I may be late to the party. But, I tried this and my server produced: Forbidden
You don't have permission to access /*.cfm on this server. Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request. ------------------------------ Apache/2.0.54 (Win32) JRun/4.0 PHP/5.0.1 Server at www.somewhere.com<http://www.somewhere.com>Port 80 On 10/7/05, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > I heard a challenge from a security consultant that "if you are using > ColdFusion you do not have a secure server." He maintains that CF is full of > things a hacker can access. For example he gave the following example. If > you attempt to open a CF website with the following command it will generate > an error message that gives you the IP address of the CF server: > > sitename.org/*.cfm <http://sitename.org/*.cfm> > > I tried this on a wide variety of sites and found that most CF sites > return the error with the IP address. Some, however appear to trap this > error somehow. > > What should be done on a CF server to prevent that type of error exposing > the IP address of a CF server? > > This error is occuring prior to the execution of an application.cfm file > in the host root directory so you cannot programatically trap it. > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Sams Teach Yourself Regular Expressions in 10 Minutes by Ben Forta http://www.houseoffusion.com/banners/view.cfm?bannerid=40 Message: http://www.houseoffusion.com/lists.cfm/link=i:10:5583 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/10 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:10 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.10 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
