Adobe® ColdFusion® 10 Server Lockdown Guide
Adobe® ColdFusion® 10 Server Lockdown Guide Adobe® ColdFusion® 10 Server Lockdown Guide
CFFileServlet /CFFileServlet/* 6.10 Disabling Remote CFC Invocation The CFCServlet is used to serve SOAP web service requests, remote CFC method invocation (eg file.cfc?method=doSomething), AIR synchronization, and flash remoting. If you do not require these features you can change the servlet mappings that point to the CFCServlet to the CFForbiddenServlet. Change the servlet mappings: CFCServlet *.cfc/* CFCServlet *.cfc Change to the following: CFForbiddenServlet *.cfc/* CFForbiddenServlet *.cfc 80
Note: it is important that you do not delete these mappings, as this will allow your CFC source code to be downloaded. 81
- Page 29 and 30: Create a user for ColdFusion to run
- Page 31 and 32: SSLRequireSSL The above requires t
- Page 34 and 35: Do not install ColdFusion 10 ODBC S
- Page 36 and 37: Select an install directory, a non-
- Page 39 and 40: Choose a strong password and unique
- Page 41 and 42: Section 4 - Post ColdFusion Install
- Page 43 and 44: 4.1.3 Specify Log On User for ColdF
- Page 45 and 46: When the ColdFusion IIS connector i
- Page 47 and 48: 4.1.8 Remove Unused Handler Mapping
- Page 49 and 50: without these settings enabled so y
- Page 51 and 52: -bin /usr/sbin/httpd \ -script /etc
- Page 53 and 54: # cp jvm.config jvm.config.backup T
- Page 55 and 56: connectionTimeout="20000" redirectP
- Page 57 and 58: Section 5: ColdFusion Administrator
- Page 59 and 60: Setting Default Recommendation Desc
- Page 61 and 62: Setting Default Recommendation Desc
- Page 63 and 64: 5.2 Server Settings > Request Tunin
- Page 65 and 66: 5.3 Server Settings > Client Variab
- Page 67 and 68: Setting Default Recommendation Desc
- Page 69 and 70: 5.8 Debugging & Logging > Debug Out
- Page 71 and 72: 5.11 Event Gateways > Settings Sett
- Page 73 and 74: 5.15 Security > Allowed IP Addresse
- Page 75 and 76: Section 6: ColdFusion Server Servic
- Page 77 and 78: JWS Files are Java Web Services fil
- Page 79: If you are not using the cfreport y
- Page 83 and 84: Section 7: Patch Management Procedu
- Page 85 and 86: Appendix B: List of Acronyms Acrony
- Page 87: Written by Pete Freitag For more in
Note: it is important that you do not delete these mappings, as this will allow your CFC source code to be<br />
downloaded.<br />
81