Manualshelf

System information

ManualsBrandsMACROMEDIA ManualsComputer equipmentCOLDFUSION 5 - INSTALING AND CONFIGURING SERVER
61626364656667686970
Adobe documentation - Confidential
Blocking by File Extension on IIS
Click on the root node of IIS and then double click Request Filtering. Click on the File Name Extensions
tab, and then click Deny File Name Extension in the Actions menu on the right. Add a file name extension
including the dot and click ok.
File Extension Whitelisting
A more robust solution is to specify a whitelist of allowed file extensions, and block the rest. For
example allow only .cfm .css .js .png and block anything else. Your application may require additional
extensions.
File Extension Whitelisting on IIS
Click on the root node of IIS and then double click Request Filtering. Click on the File Name Extensions
tab, and then click Allow File Name Extension. Allow each file extension your sites serve (for example
cfm, css, js, png, html, jpg, swf, ico, etc).
You must also ensure that the .dll file extension is allowed in the /jakarta virtual directory in order
for ColdFusion resources to be served.
Optionally Remove ASP.NET
Once you have all websites configured in IIS, you may consider removing the IIS Role Services: ASP.NET,
.NET Extensibility and CGI which are required by the connector installer, however may not be needed at
runtime.
If you are running the IIS WebSocket proxy then ASP.NET support is required and should not be
removed.
This approach while it may provide additional security by allowing removal of unused software, does
have two drawbacks. First this is not a procedure that is officially documented or supported by Adobe,
Adobe does not test without these settings enabled so you may encounter something unexpected.
Second when a ColdFusion update is released for the connector or if you want to add/update/delete an
IIS connector you must re-enable these role services before updating the connector.
Change the Tomcat Shutdown Port
Tomcat listens on a TCP port (8007 by default, may differ if multiple instances) for a SHUTDOWN
command. When the command is received on the specified port the server will shutdown.
Edit the file {cf.instance.home}/runtime/conf/server.xml and locate the line similar to:
Adobe documentation - Confidential