In one of our first releases of Railo 2.0 we introduced the ability of the function expandpath() to be aware of the directory placeholders. So you could use code like follows:
<cfset sWebRoot = expandPath("{web-root-directory}")>
<cfset sTempDir = expandPath("{temp-directory}")>
...As an opposite to expandPath() we introduced the new function contractPath() Which tries to create a URL out of a certain directory:
<cfset abs=expandPath('/railo-context/wddx.cfm')>
<cfdump var="#abs#">
<cfdump var="#contractPath(abs)#">This returns:
| string | D:\Projects\Railo\webroot\WEB-INF\railo\context\wddx.cfm |
| string | /railo-context/wddx.cfm |
Since some applications like Alfresco's WCM are interpreting some dynamical generated files in the WEB-INF directory, or you want to remove these files to high performance disks, you can change the target for the generation of these files.
There are two ways for doing this in Railo:
- You can just stop the Railo service, edit the WEB-INF/railo/railo-web.xml (or railo-web.cfm) and change the following settings:
<file-system deploy-directory="{railo-web}/cfclasses/" fld-directory="{railo-web}/library/fld/" temp-directory="{railo-web}/temp/" tld-directory="{railo-web}/library/tld/">
</file-system>
Here, with Railo 2 you could use the following settings:
a. {temp-directory} this sets the location to your server's temp directory (files remain persistent)<file-system deploy-directory="{temp-directory}/cfclasses/" fld-directory="{railo-web}/library/fld/" temp-directory="{temp-directory}/temp/" tld-directory="{railo-web}/library/tld/">
</file-system>
b. RAM this sets the location to your server's ram (the generated files remain persistent until the server is restarted)<file-system deploy-directory="ram:///cfclasses/" fld-directory="{railo-web}/library/fld/" temp-directory="ram:///temp/" tld-directory="{railo-web}/library/tld/">
</file-system>
c. You can of course set any physical directory you like:<file-system deploy-directory="c:/inetpub/tempFiles/cfclasses/" fld-directory="{railo-web}/library/fld/" temp-directory="c:/inetpub/tempFiles/cfclasses/temp/" tld-directory="{railo-web}/library/tld/">
</file-system>
Note that you must not mix temporary generated files from two different webroots. So the railo-web.xml[.cfm] in two different WEB-INF folders should not point to the same location for these dynamically generated files. -
You can just stop the Railo service, edit the app-default.xml of your Resin installation and change the location of the WEB-INF folder:
OLD:<servlet servlet-name="CFMLServlet"
servlet-class="railo.loader.servlet.CFMLServlet">
<init-param>
<param-name>railo-web-directory</param-name>
<param-value>{web-root-directory}/WEB-INF/railo/</param-value>
<description>Railo Web Directory directory</description>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
NEW:<servlet servlet-name="CFMLServlet"
servlet-class="railo.loader.servlet.CFMLServlet">
<init-param>
<param-name>railo-web-directory</param-name>
<param-value>{web-root-directory}/../railo-web-directory/</param-value>
<description>Railo Web Directory directory</description>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
Then you have relocated the Railo context folder to another location outside the web's root. But again be aware not to mix two different Railo folders into the same location.
Securing the configuration
In order to secure your Railo context folder you can either move it to another location by using method 2 above or by placing some security within the folder.- use a .htaccess file in order to secure it with a login
- accordingly enable directory security inside IIS
- Create a virtual directory which points to a different location. Railo is aware of the original path.
In Railo 2.0.0.015 we added the possibility of the railo-web.xml file to be created as railo-web.cfm. So we can prevent the direct access to the file if the WEB-INF folder is unprotected.
0 responses so far ↓
There are no comments yet...Kick things off by filling out the form below.
Leave a Comment