Once you have multiple web servers, things can get kind of ... weird. I'm not sure how you'd have intentionally set this up in the past - I can think of some ways, but they're kind of kludgy - and I'm not surprised it would break if you upgraded. And I'm not sure what value it provides to set it up that way anyway, although I'm guessing it has some value.
Let's say you installed CF in C:\ColdFusion2018 with the built-in web server (Tomcat), the default webroot "cfusion", and the default listening port for the cfusion app as TCP/8500. That means your CFIDE directory should be here:
C:\ColdFusion2018\cfusion\wwwroot\CFIDE
You should then be able to access the CF Administrator using this URL:
http://localhost:8500/CFIDE/Administrator/index.cfm
Then, when you run the web server configuration tool to install the webconfig connector, you'll be able to run CF through IIS, but that will have a different configuration than Tomcat's web server. By default, I think, CF 2021 will create an IIS filter that will block the /CFIDE/administrator directory entirely. (I'm not sure of that offhand but it seems reasonable. I don't know when that behavior was introduced, if it was at all.) In any case, the web server configuration tool will fiddle with IIS internals to specify one behavior or another. You can also fiddle with IIS internals after the fact, within the IIS management console or by editing one of the several XML files IIS uses for its configuration.
But what it sounds like you want to do is mess around with Tomcat internals. That's ok, but it's not really related to CF that much, so there's no setting in CF Administrator for that. Specifically, you're going to want to remove index.cfm from the list of <welcome-file> items under <welcome-file-list> in:
C:\ColdFusion2018\cfusion\wwwroot\WEB-INF\web.xml
It's near the bottom of the page, in mine it's on line 553. Make sure you keep a backup copy!
SIDEBAR: Let's talk about the lockdown guide and what it's for, for a minute. In general, the idea is to improve the security of your CF install. But what does that mean exactly? For different people it might mean different things. Do you want to expose the CF Administrator via IIS at all? Do you want to expose it via Tomcat to remote machines other than through RDP or explicit firewall rules? There isn't really a right answer to those questions. You have to figure out how security should work within your organization, and implement it accordingly. That's why there's a CF lockdown GUIDE instead of CF lockdown INSTRUCTIONS. If you use the lockdown tool built into the secure profile, someone else is going to make those choices for you, and I've always thought that was a bad idea unless you didn't know how to make those choices yourself. And if you did know how to make those choices yourself, you might be better off doing it manually anyway! A lot of them can be wrapped up in short scripts, etc.
Anyway, good luck!
Dave Watts, Eidolon LLC
1 Correct answer
3
Replies
AdChoices