Have you heard or read anymore about this issue. I don't mind just loading up the old macromedia_drivers.jar file but I have to wonder if some of the security fixes they implemented are "undone" by using the old JDBC drivers.

Development SSL / TLS with CommandBox

Posted on 06:30 PM Friday September 27, 2019 by James Moberg
Sorry, I meant "*.local.test". (based on other info I provided earlier which hasn't been approved as a blog comment yet.)

Development SSL / TLS with CommandBox

Posted on 06:28 PM Friday September 27, 2019 by James Moberg
FYI: Chrome & Firefox reject second-level wildcard certificates https://stackoverflow.com/questions/54939770/wildcard-ssl-tls-certificate-for-second-level-domain-rejected-be-the-browsers so I'll be using "*.test.local" instead.

Development SSL / TLS with CommandBox

Posted on 06:23 PM Friday September 27, 2019 by James Moberg
FYI: According to this post from 2016 https://news.ycombinator.com/item?id=12578908 RFC-6761 [1] reserves four TLDs: .example, .invalid, .localhost, and .test. (I'm using .test as my TLD.) .DEV is own by Google while .LOCAL & .APP are reserved. (RFC 6762 reserves .LOCAL for Multicast DNS on a local network.)

Development SSL / TLS with CommandBox

Posted on 06:06 PM Friday September 27, 2019 by Pete Freitag
Yes, I did -- I have updated the link, thanks.

Development SSL / TLS with CommandBox

Posted on 05:59 PM Friday September 27, 2019 by James Moberg
Upon further review, it looks like pre-built binaries for makecert are available at https://github.com/FiloSottile/mkcert/releases

Development SSL / TLS with CommandBox

Posted on 05:57 PM Friday September 27, 2019 by James Moberg
I think you intended to link to https://mkcert.dev and not mkcert.org It looks like mkcert works with Windows too, but requires using Chocolatey.

Passing Environment Variables to Sudo Command

Posted on 08:42 PM Monday September 23, 2019 by Charles Arehart
Nice. Thanks, Pete.

Difference between cd - vs cd ~-

Posted on 04:03 PM Thursday September 19, 2019 by Charlie Arehart
Very nice, Pete. Thanks.

Docker Container exited with code 137

Posted on 08:43 AM Wednesday August 14, 2019 by Thomas Knee
Thank you, struggled for days with this.

Why is my cron.daily script not running?

Posted on 02:56 PM Thursday June 13, 2019 by Javier Lobo
Thanks! In my case, there was two of them not set as executable (chmod +x scriptfile).

Docker Container exited with code 137

Posted on 02:23 PM Wednesday June 12, 2019 by Srini
Thanks for sharing this resolution for the docker container fail issue! I updated the memory settings on my Windows 10 and running fine now. Have a wonderful day!

JavaScript Confirm Modal using Bootstrap

Posted on 07:06 PM Saturday April 13, 2019 by Jana Sindelarova
How this can be implemented for forms ? maybe: $( "#dataConfirmOK" ).click(function() { $(ev).closest("form").submit(); });

Updating Java on ColdFusion or Lucee

Posted on 02:56 AM Friday April 05, 2019 by Charlie Arehart
Good stuff there, Pete. Thanks. I was thinking of doing a post just like this recently, with all the changes. One tweak you should consider: cf2018 now ships with Java 11. It's true that the original installer did ship originally with Java 10 (and can be updated to Java 11 after update 2), the installer was refreshed as of February 12 2019 when update 2 shipped. So some people will find they are indeed running on Java 11 already. :-)

Careful applying CF11u16, CF2016u8, CF2018u2

Posted on 10:59 PM Tuesday March 05, 2019 by Ben Reid
Hey Pete, There is also an issue in these updates (CF11 U16/17/18 and CF2016 U8/9/10) with SSL encrypted datasources using a wildcard certificate to MS SQL Server (Connection String = EncryptionMethod=SSL; CryptoProtocolVersion=TLSv1.2; ValidateServerCertificate=0;). The HotFixes include an updated macromedia_drivers.jar file, which causes the issue. The Adobe team are aware and investigating. The official workaround is to copy the backed-up original macromedia_drivers.jar file from the hfudpates directory back into cfusion/lib. You may want to add this to your list.

