securing cf administrator from internet access

Forum|Forum|16 years ago
February 14, 2009
4 replies
969 views

How do you prevent the CF admin console from being accessed from the internet?

This topic has been closed for replies.

Correct answer Newsgroup_User

dspent wrote:
> How do you prevent the CF admin console from being accessed from the internet?

Move the CFIDE directory to a separate virtual host that can be locked
down (accessible only from certain IP's for example). If you're using
CFFORM, CFDIV, etc copy the scripts directory from CFIDE to your sites
(or make an alias to the scripts directory in your sites).

--
Mack

A

Anonymous

Putting this in incase someone searches on it...

There is a caveat to this method. If you're running CF Enterprise in multi server mode, removing the CFIDE virtual mapping from IIS won't stop someone from getting to /cfide/administrator. CF still picks up the mapping and will serve the admin pages.

I've found writing a rule in ISAPI_ReWrite a good solution in this instance.

Also, setting NTFS privs on said administrator (and adminapi) will add an additional layer of security to the whole thing.

O

Outside5 Ltd

Inspiring

Sorry posted in the wrong thread.

A

Anonymous

Thanks... using this info I simply had to deny all access to the CFIDE directory using the web server and permit only the local host address access.

N

Newsgroup_UserCorrect answer

Inspiring

dspent wrote:
> How do you prevent the CF admin console from being accessed from the internet?

Move the CFIDE directory to a separate virtual host that can be locked
down (accessible only from certain IP's for example). If you're using
CFFORM, CFDIV, etc copy the scripts directory from CFIDE to your sites
(or make an alias to the scripts directory in your sites).

--
Mack

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded