System information
Adobe documentation - Confidential
Servlet Mapping
Servlet
Purpose
/rest/*
CFRestServlet
Used for rest web services
*.hbmxml
CFForbiddenServlet
Used to prevent serving Hibernate mapping
files. This should not be removed.
/cfform-internal/*
CFInternalServlet
Required for flash forms <cfform
format=flash>, can be commented out if
not needed.
*.cfswf
CFSwfServlet
Dynamically generated swf files from flash
forms, can be commented out if flash forms
are not needed.
*.as
*.sws
*.swc
CFForbiddenServlet
Used to prevent serving ActionScript / Flash
source code.
/WSRPProducer/*
WSRPProducer
Allows you to publish portlets over Web
Services for Remote Portlet (WSRP). Can be
commented out if you do not publish
portlets over WSRP.
To remove a servlet mapping, you can comment it out using an XML comment <!-- xml comment --> for
example to disable the RDS servlet mapping:
<!--
<servlet-mapping id="coldfusion_mapping_9">
<servlet-name>RDSServlet</servlet-name>
<url-pattern>/CFIDE/main/ide.cfm</url-pattern>
</servlet-mapping>
-->
Restart ColdFusion and test your application after commenting out servlet mappings.
Additional Tomcat Security Considerations
Consult the Tomcat 7 Security Considerations document (
http://tomcat.apache.org/tomcat-7.0-
doc/security-howto.html) for additional tomcat specific security settings.
Additional File Security Considerations
Pay careful attention to the file permissions of sensitive configuration files located in
{cf.instance.home}/lib/ such as password.properties, seed.properties and all neo-*.xml files. In addition
Adobe documentation - Confidential