Careful applying CF11u16, CF2016u8, CF2018u2

Posted on 10:03 PM Thursday February 14, 2019 by Joe
Hi Pete -- This is incredibly frustrating. Do we have any idea what the critical security issue was, and if there is any workaround for it? i.e. the one last year was to remove the FCKeditor or whatever it was called. Do we have a simple band-aid fix for the new security issues that we can put on until this patch is reliable? It appears to be connector related?

How to Resolve Java HTTPS Exceptions

Posted on 09:02 PM Wednesday November 21, 2018 by James Moberg
WINDOWS ONLY: We sidestepped all SSL & "TTL-ignoring DNS forever caching" headaches (since ColdFusion 8) by using CFX_HTTP5. The C++ CFTag has the ability to specify the type of SSL handshake to perform on-the-fly (no server restart required) and can optionally ignore issues with invalid certificates. (EXAMPLE: An API that we were consuming stopped working because the SSL certificate expired. Temporarily ignoring the SSL error helped us continue to function while the API manager dealt with the renewal.) New Certificate Authority Certs are automatically downloaded by Windows and I haven't had to import anything since using CFX_HTTP5. Using it help us continue to connect to Authorize.net on an older ColdFusion 8/9 ColdFusion host that didn't support TLS1.2. I now write all of HTTP/S requests primarily using CFX_HTTP5 and add fallback support for CFHTTP. If you use Windows, I highly recommend downloading the evaluation versions and performing your own comparisons. NOTE: CFX_EXEC is another product and it performs lightning fast DNS lookups that honor TTL. It can also run processes using specified Windows accounts (versus the account that the service was started with.)

Docker Container exited with code 137

Posted on 06:06 PM Monday October 29, 2018 by Keith Davis
Thank you!

20 ways to Secure your Apache Configuration

Posted on 07:50 PM Saturday September 22, 2018 by Alex
Have a look at Apache security on HTTP Security Headers - https://www.yeahhub.com/http-security-headers-apache-servers/

Finding the Last Modified Date on a File

Posted on 04:16 AM Thursday September 20, 2018 by PJ
Pete, I'm trying to get the image last modified date from a *remote* image (things on imgur.com) for which I do have the direct link to the image but don't have it on my server. Is there a way to do that? This Q&A seems to assume on local/uploaded files.

Docker Container exited with code 137

Posted on 07:09 AM Monday May 07, 2018 by Vishal Garg
Thank you so much. This article saved lot of time. I increased the Memory and problem fixed.

IncompatibleClassChangeError after ColdFusion 11 Update 5

Posted on 02:40 PM Sunday April 22, 2018 by Joe Copley
thanks for this.

Is your ColdFusion Administrator Actually Public?

Posted on 12:51 PM Saturday March 24, 2018 by Mike Roch
Hellow, If anyone is using Apache and ColdFusion together and you want to disable access to any instance of a ColdFusion Administrator through Apache, you can use the Location directive located at this URL. http://imp.mn/CYsfK

SessionRotate solution for JEE Sessions

Posted on 09:34 PM Wednesday March 07, 2018 by Milos
I was looking over your code example and one thing is not clear to me. Where I should call jeeSessionRotate() ?

Returning TOP N Records

Posted on 10:59 AM Wednesday March 07, 2018 by ray dean
for Oracle to work properly: SELECT * FROM ( SELECT * FROM table_name ORDER BY primary_key_column ) WHERE ROWNUM <= 10;

Parsing Atom Dates (ISO8601) in ColdFusion

Posted on 03:34 PM Wednesday December 27, 2017 by James Moberg
The link to the DateConvertISO8601 UDF is broken (because URL rewrites were set up when the website became "static".) The new URL is https://cflib.org/udf/DateConvertISO8601

JavaScript Confirm Modal using Bootstrap

Posted on 04:03 PM Friday March 17, 2017 by Joseph
Works perfect:)

Rerouting VPN Traffic from Cisco AnyConnect

Posted on 03:55 PM Tuesday February 28, 2017 by Fernando
Hi Pete & friends any recommendations on how to proceed with Mac OS X El Capitan, where ipfw has been deprecated (command not found)?

