• Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0

iprestriction.properties removed from CF11 Update 3?

Participant ,
Dec 18, 2014 Dec 18, 2014

Copy link to clipboard

Copied

In CF11, Update 1, & Update 2 in the CF11\config\wsconfig\#\ folder there was a file called iprestriction.properties that contained the following;

*/CFIDE/main/ide.cfm=*

*/CFIDE/adminapi/*=*

*/CFIDE/administrator/*=*

*/CFIDE/componentutils/*=*

*/CFIDE/wizards/*=*

*/CFIDE/ServerManager/*=*

After updating to CF11 Update 3 and then rebuilding one of the connectors that file has been removed along with the reference to it in the isapi_redirect.properties file.

Was this done on purpose or was this a regression because it looks to contain security related settings?

Views

889

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines

correct answers 1 Correct answer

Explorer , Jan 06, 2015 Jan 06, 2015

@Leith, removal of the IP Restrictions file does not pose any security concerns.

In my previous comment, I mention that IPRestrictions (if your environment requires its use), must be defined in Apache Web Server (NOT the one inside ColdFusion), or IIS.

Votes

Translate

Translate
Community Expert ,
Dec 21, 2014 Dec 21, 2014

Copy link to clipboard

Copied

Leith, the same question was asked on the Adobe blog, and Immanuel Noel (from Adobe) replied saying: “the IPRestriction file has been removed. The best way to have IP restrictions in place, is to follow the "Access Control" workflows in Apache, and "IP Restrictions" in IIS.”

Comment at: http://blogs.coldfusion.com/post.cfm/coldfusion-11-update-3-and-coldfusion-10-update-15-are-available-now#comment-95EA1295-A1CA-AD70-F8457D10A0C256A7

I’ve not had a chance to investigate this any further (for instance, it’s not clear whether the security controls were simply moved elsewhere, which could make sense because this file like others in the connector directory were removed if the connector was rebuilt).

But I took note of his comment when I saw it, and so am passing it along to you.

/charlie


/Charlie (troubleshooter, carehart.org)

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Participant ,
Jan 05, 2015 Jan 05, 2015

Copy link to clipboard

Copied

Thank you for the information, I had not come across that reply in my searching for the answer to this.

Charlie Arehart wrote:

The best way to have IP restrictions in place, is to follow the "Access Control" workflows in Apache, and "IP Restrictions" in IIS.”

My only issue to this is I'm not an Apache admin, I don't run it, I've never run it, I don't know how to run it.  It also leaves me confused because is he referring to Apache Tomcat inside CF11 or Apache the web server as we run IIS and not Apache.  So I still view this as an issue because there's no documentation instructing me what I need to do to emulate this removed functionality.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Explorer ,
Jan 06, 2015 Jan 06, 2015

Copy link to clipboard

Copied

@Leith, removal of the IP Restrictions file does not pose any security concerns.

In my previous comment, I mention that IPRestrictions (if your environment requires its use), must be defined in Apache Web Server (NOT the one inside ColdFusion), or IIS.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Participant ,
Jan 06, 2015 Jan 06, 2015

Copy link to clipboard

Copied

Thank you, it was just disconcerting to see what looked like security related configuration vanish.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Jan 06, 2015 Jan 06, 2015

Copy link to clipboard

Copied

Just to be clear, Leith, you quote me below, but I was clear that I was quoting “i Noel”. That’s lost in how you’ve replied below so I just wanted to clarify for any interested.

Anyway, you say you use IIS so his references to Apache are lost on you, but he did also say you could use “"IP Restrictions" in IIS.”

I see he’s also offered other answers to you, so hopefully you are ok with things for now?

/charlie


/Charlie (troubleshooter, carehart.org)

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Participant ,
Jan 07, 2015 Jan 07, 2015

Copy link to clipboard

Copied

LATEST

Yes, once it was made clear the difference between restricting IPs (which we do do in IIS) and the block configuration from the file were made it answered my questions.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation