Manualshelf

System information

ManualsBrandsMACROMEDIA ManualsComputer equipmentCOLDFUSION 5 - INSTALING AND CONFIGURING SERVER
61626364656667686970
Adobe documentation - Confidential
Additional Lockdown Measures
The steps outlined in this section can provide additional security but may require special care or
attention to configure and maintain.
Configure or Disable the Builtin Web Server
When you installed ColdFusion it setup the Tomcat web server running on a port selected at installation
(8500 is the default). If you have configured a dedicated website for the ColdFusion Administrator in
Apache or IIS then the builtin web server is no longer needed and should be disabled. If you plan on
using the builtin web server to access ColdFusion administrator you will need to create an alias for
/CFIDE/scripts if you changed the Default Script Src setting in ColdFusion administrator.
Web servers like Apache or IIS are generally easier to configure than the builtin web server. It is more
difficult, but still possible to setup features such as SSL, HTTP authentication, and auditing using the
builtin web server.
To Disable the Builtin Web Server
Backup and edit the {cf.instance.root}/runtime/conf/server.xml file, and remove or comment out the
Connector tag similar to the following:
<!--<Connector executor="tomcatThreadPool" maxThreads="50"
port="8500"
protocol="org.apache.coyote.http11.Http11Protocol"
connectionTimeout="20000"
redirectPort="8445" />-->
This must be repeated for each ColdFusion instance created.
Restart ColdFusion and confirm that the server port is disabled.
Important: You must use XML comments with two dashes <!-- xml comment --> if you use a CFML
comment (3 dashes) <!--- cfml comment ---> ColdFusion may not start.
To Create a new Alias for /CFIDE/scripts in the built-in web server
If you plan to use the built-in web server for accessing ColdFusion administrator then you must also add
an alias by adding a Context tag inside the Host tag of server.xml located:
/opt/cf11/cfusion/runtime/conf/server.xml
<Context path="/"
docBase="/opt/cf11/cfusion/wwwroot"
WorkDir="/opt/cf11/cfusion/runtime/conf/Catalina/localhost/tmp"
aliases="/cfscripts=/opt/cf11/cfusion/wwwroot/CFIDE/scripts" />
Restart ColdFusion, then test by visiting /cfscripts/cfform.js on your builtin server.
Adobe documentation - Confidential