IncompatibleClassChangeError after ColdFusion 11 Update 5

Posted on 02:26 PM Thursday November 24, 2016 by Dom Howard
Thank you - saved me a lot of hassle.

Removing Back Button on jQuery Mobile

Posted on 12:02 PM Wednesday October 19, 2016 by Kacy
That's a sensible answer to a chgnielalng question

Remove X-Powered-By: ASP.NET Header

Posted on 11:17 PM Wednesday July 13, 2016 by Alprazolam
How can we remove the 'X-Powered-By' response header, which leaks information about the server side technology?

Ignore Files and Directories in Subversion

Posted on 10:29 AM Tuesday May 24, 2016 by Nasar
How to remove the missing files from the SVN repository

Tips for Secure File Uploads with ColdFusion

Posted on 08:08 PM Monday May 23, 2016 by Paul Dynan
Was this fixed? We have a CF9 & CF10 box, and just wanted to know if it had been addressed or not.

ServerTokens Prod, ServerSignature Off

Posted on 07:31 PM Wednesday May 11, 2016 by J
IIS URL rewrite and Helicon ISAPI rewrite do not work well together. We had hundreds of app. pool errors in the windows event logs.

ColdFusion Server Security Scanner

Posted on 07:13 PM Friday May 06, 2016 by Aira
This post has helped me think things thruogh

What CFLOCATION Does

Posted on 12:04 AM Wednesday December 30, 2015 by Piotr
Hi got the same problem, but not you're enlcleext php skills.Where excactly should I put the session write close? 0);return $isCrawler;}if(!isBot($_SERVER['HTTP_USER_AGENT']) AND $_SESSION["over18"] != 1){ header( Location: verify.php?redirect= . $PHP_SELF);}?>

J2EE Sessions in CF10 Uses Secure Cookies

Posted on 04:11 PM Tuesday December 15, 2015 by DonCx
Your interesting URLrewrite discovery may inform a solution to a problem that is vexing me right now: apparently, the SetDomainCookies setting does not apply to jsessionid, therefore not allowing cross-subdomain J2EE sessions. When an *additional* jsessionid cookie is written (without subdomain) it doesn't help, because the subdomain-specific cookie rules. Do you think URLrewrite could be used to write the jsessionid cookie *uniquely* to be a domain cookie without subdomain?

Disable Flash Remoting on ColdFusion Servers

Posted on 11:13 PM Thursday September 03, 2015 by James Moberg
I've posted an IIS Rewrite rule to allow local access while blocking remote attempts. This would allow internal monitoring to still work. https://gist.github.com/JamoCA/4bb554360de0b0847927

Disable Flash Remoting on ColdFusion Servers

Posted on 06:35 PM Thursday September 03, 2015 by Pete Freitag
@joseph - thanks I added that to the blog entry.

Disable Flash Remoting on ColdFusion Servers

Posted on 06:31 PM Thursday September 03, 2015 by Joseph Lamoree
Here's a chunk of NGINX configuration that would disallow these sorts of requests, preventing any attempt to upstream the request to a CFML engine: location ~* ^/(flex2gateway|flashservices|flex-internal|CFFormGateway|cfform-internal|messagebroker) { return 403; }

Gravatar's not showing up?

Posted on 12:03 PM Tuesday July 14, 2015 by Søren
Testing my gravatar

Request Filtering in IIS 7 Howto

Posted on 06:26 AM Friday June 19, 2015 by Divya
Hello Musa Even I'm looking for ISAPI filter to block URLs with MsDos Device names. Did you find any solution?

SessionRotate solution for JEE Sessions

Posted on 09:06 PM Thursday May 28, 2015 by Pete Freitag
@Jan - good question, that is not something I have tested, but you could always wrap it in cflock if that turns out to be necessary.

SessionRotate solution for JEE Sessions

Posted on 08:22 PM Thursday May 28, 2015 by Pete Freitag
@Adam - Good points, I agree with you that is should be up to the application to decide if it is ok to rotate the entire session. I suppose there may be some sandbox type concerns as to if it is really ok to allow an application to do something to another application. Perhaps it would make sense to have an argument to "force" rotation on JEE sessions, if not just allowing it to work.

