Adobe® ColdFusion® 10 Server Lockdown Guide
Adobe® ColdFusion® 10 Server Lockdown Guide
Adobe® ColdFusion® 10 Server Lockdown Guide
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
URI Purpose Safe to Block<br />
/cffileservlet Serves dynamically generated<br />
assets. It supports the cfreport,<br />
cfpresentation, and cfimage<br />
(with action=captcha and<br />
action=writeToBrowser) tags<br />
/rest Used for CF<strong>10</strong> Rest web<br />
services support.<br />
/WSRPProducer Web Services Endpoint for<br />
WSRP.<br />
.svn If you use subversion to deploy<br />
your ColdFusion applications<br />
you can block the .svn folders,<br />
which may allow source code<br />
disclosure.<br />
2.2.9 Create a Website For ColdFusion Administrator<br />
Only if cfreport, cfpresentations<br />
and cfimage are not used.<br />
Only if CF<strong>10</strong> REST web services<br />
are not used.<br />
Usually, unless WSRP is used.<br />
First create a self signed certificate (or preferably utilize a certificate from a trusted certificate authority) by<br />
clicking on the <strong>Server</strong> Certificates icon under the IIS root. Click on the link to Create Self-Signed Certificate<br />
on the right.<br />
Create an empty directory for the web site root of the ColdFusion administrator web site (eg f:\web\cfadmin\)<br />
Yes<br />
23