This Ray Camden blog post may help: http://www.raymondcamden.com/2014/05/22/Important-note-about-ColdFusion-11-and-CFHTTP
-- Larry C. Lyons Applications Architect US Department of the Interior Office of the Secretary Office of the Chief Information Officer -- > Hi all, > > I'm working with Adobe support on this issue but I wanted to post it > out to this group in case anyone has ideas on how to deal with this > situation. > > We've got some internal only CF apps that live behind a web proxy on > our network. In CF 9 we could make CFHTTP requests to external vendor > sites over HTTPS, with the proxy attributes set correctly, everything > worked great. Now we're in the process of moving to CF 11 and this no > longer works (only with URLs that are accessed over HTTPS, like our > payment processor, HTTP requests are fine). > > As a test I set up two CFHTTP calls using the same URL, one over HTTP > and one over HTTPS. On CF 11 when I use the CFHTTP tag for the HTTP > URL (with proxy settings and credentials) I get a 200 OK response and > the page contents (perfect). When I try the exact same tag with the > HTTPS URL, I get a 407 Proxy Authentication Required (boo). > > I've tried different JVMs, different platforms (Windows 7, Server 2012, > Mac OS X) with no difference. > > What I discovered when I did a packet capture was that for the HTTP > request (CF 9 or CF 11) I had a "Proxy-Authorization" header with the > credentials Base64 encoded. For the HTTPS request, CF 9 has that same > Proxy-Authorization header, but CF 11 does not. In fact there are > quite a few request headers missing in the HTTP request for HTTPS in > CF 11. > > I tried to manually add the header using the CFHTTPPARAM tag which did > not seem to change anything. > > I've been working with support for about three weeks now and I'm not > making any headway. I have confirmed for them that everything works > in CF 9 (running on JRun) but not in either CF 10 or CF 11 (which is > Tomcat based). So I'm wondering if there's a Tomcat problem, but > since the shipped version of Tomcat is Adobe ColdFusion specific I'm > hoping that the Adobe engineers can identify a solution. > > Has anyone run in to anything like this, and if so, how did you fix > it? > > Thanks in advance, > Lincoln > > > Lincoln Milner > Web Technical Lead > Database Services > Donegal Insurance Group > lincolnmil...@donegalgroup.com<mailto:lincolnmil...@donegalgroup.com> > > > E-MAIL CONFIDENTIALITY NOTICE: This e-mail from Donegal Insurance > Group may contain CONFIDENTIAL and legally protected information. If > you are not an intended recipient, please do not copy, use or disclose > this email or its contents to others; and please notify us by calling > toll free (800) 877-0600 x7880 or by replying to this message, and > then delete it from your system. Delivery of this email to an > unintended recipient is not a waiver of any attorney-client or other > applicable privilege. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:360463 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm