"openBrowserURL" : "http://localhost/admin/login",
"trayicon": "/path/to/trayicon.png",
"ANYTHING_HERE" : "you want",
"THESE_ARE_ADDED" : "As environment variables to the server"
"url": "http://${runwar.host}:${runwar.port}/foobar.cfm",
"image": "/path/to/image.png"
"command":"code .", //command is run relative to webroot, for box commands begin command with `box`
"image": "/path/to/image.png"
"action":"openfilesystem",
"path":"./", //path is relative to your webroot
"image": "/path/to/image.png"
"args" : [ //can be a string or an array
"-XX:-CreateMinidumpOnCrash",
"--add-opens=java.base/java.net=ALL-UNNAMED"
"javaHome" : "/path/to/java/home",
"javaVersion" : "openjdk11"
"directoryBrowsing": true,
"gzipPredicate": "regex( '(.*).css' ) and request-larger-than( 500 )",
"/js": "C:/static/shared/javascript"
"404": "/path/to/404.html",
"500": "/path/to/500.html",
"default": "/path/to/default.html"
"welcomeFiles": "index.cfm,main.cfm,go.cfm",
"config": "/path/to/config.xml",
"statusPath": "/rewriteStatus",
"configReloadSeconds": 60
"userName1": "password1",
"path-suffix(/box.json) -> set-error(404)",
"path-prefix(.env) -> set-error(404)",
"path-prefix(/admin/) -> ip-access-control(192.168.0.* allow)",
"path(/sitemap.xml) -> rewrite(/sitemap.cfm)",
"disallowed-methods(trace)"
//3 ways to specify rulesFile
"rulesFile": "../secure-rules.json",
"rulesFile":"../rules/*.json",
"blockSensitivePaths": true,
"blockFlashRemoting": true
"restMappings": "/rest/*,/api/*",
"serverHomeDirectory": "",
"sessionCookieSecure": true,
"sessionCookieHTTPOnly": true,
"webXMLOverride" : "path/to/web.xml",
"webXMLOverrideForce" : false
"jarPath": "/path/to/runwar.jar",
"args" : [ //can be a string or an array
"WORKER_NAME": "MyWorker"
"ALLOW_UNESCAPED_CHARACTERS_IN_URL": true