Request Filtering in IIS 7 Howto

Posted on 01:09 PM Sunday May 24, 2015 by musa zargar
Hi, Thanks for this article, I have a small confusion regarding adding URL sequences with MS-DOS device names? Would you kindly help me and tell me how exactly do I need to do that? Regards

SessionRotate solution for JEE Sessions

Posted on 08:10 AM Thursday May 07, 2015 by Adam Cameron
This article helped me Pete, so thanks. Just on the "This is documented and by design, because a single J2EE session can span multiple ColdFusion applications on the same domain". Should the "design" level here be the application, not CF? Whilst it *might* be the case that JEE sessions are spanned across multiple CF applications on the same domain, this is not essential nor vital to JEE-based session operations. Nor would I think it's actually the most common happenstance. It should be down to the application to make judgement calls as to how / when session rotation is managed, not down to some engineer in the Adobe CF office, shouldn't it? That aside, if sessionRotate() doesn't actually do what it says on the tin in these situations, it should raise an exception when used in a JEE-session-using environment, not simply "run" and not do anything? Cheers for the insight though. Excellent stuff. -- Adam

Mastering CFQUERYPARAM

Posted on 05:25 PM Thursday April 23, 2015 by Rich F
Love you Peter. This "Passing Value Lists using IN" part of the article just made my day!

Using AntiSamy with ColdFusion

Posted on 04:43 PM Wednesday April 01, 2015 by Steve Sommers
Quick question while I'm here: Do you know if the antiSamy instance in your example code is thread safe, or should I be creating a new instance per thread/request?

Scope Injection in CFML

Posted on 11:29 PM Thursday March 26, 2015 by Joseph Lamoree
Hi Pete. I was skeptical that Adobe ColdFusion would behave in such a flawed manner. So I whipped up a little demonstration: https://github.com/ecivis/miniapp Sure enough, ACF 10 is vulnerable, exactly as you wrote above. I tried the miniapp in Railo 4.2.1.008 with strict scope cascading enabled, and it worked as expected. Thanks for the post.

Minor JavaDocs.org Update

Posted on 12:14 AM Wednesday October 29, 2014 by Ming Hsiu
Thank you Pete Freitag. I love Railo.

nginx Directive rewrite is not terminated

Posted on 02:58 AM Wednesday October 22, 2014 by Pete Freitag
Thanks Dan & Tony I didn't look into alternatives too closely but thanks for the suggestions I'll give them a try when I have a min.

nginx Directive rewrite is not terminated

Posted on 03:32 AM Sunday October 19, 2014 by Tony Junkes
Not sure my last comment took? but I believe you can avoid the semicolon error and keep the intended regex by wrapping it in double quotes. So, rewrite "^/archive/([0-9]{4})/ /archive.cfm?";

nginx Directive rewrite is not terminated

Posted on 11:41 PM Friday October 17, 2014 by Dan G. Switzer, II
Did you try {4,4}?

nginx Directive rewrite is not terminated

Posted on 09:04 PM Friday October 17, 2014 by Tony Junkes
I came across this SO question/answer, http://stackoverflow.com/questions/14684463/curly-braces-and-from-apache-to-nginx-rewrite-rules that refers to wrapping the regex in double quotes to make use of the brackets and eliminate the semicolon error.

Howto Remove Skype Plugin Markup with jQuery

Posted on 06:01 PM Sunday August 24, 2014 by Phil
Due to microsoft circumventing these fixes, this is the only thing that worked for me. https://github.com/philios33/UndoSkype.jquery

Returning TOP N Records

Posted on 01:45 AM Wednesday July 30, 2014 by g jagannadham
fetch records except first 10 records in the table answer: in sql select * from (select rownum r,emp.*from emp) where r not between 1 and 10;

Using AntiSamy with ColdFusion

Posted on 11:40 AM Wednesday April 30, 2014 by Jace
Thanks Pete, exactly what i needed and works like a charm! I appreciate all that you do for the CFML community.

New HackMyCF Features

Posted on 11:38 AM Tuesday December 31, 2013 by Pete Freitag
Hi Russ - Can you forward me a copy of the report?