I have a couple of Umbraco installs with my shared hosting provider Rackspace Cloud Sites. I upgraded a couple of my sites from version 7.2.1 to version 7.3.3. During this process I was notified by hosting provider that my app was trying to make use of "cmd.exe" which their security policy does not allow. I asked if they wouldn't mind running a procmon to see what exactly was going on and they found lots of failures like the following when just browsing web pages :
w3wp.exe 2872 Process Create C:\Windows\SysWOW64\cmd.exe SUCCESS PID: 5508, Command line: "cmd" /c jpegtran -copy all -optimize -progressive "C:\Windows\TEMP\tmpBC56.jpg" "C:\Windows\TEMP\tmpBC56.jpg"
I've verified with my hosting provider that blocking of cmd.exe has been in place for over a year. My question is why is this version of Umbraco making use of cmd.exe when it appears previous versions were not? As their security software is blockign these "cmd.exe" commands being issued it would seem I'm missing out on whatever image optimizations that appear to be going on? Any insight into this would be great.
Thank you so much for your response. Unfortunately I do not run anything beyond the stock Umbraco install. To rule out plugins, I went ahead and installed a fresh version of Umbraco v 7.3.3 and used the Umbraco TXT Responsive Starter Kit.
When I browse to any page that has an image those images do not load because for some reason the new version (7.3.3) of Umbraco is issuing "cmd.exe" commands against jpg's and png's as far as my research has indicated. To help narrow this down my hosting provider tried to load an image directly such as http://domain.com/media/SampleImages/1060/pic02.jpg while running a procmon
And the following is received from IIS :
[Win32Exception (0x80004005): This program is blocked by group policy. For more information, contact your system administrator]
System.Diagnostics.Process.StartWithCreateProcess(ProcessStartInfo startInfo) +1789
System.Diagnostics.Process.Start() +6814726
ImageProcessor.Web.PostProcessor.PostProcessor.RunProcess(String sourceFile, Int64 length) +325
ImageProcessor.Web.PostProcessor.
The associated process that kept this image from loading was :
w3wp.exe 6920 Process Create C:\Windows\SysWOW64\cmd.exe SUCCESS PID: 7708, Command line: "cmd" /c jpegtran -copy all -optimize -progressive "C:\Windows\TEMP\tmp42D9.jpg" "C:\Windows\TEMP\tmp42D9.jpg"
To reiterate, this is using the DEFAULT Umbraco install found here : https://our.umbraco.org/contribute/releases/733 and using the default starter kit. Full trust is enabled, and impersonation is enabled although it's interesting to note that it seems to be ignored and rather using the application pool user (this is another topic).
At this point I've reverted to backups of 7.2.1 as they load images fine and do not have this same problem. Any additional insight you have would be helpful regarding this.
Thanks for pointing that out. Upon further investigation It seems that Umbraco ships with a dll called ImageProcessor.dll. This dll is what is causing the the previous "cmd.exe" commands I've been mentioning. It appears I was able to track down the culprit here : https://github.com/JimBobSquarePants/ImageProcessor/blob/V2/src/ImageProcessor.Web/PostProcessor/PostProcessor.cs. As you can see line 48 calls method RunProcess which contains a reference to ProcessStartInfo("cmd"). You'll also see references to jpegtran on lines 150, and 153.
As workaround I'm currently commenting out the two references to the module "ImageProcessorModule" in the root web.config of my Umbraco installation.
one in system.web > httpModules
and another in system.webServer > Modules
Once I commented these out, my images began loading and I no longer was hitting my hosting providers security policy. Now that we know this I have a few questions.
My research shows you guys added these references back in release 7.1.6 (https://our.umbraco.org/contribute/releases/716/). According to that post if I don't have those references my images will be cropped?
Is this the cropping issue just one side affect of not making use of the "ImageProcessorModule"?
Is there any reason why you guys havn't looked into deploying version 3 of this image processor module? Version 3 does not appear to make use of "cmd.exe" which seemed a bit wonky to me to begin with.
You can downgrade to ImageProcessor.Web 4.3.6 which does not have this code in it.
The v3 branch of ImageProcessor is a complete rebuild for ASP.NET 5, the new version of .NET (currently in beta) and won't work on .NET 4.
Thanks for bringing this to our attention! I'll report the issue with James from ImageProcessor so that we can get it fixed and included in the next release of Umbraco.
I think if you install the configuration package for ImageProcessor you can turn this off with the postProcess="false" setting in Processing.config, see here
There's absolutely nothing "wonky" about using "cmd" to do what I am doing and I'd really rather you didn't describe it as such. What I am actually doing is implementing a more advanced version of what Mads Kristensen is doing in Azure Image Optimizer. It's a pretty standard concept.
There's extensive documentation for ImageProcessor including documentation on the post processor and configuration. I encourage you to read it.
V3, As, described clearly in the readme, is an attempt at building a cross platform graphics library that will support Corefx. If you had read that readme or looked at the source code. then you would have understood that there is not a module (ImageProcessor is a hell of a lot more than a simple HttpModule btw) in development yet.
Umbraco 7.3.3 png.CMD
Hello,
I have a couple of Umbraco installs with my shared hosting provider Rackspace Cloud Sites. I upgraded a couple of my sites from version 7.2.1 to version 7.3.3. During this process I was notified by hosting provider that my app was trying to make use of "cmd.exe" which their security policy does not allow. I asked if they wouldn't mind running a procmon to see what exactly was going on and they found lots of failures like the following when just browsing web pages :
w3wp.exe 2872 Process Create C:\Windows\SysWOW64\cmd.exe SUCCESS PID: 3888, Command line: "cmd" /c png.cmd "C:\Windows\TEMP\tmpB9B3.png"
and
w3wp.exe 2872 Process Create C:\Windows\SysWOW64\cmd.exe SUCCESS PID: 5508, Command line: "cmd" /c jpegtran -copy all -optimize -progressive "C:\Windows\TEMP\tmpBC56.jpg" "C:\Windows\TEMP\tmpBC56.jpg"
I've verified with my hosting provider that blocking of cmd.exe has been in place for over a year. My question is why is this version of Umbraco making use of cmd.exe when it appears previous versions were not? As their security software is blockign these "cmd.exe" commands being issued it would seem I'm missing out on whatever image optimizations that appear to be going on? Any insight into this would be great.
Thanks, Matt
Umbraco does not do this. Maybe one of your plugins?
Sebastiaan,
Thank you so much for your response. Unfortunately I do not run anything beyond the stock Umbraco install. To rule out plugins, I went ahead and installed a fresh version of Umbraco v 7.3.3 and used the Umbraco TXT Responsive Starter Kit.
When I browse to any page that has an image those images do not load because for some reason the new version (7.3.3) of Umbraco is issuing "cmd.exe" commands against jpg's and png's as far as my research has indicated. To help narrow this down my hosting provider tried to load an image directly such as http://domain.com/media/SampleImages/1060/pic02.jpg while running a procmon
And the following is received from IIS :
[Win32Exception (0x80004005): This program is blocked by group policy. For more information, contact your system administrator] System.Diagnostics.Process.StartWithCreateProcess(ProcessStartInfo startInfo) +1789 System.Diagnostics.Process.Start() +6814726 ImageProcessor.Web.PostProcessor.PostProcessor.RunProcess(String sourceFile, Int64 length) +325 ImageProcessor.Web.PostProcessor.
The associated process that kept this image from loading was :
w3wp.exe 6920 Process Create C:\Windows\SysWOW64\cmd.exe SUCCESS PID: 7708, Command line: "cmd" /c jpegtran -copy all -optimize -progressive "C:\Windows\TEMP\tmp42D9.jpg" "C:\Windows\TEMP\tmp42D9.jpg"
To reiterate, this is using the DEFAULT Umbraco install found here : https://our.umbraco.org/contribute/releases/733 and using the default starter kit. Full trust is enabled, and impersonation is enabled although it's interesting to note that it seems to be ignored and rather using the application pool user (this is another topic).
At this point I've reverted to backups of 7.2.1 as they load images fine and do not have this same problem. Any additional insight you have would be helpful regarding this.
Thanks, Matt
Certainly that's a plugin in IIS installed by your hosting provider that's doing that?
Umbraco definitely doesn't do this. :-)
Source has not mention of the jpegtran thing that is being executed: https://github.com/umbraco/Umbraco-CMS/search?utf8=%E2%9C%93&q=jpegtran
Sebastiaan,
Thanks for pointing that out. Upon further investigation It seems that Umbraco ships with a dll called ImageProcessor.dll. This dll is what is causing the the previous "cmd.exe" commands I've been mentioning. It appears I was able to track down the culprit here : https://github.com/JimBobSquarePants/ImageProcessor/blob/V2/src/ImageProcessor.Web/PostProcessor/PostProcessor.cs. As you can see line 48 calls method RunProcess which contains a reference to ProcessStartInfo("cmd"). You'll also see references to jpegtran on lines 150, and 153.
As workaround I'm currently commenting out the two references to the module "ImageProcessorModule" in the root web.config of my Umbraco installation.
one in system.web > httpModules
and another in system.webServer > Modules
Once I commented these out, my images began loading and I no longer was hitting my hosting providers security policy. Now that we know this I have a few questions.
My research shows you guys added these references back in release 7.1.6 (https://our.umbraco.org/contribute/releases/716/). According to that post if I don't have those references my images will be cropped?
Is this the cropping issue just one side affect of not making use of the "ImageProcessorModule"?
Is there any reason why you guys havn't looked into deploying version 3 of this image processor module? Version 3 does not appear to make use of "cmd.exe" which seemed a bit wonky to me to begin with.
Looking forward to your latest response!
Regards, Matt
Well... That's surprising!
You can downgrade to ImageProcessor.Web 4.3.6 which does not have this code in it.
The v3 branch of ImageProcessor is a complete rebuild for ASP.NET 5, the new version of .NET (currently in beta) and won't work on .NET 4.
Thanks for bringing this to our attention! I'll report the issue with James from ImageProcessor so that we can get it fixed and included in the next release of Umbraco.
Update: created issue here: https://github.com/JimBobSquarePants/ImageProcessor/issues/268
I think if you install the configuration package for ImageProcessor you can turn this off with the postProcess="false" setting in Processing.config, see here
Certainly worth a try!
@Jeavon nailed it.
http://imageprocessor.org/imageprocessor-web/configuration/#processingconfig
There's absolutely nothing "wonky" about using "cmd" to do what I am doing and I'd really rather you didn't describe it as such. What I am actually doing is implementing a more advanced version of what Mads Kristensen is doing in Azure Image Optimizer. It's a pretty standard concept.
http://madskristensen.net/post/automatic-optimization-of-images-css-and-javascript
There's extensive documentation for ImageProcessor including documentation on the post processor and configuration. I encourage you to read it.
V3, As, described clearly in the readme, is an attempt at building a cross platform graphics library that will support Corefx. If you had read that readme or looked at the source code. then you would have understood that there is not a module (ImageProcessor is a hell of a lot more than a simple HttpModule btw) in development yet.
Hi,
Thanks for considering the enhancement Sebastiaan suggested at https://github.com/JimBobSquarePants/ImageProcessor/issues/268.
Matt
is working on a reply...