1

We are using Windows 2008R2, IIS 7.5, Coldfusion 9 and our websites are virtually hosted. A number of websites use windows authentication protected folders to limit access.

We are finding that html, images, asp are protected but the .cfm files are not. Employees, who are not in the permission group, click on a link, are challenged but after either providing credentials or cancelling the password challenge form several times are passed through to a page display of the text in the .cfm file but Images are absent.

Handler mappings - ISapModules are set up in IIS. wildcard points to jrun_iis6_wildcard.dll All others point to jrun_iis6.dll Request restrictions: Involke handler if request is mapped to: file all verbs Access: script

Do you have any suggestions?

sue levy
  • 11
  • 2

1 Answers1

1

Maybe the permissions on the .cfm file (or containing directory) are less restrictive than the permissions on the /images subdirectory, and it is challenging the user for each image it is trying to load into the page, but not challenging for the markup file itself?

Chris
  • 21
  • 1