There are some organizations like DISA/DOD that require when using IIS 7/7.5/8 that you set the Request Filtering -> File Name Extensions -> Edit Features Settings -> Allow unlisted file name extensions to be disabled. This then forces you to add every single file extension type needed as an Allow entry in the File Names Extensions section for them to run. I wanted to make this post because it's easy to miss one of the items required which will then result in the system not functioning as expected. There are several obvious ones as without them allowed the CFIDE will not load at all. However if you miss the .js item you run into issues. The system will continuously inform you that your password is invalid when it really is not. Unlike all of the others the lack of .js will not show itself visually except that all menu items are pre-colapsed and you can't login via username/password making you have to bypass security.
Here is the list of items needed to get the CFIDE running under this locked down scenario.
- . (just a period by itself, this is required to allow default documents to load)
- .cfc
- .cfm
- .dll
- .gif
- .jpg
- .js
1
Reply
AdChoices