HTTP Status 403 – Forbidden after ColdFusion upgrade on Apache
NOTE: This post is relevant for the Apache-based servers. For IIS-based servers, see https://handyman.dulare.com/http-status-403-forbidden-after-coldfusion-upgrade/
I noticed that this issue occurs on ColdFusion 2016 and 2018 after the ColdFusion server update. The symptoms are rather strange:
HTTP Status 403 – Forbidden. And – it comes from Tomcat, not the Apache server itself.
The connector-based solution
The first thing to do is to update the connector between Apache and ColdFusion. This is a must-have for most of the ColdFusion updates nowadays.
On Linux, it is rather simple. Find your wsconfig application (it is typically located in:
/opt/coldfusion[2016|2018]/config/wsconfig
and you can simply run:
./wsconfig -upgrade
The connector is upgraded but the site still shows 403
If the site is still not working, try to remove .htaccess file for a while (or rename it). If the error is gone, it means that you have an additional issue, which is related to the headers sent to Tomcat.
Most likely, you have a rule in your .htaccess file that comes with the “.*” expression. This leads to the issue with Tomcat server.
In such a case, locate server.xml file which is typically located here:
/opt/coldfusion[2016|2018]/cfusion/runtime/conf/server.xml
In the file, find the line that starts with:
<Connector connectionTimeout="60000" maxThreads="100"
And inside this configuration line add this statement:
allowedRequestAttributesPattern=".*"
As the last step, save the file and restart ColdFusion server. It should now work properly.
Thank you very much, I was having this exact problem, adding to the server.xml worked.
It is good to know that adjustment to the server.xml worked for you 🙂 thank you for the information.