WOOHOO!!!!!!!!!!!!!!!!!!!!!

6000 downloads of my projects. Not too bad.

It seems like in the Java version that come with CF9 there has been done changes to the objects serialization process. So that if for example being on ColdFusion 8 you serialized a query and saved it to a file and then being on ColdFusion 9 you will try to read it from that file and deserialize it, you will get an error like:

Message         coldfusion.sql.imq.imqTable; local class incompatible: stream classdesc serialVersionUID = 204918878759614904, local class serialVersionUID = -4268876343395905062 



Type     java.io.InvalidClassException

classname       coldfusion.sql.imq.imqTable

I wasn't aware of it till yesterday when i got an email from Sami Hoda stating that he have problems running cfFirewall.
So i did some tests today and as soon as i deleted previously saved settings and created them again all started to work well.
This way, thouse of you who will get into such situation, all is needed is:

1. save your settings from: Allowed Scripts, Bad Strings, Filtered RegEx, IPs
2. in the cfFirewallFiles empty the following files: allowedScripts.cfm, badStrings.cfm, filteredRegEx.cfm, ips.cfm
3. create your setting records again

That's all. Have a nice day everyone.

Ok... i've put together some description and now cfFirewall officially is out. How sweet it sound! LOL

Hope some of you will find it useful.

A bit over one week ago, Pete Freitag announced about a comming Web Application Firewall for ColdFusion. I think this is a very good idea and i see places to use it. But being impatient about something i would really want to see and try, and having some free time last week end, i thought i would do something similar while waiting to see what Pete will come with.

What i've got is a small application that allow:
1) Define allowed IPs (the list of IPs that can access your site)
2) Define denied IPs (the lists of IPs that can't access your site)
3) Define allowed scripts (the list of cfml scripts that can be accessed directly)
4) Define bad strings (the lists of strings/words that you don't want to get in through URL, COOKIE, FORM structures). Probably this is more appropiate for forum applications so may be of less usage though.
5) Define RegEx expressions that would allow you to replace some strings with other strings. (something similar to the "Enable Global Script Protection" option in CF Admin, but allowing you to set any RegEx expressions you want)
6) A settings page that will allow to enable/disable any of the named tools as well as the option to "Auto Block IPs" that got catched by the point 4 or 5, an option to have a hard log (file log), the possibility to set the message that is displayed to the customer whos IP is not allowed.
7) A dynamic log of catched problems (the size of this log can be defined in the Settings page).
8) A link that will reload the data to the application scope of the "watched" site.

It's almost 3am here already, but tomorrow I am going to put together some short documentation and make this tool available through 1SmartSolution and RiaForge.

But i REALLY would be interested to know if someone find such a tool usefull (based on the above description). And to know if someone have any other ideas of what such a tool would be good to have.