3 Replies Latest reply: Jun 10, 2014 12:31 PM by W John Weber RSS

    Bind ColdFusion instance to a single IP?

    Leith Tussing Community Member
    Leith Tussing Oct 2, 2012 12:58 PM

      I'm working on migrating our servers to a new IP range (exists on a new network) so I added a 2nd virtual network line that I then added the new IPs to.  We run multiple websites on one CF9 install using multiple IPs on Windows 2008 R2 using IIS 7.5 as the web server. I'm currently working with our development server to test the process before moving to the various production ones.

       

      Previous Behavior - ColdFusion would bind itself to the root IP of the system when there was only one network card even if it had multiple IPs.  This was useful because we could get a static IP mapping to that internal IP so any outbound calls off network to external resources (FTP, SQL, etc) could be permitted by that single IP.  This has worked for 5+ years of CFMX/CF7/CF8/CF9.

       

      New Behavior - After adding the extra network line, adding IPs to it, and rebooting the machine ColdFusion now has chosen one of the various IPs on the new interface to bind to.  The IP it bound to was not even the root IP of that network card.  This resulted in all outbound calls now being blocked because they were no longer coming from the particular IP they were originally coming from.

       

      Question - How can I bind ColdFusion 8/9 to a single specific IP when it starts up so that I can ensure it always communicates outbound on the same IP?  I've done a bunch of searching and looking into the various files of CF itself but I haven't found a good resource or answer on how to specifically do this.

        • 1. Re: Bind ColdFusion instance to a single IP?
          Charlie Arehart CommunityMVP
          Charlie Arehart Oct 2, 2012 3:12 PM (in response to Leith Tussing)

          Leith, I’m a little surprised to hear you assert that “ColdFusion now has chosen one of the various IPs”. CF really isn’t involved in this decision, as far as I know. Are you not talking about IIS, really? And either way, do you really mean outgoing or incoming requests? If ougoing, what do you mean? CFHTTP calls? Web service invocations?

           

          In any case, you talk about things being “different”, but it’s not clear from your note what has “changed”. Is it perhaps that you previously ran CF on IIS 6/Windows 2003? Or even if it was previously IIS 7/2008, was that previous implementation running IIS 7 in IIS 6 compatibility mode? I ask because things have indeed changed, with respect to CF running on IIS 7 without IIS 6 compatibility.

           

          For one thing, that wasn’t supported before 9.0.1 (IIS 7 without IIS compatibility mode being enabled). For another, in this configuration (CF connected to IIS 7/7/5 without IIS 6 compatibility mode), things are indeed different, but not so much “about CF” but about IIS. For instance, before when one configured “all sites”, any newly added sites would inherit the settings the needed CF configuration settings (within IIS,  like wildcard mappings and other handler mappings). Now, if IIS 6 compat is not added, it instead does NOT work that way. You have to rerun the web svr config tool to re-add “all sites” to have the settings added.

           

          Now, you may know all of this, and you may think (or know) that it does not apply to your current challenge. But on the chance that there could be a connection (and you didn’t consider it), I wanted to bring this to your attention. This info is discussed in the CF docs (install, and admin guides) for 9.0.1 and 10, in the section on configuring IIS.

           

          Hope that helps.

           

          /charlie

          • 2. Re: Bind ColdFusion instance to a single IP?
            Leith Tussing Community Member
            Leith Tussing Oct 2, 2012 3:32 PM (in response to Charlie Arehart)

            This relates to the CF server services themselves and not the IIS websites running.  What has changed is I added the 2nd virtual network adapter.  I have two development servers running right now, CF8.0.1 on Windows 2003 32bit & CF9.0.1 on Windows 2008 R2 and I'm using them as the testbeds for migrating the systems to the new network.  Up until now whenever CF loaded it bound itself to all IPs but one of those IPs (always in the past the machine IP) became the one that when the CF server talked outbound to other systems it was the IP it communicated to them on.  By outbound I mean items such as data source connections talking to SQL servers on remote networks.  So if the root IP was 10.1.1.1 and the same NIC also had 10.1.1.2~10.1.1.10 on it as well other machines would receive information from the 10.1.1.1 IP.  What I've done is added a 2nd NIC with 10.2.2.1 and 10.2.2.2~10.2.2.10 on it.  Based on the previous behavior one would expect CF to talk to other systems either by the 10.1.1.1 or 10.2.2.1 IP but instead what I am witnessing is it is using the 10.2.2.7 IP to talk outbound with instead.  The issue is I can not give static IP mappings to every IP on the system to then provide to the remote resources to permit inbound access from.  So I need a way to force the CF server itself to only latch on to one IP.

             

            Doing some more research into JRun I did come across some talk of altering the internal web server to run on a single IP by changing the interface value in the jrun.xml file.  When CF starts it binds to all IPs on the system which can be witnessed from the runtime\logs showing *:PORT and is configured as such in the jrun.xml files.  I don't run the internal web server but there are other interface bindings in the same file latching onto *:51800 which then the \runtime\lib\wsconfig\1\jrun_iis6_wildcard.ini latches onto as well "bootstrap=127.0.0.1:51800" to call back to that interface.

             

            I could start hacking away at those files but what I'm looking for is the proper process to get the CF server services themselves to not bind all IPs but just one so that I can guarantee it always talks outbound on that single IP.

            • 3. Re: Bind ColdFusion instance to a single IP?
              W John Weber Community Member
              W John Weber Jun 10, 2014 12:31 PM (in response to Leith Tussing)

              I had a similar issue, which I just fixed.  We added a static route (Create a Static Route) to the server, so that whenever Coldfusion (or any application) attempts to FTP to a specific destination, it uses a specific outgoing IP.