How does one disable the built-in web server?

Question

In my case an Adobe tech enabled the built-in web server for some sort of testing and left it enabled. I would like to once again disable it to limit the attack surface as I can see it is getting some hits by an internal vulnerability scanner on our network.

Where is the config file and specific setting to disable only the built-in web server?

The undesirable change made to the built-in web server is referenced in this forum entry: http://forums.adobe.com/message/4388179

Anit_Kumar · Accepted Answer

Adding to Miguel-F's information, in case you are using ColdFusion 9 then, only adding the below code, in the section above will serve the purpose.true

Miguel-F · Answer

From the post that you referenced it appears that you are running ColdFusion 9. I would suggest that you read the ColdFusion server lockdown guide written by Pete Freitag. http://wwwimages.adobe.com/www.adobe.com/content/dam/Adobe/en/products/coldfusion/pdfs/91025512-cf9-lockdownguide-wp-ue.pdfFrom that document:Remove the JRun web server on the cfusion instanceWhen you install ColdFusion, it sets up the JRun web server running on port 8300. This is not needed and should be disabled. Back up the {cf.install.root}/servers/cfusion/SERVER-INF/jrun.xml file, and then remove the following: 25 500 * false 1000 1 8300 300 300You must remove this information for each ColdFusion instance created.

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded