Manualshelf

System information

ManualsBrandsMACROMEDIA ManualsComputer equipmentCOLDFUSION 5 - INSTALING AND CONFIGURING SERVER
61626364656667686970
Adobe documentation - Confidential
To Configure the Builtin Web Server to listen on a single IP Address
By default the connector will listen on all IP addresses. To configure the builtin web server to only listen
on a single address (for example 127.0.0.1) locate the <Connector /> in
{cf.instance.root}/runtime/conf/server.xml with a port attribute matching the port your builtin web
server is running on, add an address attribute. For example:
<Connector address="127.0.0.1" ...>
Restart ColdFusion and confirm that the builtin web server now only listens on the specified address.
See https://tomcat.apache.org/tomcat-7.0-doc/config/http.html
for more information.
Configure Sandbox Security
Login to the ColdFusion administrator and select Enable Sandbox Security from the Security > Sandbox
Security page.
Configure sandboxes for each site, or high risk portions of each site. Using the principal of least privilege
deny access to any tags, functions, datasources, file paths, and IP / ports that do not need to be
accessed by code in the particular sandbox.
The sandbox path of the requested CFM / CFC is the active sandbox for all code executed in a particular
request.
Lockdown IIS Connector Virtual Directories
Important: If you perform the configuration specified here you will need to repeat it anytime connectors
are reinstalled, updated or added.
The ColdFusion connector for IIS will create a virtual directory /jakarta which points to
{cf.root}/config/wsconfig/n/ where n is some integer for each connector instance. This virtual directory
is used to execute the isapi_redirect.dll file.
In IIS browse to Sites and then click on a jakarta virtual directory. Double click on Request Filtering, click
Allow File Name Extension and allow the .dll file extension. Next click on Edit Feature Settings and
uncheck Allow unlisted file name extensions. This will block all requests except those mapped to a dll
file.
Next edit the iprestrictions.properties file located in each wsconfig connector directory, and specify IP
addresses that are allowed to access certain URIs, for example:
*/CFIDE/main/ide.cfm=127.0.0.1
*/CFIDE/adminapi/*=127.0.0.1
*/CFIDE/administrator/*=127.0.0.1
*/CFIDE/componentutils/*=127.0.0.1
*/CFIDE/wizards/*=127.0.0.1
*/CFIDE/ServerManager/*=127.0.0.1
Adobe documentation - Confidential