Adobe® ColdFusion® 10 Server Lockdown Guide
Adobe® ColdFusion® 10 Server Lockdown Guide
Adobe® ColdFusion® 10 Server Lockdown Guide
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
SSLRequireSSL<br />
<br />
The above requires that mod_ssl and openssl are installed and configured.<br />
Finally lets require authentication for the /CFIDE/administrator URI, this will allow you to audit which<br />
administrators have made changes to the administrator settings. In this example we use Digest authentication,<br />
which requires a modern web browser (IE 6 and below may not work correctly) and mod_auth_digest<br />
installed on the server side. First we need to create a password file:<br />
# /usr/bin/htdigest -c /etc/httpd/cfadmin.digest.pwd cfadmins petefreitag<br />
The above command will create or overwrite password file in the specified location, and create a user named<br />
petefreitag in group cfadmins. To add more users omit the -c flag.<br />
Next lets specify permissions such that only root can write to this file, and apache can only read it:<br />
# chown root:apache /etc/httpd/cfadmin.digest.pwd<br />
# chmod 640 /etc/httpd/cfadmin.digest.pwd<br />
Now add the following to the httpd.conf file:<br />
<br />
AuthType Digest<br />
AuthName "cfadmins"<br />
AuthDigestProvider file<br />
AuthUserFile /etc/httpd/cfadmin.digest.pwd<br />
Require valid-user<br />
<br />
Restart Apache and visit https://localhost/CFIDE/administrator/ and ensure that you are prompted with a<br />
password, and that SSL is required. At this point since ColdFusion is not installed it should result in a 404 if<br />
authentication is successful.<br />
31