I recently upgraded a server to Railo 4 and noticed my catalina folder started to fill up with random folder names, e.g.

C:\railo\tomcat\conf\Catalina\acoaqnyfnl (or whatever the equivalent is on Linux)

Every time I checked back the number of randomly created folders had increased exponentially, I ended up with thousands of them before I found the cause. This can cause multiple issues if left to grow, affecting the performance of Railo and Tomcat and your server in general once you get seriously large numbers of files or folders.

I poste don twitter a few times but unfortunately not one single person in the Railo community had a clue on this one so I was rather stumped initially.
Then it dawned on me, this folder normally only contains an entry/folder for each of your virtual hosts, so I went and checked another server and noticed that not only did it contain a folder for each virtual host, but also for any other domain alias that pointed at those virtual hosts, even if they were not defined in the server.xml.

Once I realised this then the reason why the folders were being created became obvious, any host header that is used to access any Railo site on your server will cause a new folder to be created in c:\railo\tomcat\conf\Catalina, at this point I don't actually know why this happens only that it does. Previously I thought that any aliases had to be defined in the virtual host config, but this is obviously not the case.

So the next question is why are all those host headers getting through?

This one was simple too, the default website on IIS is set to respond on <ALL Undefined> by default, meaning that it doesn't expect any host header and will display the default website for anything that points to any IP on the server if there is no other site with a valid entry for that host header. And of course Railo is installed to the default website as the default webapp.

So the next question was, why all the random folder names, which clearly were not normal host headers as they were not domain names. My first thought was that it could be bots trying to hack the server using randomly generated host names, so I checked my IIS logs and found a bunch of entries like this.

 

2013-02-06 07:08:10 W3SVC1 BTI-APP1 1.2.3.4 HEAD / - 80 – 5.6.7.8 HTTP/1.1 Mozilla/5.0+(Macintosh;+Intel+Mac+OS+X+10_8_2)+AppleWebKit/537.17+(KHTML,+like+Gecko)+Chrome/24.0.1312.57+Safari/537.17 - - kcqtvklylt 200 0 0 259 249 3430

As you can see the request was coming form a MAC and was using the host header "kcqtvklylt", which explains the folder names.

Whether this was dodgy or not I really could not tell, the logs did not show any specific filenames being requested or any query strings such as sql injection, but I guess it certainly could be a trojan or malware of some sort scanning servers for open ports, which seems more likely than a hacker using a Mac

The solution was simply to put a host header on the default website to stop these requests even getting through the web server, once I did that the problem went away and no more randomly created folders.

and the moral of this tale, if you are running Railo or anything else on Tomcat, always use host headers (bindings) for all your sites, do not have any setup to allow <all undefined> or "*" without any host header at all.

MangoBlog uses TinyMCE editor when adding/editing articles and pages, which by default will strip out certain tags, including iframe tags, which I needed for posting youtube videos.

The solution is actually very simple.

open up the admin/editorSettings.cfm

and add the following line with any tags[parameters] you want to allow.

extended_valid_elements : "span[class|style],code[class],iframe[src|width|height|name|align|frameborder|scrolling]",

 

In addition if you have “script protection” enabled, then this will replace certain tags (such as iframe) with the text “InvalidTag”. Either your ColdFusion/Railo Admin has Enable Global Script Protection turned on or your Application has scriptProtect set to true. This would be set in either the CFAPPLICATION tag or the This scope of your Application.cfc file.

below is the full code with my amendment.

[code:js]

<!-- TinyMCE -->
<script type="text/javascript" src="assets/editors/tinymce_3/jscripts/tiny_mce/tiny_mce.js"></script>
<script type="text/javascript">
    <mangoAdmin:Event name="beforeTinyMCEinit" />
    tinyMCE.init({
        mode : "specific_textareas",
        editor_selector : "htmlEditor",
        theme : "advanced",
        plugins : "table,save,contextmenu,paste,noneditable,asffileexplorer",
        entity_encoding : "raw",
        theme_advanced_toolbar_location : "top",
        theme_advanced_toolbar_align : "left",
        theme_advanced_path_location : "bottom",
        theme_advanced_buttons1 : "bold,italic,formatselect,styleselect,bullist,numlist,del,separator,outdent,indent,separator,undo,redo,separator,link,unlink,anchor,image,cleanup,removeformat,charmap,code,help",
        theme_advanced_buttons2 : "",
        theme_advanced_buttons3 : "",
        paste_remove_spans: true,
        extended_valid_elements : "span[class|style],code[class],iframe[src|width|height|name|align|frameborder|scrolling]",
        theme_advanced_resize_horizontal : false,
        theme_advanced_resizing : true,
        relative_urls : false,
        remove_linebreaks : false,
        strict_loading_mode: tinymce.isWebKit,
        document_base_url : "<cfoutput>#blog.getbasePath()#</cfoutput>",
        <cfif len(currentSkin.adminEditorCss)><cfoutput>
        content_css : "#blog.getbasePath()#skins/#blog.getSkin()#/#currentSkin.adminEditorCss#",
        </cfoutput></cfif>
        <mangoAdmin:Event name="tinyMCEinit" />
        <cfoutput>
        plugin_asffileexplorer_browseurl : '#blog.getSetting('urls').admin#assets/editors/tinymce_3/jscripts/tiny_mce/plugins/asffileexplorer/fileexplorer.cfm',
        plugin_asffileexplorer_assetsUrl:'#fileUrl#',
        file_browser_callback : 'ASFFileExplorerPlugin_browse'
        </cfoutput>,
        onchange_callback: function(editor) {
            tinyMCE.triggerSave();
            $("#" + editor.id).valid();
        }
    });
    <mangoAdmin:Event name="afterTinyMCEinit" />
</script>
<!-- /TinyMCE –>

[/code]

I am currently beta testing the latest WebsitePanel 2.0 release, which has a some great new features thanks to Helicon who have contributed support for their ZOO engine. Helicon ZOO is what I currently use to provide Railo hosting over on cfmldeveloper.
Below are some videos showing the new features, which as you can see make installing Railo and Mura a synch.
The new features will be available on CFMLDEVELOPER when the Beta is released and when our host BlueThunder do the upgrade.

Railo installer

Easily install Railo on your server via WebsitePanel.

Railo Project Template

Enable Railo on your website by installing a template project and enabling the Helicon Zoo module.

Mura Installer

Easily install Mura on your site via Microsoft Gallery installer.

I have recently discovered some issues when running Railo on IIS 7 along with ASP.net and/or custom modules. In certain situations you will get a "Object reference not set to an instance of an object" error on your CFM pages even though they were working fine previously.

In particular my issue was being caused when using custom modules were installed for password protected folder, such as the WebsitePanel module or Helicon APE, which then broke CFM pages.

The solution is actually really simple, you just need to convert your "jakarta" virtual directory into an application. Obviously this only applies if you are using the Tomcat or similar distro which requires such a virtual directory. If you are using the Helicon Zoo module then you will have no such issue.

I am not absolute sure why this occurs, but my guess would be because the request is first handed off of the connector to be processed by Tomcat, which process in the process being returned to IIS with the wrong identity, and thus fails to execute the module in-process.
By setting the jarkarta vDir to an application it then then runs the connector using the application pool identity instead.

So if you switch to a different application pool or identity or even .net version/mode then you may need to also change the jakarta vDir to be the same.

Another of the big annoyances with Railo is that it won't handle SEO friendly URL's out of the box, you need to get into the application servers servlet mappings to add url filters for each of your SEO URL formats.

e.g. each of these would require a separate servlet mappings url-filter.

mysite.com/index.cfm/something
mysite.com/sub1/index.cfm/something
mysite.com/muraCMS/index.cfm/something

If you are on a shared server then this can be a big problem as you do not have the ability to do this, plus making changes may also break other sites.

Thankfully there is a solution that allows you to apply these url filters on a per site basis, at least for Jetty anyway, I have not tested on any of the other servlet containers such as Tomcat, but the same solution is likely possible.

in your web root you will have a "web-inf" folder which is created automatically and contains your Railo context, inside this folder create a web.xml file and paste in the below contents. 
This will allow the most common SEO URL  "index.cfm/something" to work, I have also included the required filters for MangoBlog. Now you just need to modify this file within each of your sites and add any required url-filters.
The only caveat is that you need to restart your app server in order for the settings to take affect, if you are using the Helicon Zoo module that I blogged about previously then you simply need to recycle your application pool. This can be achieved by editing your web.config as any change to this file forces IIS to recycle the application pool.

 

[code:xml]

<?xml version="1.0" encoding="ISO-8859-1"?>

 

<web-app

xmlns="http://java.sun.com/xml/ns/javaee"

xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"

metadata-complete="true"

version="2.5"

>

<servlet-mapping>

<servlet-name>CFMLServlet</servlet-name>

<url-pattern>index.cfm/*</url-pattern>

<url-pattern>/post.cfm/*</url-pattern>

<url-pattern>/archives.cfm/*</url-pattern>

<url-pattern>/page.cfm/*</url-pattern>

<url-pattern>/author.cfm/*</url-pattern>

<url-pattern>/feeds.cfm/*</url-pattern>

</servlet-mapping>

</web-app>

[/code]