MACROMEDIA COLDFUSION 5 - INSTALING AND CONFIGURING SERVER Informações Técnicas descarregar pdf (Página 67)

Adobe documentation - Confidential

Consider adding additional URIs to this file (see table 2.10.1 and 2.10.2), also consider restricting all of

/CFIDE to a set of IP addresses:

*/CFIDE/*=127.0.0.1,::1

Repeat this section for each connector.

Lockdown File Extensions

ColdFusion provides a number of capabilities that are not used commonly which can be blocked. A good

example of this is JSP file execution. Here is a list of file extensions that usually can be blocked (check

with developers first):

File Extension

Purpose

Safe to Block

.cfml

Executes CFML templates (same

as .cfm files)

The .cfml file is not typically used by

developers, if you don’t use .cfml block this

file extension.

.jsp

JavaServer Pages

Yes, if your applications do not require JSP.

.jws

Java Web Services - allows you

to easily write and deploy SOAP

web services in Java similar to a

CFC.

Yes if not used.

.cfr

CFReport Files

Yes if cfreport is not used.

.cfswf

Dynamically generated swf files

from flash forms.

Yes if flash forms are not used.

.hbmxml

Hybernate XML mappings

Yes this should always be blocked.

Blocking by File Extension with Apache

To block .cfml, .jsp, .jws and .hbmxml files add the following to your Apache httpd.conf file:

Order Deny,Allow

Deny from all

</FilesMatch>

Restart apache and create a test.cfml file to confirm that the rule is working.

Adobe documentation - Confidential

1 2 ... 62 63 64 65 66 67 68 69 70 71 72 ... 76 77

Comentários a estes Manuais

Sem comentários

MACROMEDIA COLDFUSION 5 - INSTALING AND CONFIGURING SERVER Informações Técnicas Página 67

Comentários a estes Manuais

Manuais e produtos relacionados com Servidores MACROMEDIA COLDFUSION 5 - INSTALING AND CONFIGURING SERVER