Remove the CFIDE directory mappings from the web site in IIS Administrator. Create a new web site mapping for just CFIDE; map it to a non-standard port or a subdomain, i.e. cfadmin.mydomain.com; then remove anonymous access in the directory security tab, assigning instead named users with secure passwords.
Pete On Mon, 17 Jan 2005 18:29:58 +0800, James Holmes <[EMAIL PROTECTED]> wrote: > The easy way to achieve this is to restrict the IPs to which the webserver > will respond. > > -----Original Message----- > From: John Munyan [mailto:[EMAIL PROTECTED] > Sent: Saturday, 15 January 2005 5:33 > To: CF-Talk > Subject: SOT: Securing CF Admin > > Hi, I have been searching around the internet looking for how best to secure > cfadmin. The prescribed method is to either remove cfadmin, or to protect > it via file level security. Is there a cf-talk best practice for this, > lessons learned etc. I would certainly love to hear how others have locked > this down. It would be ideal if it could be run local to the ColdFusion > box, but not remotely. Any luck with such a configuration? The server > itself with w2k3 iis6. > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Logware: a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:190702 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
