Adobe® ColdFusion® 10 Server Lockdown Guide
Adobe® ColdFusion® 10 Server Lockdown Guide Adobe® ColdFusion® 10 Server Lockdown Guide
Next click on Sites and Add Web Site to create a new website for ColdFusion Administrator, point the web root or content directory to the directory you just created. Bind the new site to 127.0.0.1 (or another IP address only accessible to system administrators). Select HTTPS for the protocol, and select the self signed certificate. Consider disabling anonymous access to this site and require web server authentication for an additional layer of protection and auditing. Next Require SSL Connections for this website by double clicking on the SSL Settings icon for the cfadmin website: 24
Select Require SSL and Require 128-bit SSL and click Apply. Visit https://127.0.0.1/ and ensure that it requires SSL and authentication. Remove Request Filtering Rule for ColdFusion Administrator Site Because we have specified that the URI /CFIDE/administrator is blocked on a global level using IIS Request Filtering, we need to enable that URI only on our cfadmin web site. To do this click on the cfadmin website under sites, and click on Request Filtering. Select the URL tab and click on the rule matching /CFIDE/administrator and click the Remove button. 25
- Page 1 and 2: Adobe ColdFusion 10 Server Lockdown
- Page 3 and 4: Section 2: Installation Prerequisit
- Page 6 and 7: Next create a new user for the IIS
- Page 8 and 9: In the Advanced Security Settings D
- Page 10 and 11: User / Group Permissions cfusion (Y
- Page 12 and 13: Next Click Add Roles, and select th
- Page 14 and 15: Review the list of Role Services an
- Page 16 and 17: Under Process Model change the Iden
- Page 18 and 19: URI Purpose Safe to Block /CFIDE/ad
- Page 20 and 21: CFIDE/ServerManager Contains the AI
- Page 22 and 23: Table 2.2.8.1 : CFIDE URIs Addition
- Page 27 and 28: 2.3 Prerequisites for a RedHat Ente
- Page 29 and 30: Create a user for ColdFusion to run
- Page 31 and 32: SSLRequireSSL The above requires t
- Page 34 and 35: Do not install ColdFusion 10 ODBC S
- Page 36 and 37: Select an install directory, a non-
- Page 39 and 40: Choose a strong password and unique
- Page 41 and 42: Section 4 - Post ColdFusion Install
- Page 43 and 44: 4.1.3 Specify Log On User for ColdF
- Page 45 and 46: When the ColdFusion IIS connector i
- Page 47 and 48: 4.1.8 Remove Unused Handler Mapping
- Page 49 and 50: without these settings enabled so y
- Page 51 and 52: -bin /usr/sbin/httpd \ -script /etc
- Page 53 and 54: # cp jvm.config jvm.config.backup T
- Page 55 and 56: connectionTimeout="20000" redirectP
- Page 57 and 58: Section 5: ColdFusion Administrator
- Page 59 and 60: Setting Default Recommendation Desc
- Page 61 and 62: Setting Default Recommendation Desc
- Page 63 and 64: 5.2 Server Settings > Request Tunin
- Page 65 and 66: 5.3 Server Settings > Client Variab
- Page 67 and 68: Setting Default Recommendation Desc
- Page 69 and 70: 5.8 Debugging & Logging > Debug Out
- Page 71 and 72: 5.11 Event Gateways > Settings Sett
- Page 73 and 74: 5.15 Security > Allowed IP Addresse
Select Require SSL and Require 128-bit SSL and click Apply.<br />
Visit https://127.0.0.1/ and ensure that it requires SSL and authentication.<br />
Remove Request Filtering Rule for ColdFusion Administrator Site<br />
Because we have specified that the URI /CFIDE/administrator is blocked on a global level using IIS<br />
Request Filtering, we need to enable that URI only on our cfadmin web site. To do this click on the cfadmin<br />
website under sites, and click on Request Filtering. Select the URL tab and click on the rule matching<br />
/CFIDE/administrator and click the Remove button.<br />
25
Change language