Skip to main content
D
danlbn
Participating Frequently
October 10, 2023
Question

Secure  CFIDE admin cf 2023

  • October 10, 2023
  • 1 reply
  • 237 views

Is there a way to restrict access to  CFIDE admin in docker containter in CF 2023? Mapping or using special port?

 

    This topic has been closed for replies.

    1 reply

    Charlie Arehart
    Community Expert
    Charlie ArehartCommunity Expert
    Community Expert
    October 10, 2023

    First note that there is the "allowed ip addresses" page in the security section of the cf admin, which can be configured to limit who can access the admin.  (And as you may know, the cf images support configuring that via automation using car files or a json file created with cfsetup.) 

     

    Second, if you setup a web server to front your cf container (like nginx or others), those could forward to the cf built-in web server...and they offer rules that can block requests to the CFIDE folder. 

     

    I offer an example of that in my "awesome cf compose" repository at github. See specifically 

     

    "ColdFusion with nginx web server" 

    at

    https://github.com/carehart/awesome-cf-compose

     

    There are still other possibilities but let's see if either of these will suffice for you. 

    /Charlie (troubleshooter, carehart. org)
    D
    danlbnAuthor
    Participating Frequently
    October 11, 2023

    Thank you for your answer.

    I'm deploying my project on AWS and managed to restrict access with load balancer.

    I wonder if there is a direct way restart Coldfusion server in the Docker container without accessing the container containt that is not easy on EC2!

    Charlie Arehart
    Community Expert
    Charlie ArehartCommunity Expert
    Community Expert
    October 11, 2023

    In wishing you could resatrt the container "without accessing it", are you asking for something cf might offer specifically? Because there certainly are ways that aws would let you restart ANY container, depending on which of the many dozen ways aws offers to deploy containers. Are you saying you prefer not to use that aws-provided means? If not, tell us why not, and perhaps we can offer an alternative solution.

     

    And yep, using an lb or any proxy fronting then cf container would be another way to restrict access to sensitive parts of a web site. 

    /Charlie (troubleshooter, carehart. org)
    Terms & ConditionsAccessibility statement
    Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices