System information
Adobe documentation - Confidential
<Server port="8007" shutdown="SHUTDOWN">
Change 8007 to -1 to disable this feature, or to random port number. Tomcat should only listen on
127.0.0.1 for this port, however you should also ensure that your firewall does not allow external
connections to this port.
Also consider changing the shutdown command, that is the value of the shutdown attribute of the
Server tag. This string is essentially a password used to shut down the server locally when the port is
enabled.
Next look in: {cf.instance.home}/bin/port.properties and edit the following line to
match server.xml port value:
SHUTDOWN=8007
Ensure that global read permission is denied for both these files.
Please note: Changing the port setting may cause the shutdown of the ColdFusion Service on Windows
to fail, you may need to kill the process manually to stop ColdFusion. The Linux shutdown script should
still work properly when the port is changed.
Add a connector shared secret
Specify a shared secret for the AJP connector by editing
{cf.instance.home}/runtime/conf/server.xml
Look for a line similar to:
<Connector port="8012" protocol="AJP/1.3" redirectPort="8445"
tomcatAuthentication="false" />
Add a requiredSecret attribute with a random strong password:
<Connector port="8012" protocol="AJP/1.3" redirectPort="8445"
tomcatAuthentication="false" requiredSecret="yourSecret" />
Next edit the corresponding workers.properties file,
{cf.home}/config/wsconfig/1/workers.properties and add a line:
worker.cfusion.secret=yourSecret
Please note: If you add, update or reinstall your web server connector you will need to update the
workers.properties file with the shared secret again.
Disable Unused Servlet Mappings
Adobe documentation - Confidential