securing cf administrator from internet access

Report · Feb 14, 2009

How do you prevent the CF admin console from being accessed from the internet?

Report · Feb 14, 2009

dspent wrote:
> How do you prevent the CF admin console from being accessed from the internet?

Move the CFIDE directory to a separate virtual host that can be locked
down (accessible only from certain IP's for example). If you're using
CFFORM, CFDIV, etc copy the scripts directory from CFIDE to your sites
(or make an alias to the scripts directory in your sites).

--
Mack

Report · Feb 19, 2009

Thanks... using this info I simply had to deny all access to the CFIDE directory using the web server and permit only the local host address access.

Report · Feb 20, 2009

Sorry posted in the wrong thread.

Report · Feb 26, 2009

Putting this in incase someone searches on it...

There is a caveat to this method. If you're running CF Enterprise in multi server mode, removing the CFIDE virtual mapping from IIS won't stop someone from getting to /cfide/administrator. CF still picks up the mapping and will serve the admin pages.

I've found writing a rule in ISAPI_ReWrite a good solution in this instance.

Also, setting NTFS privs on said administrator (and adminapi) will add an additional layer of security to the whole thing.

securing cf administrator from internet access

1 Correct answer