Adobe® ColdFusion® 10 Server Lockdown Guide
Adobe® ColdFusion® 10 Server Lockdown Guide
Adobe® ColdFusion® 10 Server Lockdown Guide
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Table 2.2.8.1 : CFIDE URIs<br />
Additional URI Sequences to consider blocking:<br />
URI Purpose Safe to Block<br />
Application.cf Block Application.cfc and<br />
Application.cfm requests which<br />
result in an error when accessed<br />
directly.<br />
WEB-INF WEB-INF contains configuration<br />
data used by the java<br />
application server. The Tomcat<br />
connector will block this already,<br />
but you can block it at the web<br />
server level as well.<br />
/cfformgateway Used for Only if Flash Forms are not<br />
used.<br />
/flex2gateway Flex Remoting Only if Flex Remoting is not<br />
used.<br />
/cfform-internal Used for Only if Flash Forms are not<br />
used.<br />
/flex-internal Flex Remoting Only if Flex Remoting is not<br />
used.<br />
Yes<br />
Yes<br />
22