When setting up a FarCry web app its usual to configure a resource mapping for /farcry to grant the application access to the framework. It’s also very common to create a specific admin virtual/alias on the web server that points direct to the the /webtop.
For example on NGINX, you might use something like:
location /webtop {
alias /var/www/farcry/core/webtop;
try_files $uri $uri/ $uri.index.cfm $uri/index.cfm;
}
Note, you can always just dump the entire framework into the webroot but mapping resources is a much better approach.
For the /farcry mapping in Lucee there are two very important settings:
- Inspect Templates: set this to
Once (Good); this will give you a significant performance boost whilst still allowing you to make changes to files while you are developing - Web Accessible: set this to
blankorUnchecked; flagging the resource as not accessible via the web adds additional security to your environment, and makes sure you don’t accidentally expose a vulnerability in your application by allowing malicious users to address templates out of context directly via the web
If you are adjusting your lucee-web.xml.cfm configuration file directly, then a correctly configured /farcry mapping would look something like:
<mapping
inspect-template="once"
physical="{web-root-directory}/farcry"
primary="physical"
toplevel="false"
virtual="/farcry"/>
Note, toplevel="false" is the flag for “Web Accessible”.