Can you use a firewall rule in a hardware firewall? That would be my first thought.
You can code an IP address restriction on the ColdFusion server using a few lines of code. Just check the cgi variable against an accepted list. You could embed an encrypted token in all client-server requests. You could embed the IP address in that token, and check it when you decrypt it on the server. You can set up IP address restrictions on folders inside of IIS, although I am not sure if the remoting feature will obey those rules. Just a few ideas. -Mike Chabot On Nov 6, 2007 4:32 AM, Tom Chiverton <[EMAIL PROTECTED]> wrote: > On Thursday 01 Nov 2007, Tom Chiverton wrote: > > Is there a way in CF8 to restrict only certain IP address to connect to the > > default ColdFusion remoting destination ? > > No one ? > So the only think that stands betwen a live CF8 server without a public /CFIDE > mapping but with the default remoting destination (required for the server > monitor/auto recovery) and a DoS attack is the need to crack the admin > username and/or password ? And there's no rate limiting applied to the number > of guess I can make at once, or in total ? > > -- > Tom Chiverton > Helping to economically administrate B2B synergies > on: http://thefalken.livejournal.com > > **************************************************** > > This email is sent for and on behalf of Halliwells LLP. > > Halliwells LLP is a limited liability partnership registered in England and > Wales under registered number OC307980 whose registered office address is at > St James's Court Brown Street Manchester M2 2JF. A list of members is > available for inspection at the registered office. Any reference to a > partner in relation to Halliwells LLP means a member of Halliwells LLP. > Regulated by The Solicitors Regulation Authority. > > CONFIDENTIALITY > > This email is intended only for the use of the addressee named above and may > be confidential or legally privileged. If you are not the addressee you must > not read it and must not use any information contained in nor copy it nor > inform any person other than Halliwells LLP or the addressee of its existence > or contents. If you have received this email in error please delete it and > notify Halliwells LLP IT Department on 0870 365 8008. > > For more information about Halliwells LLP visit www.halliwells.com. > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| ColdFusion is delivering applications solutions at at top companies around the world in government. Find out how and where now http://www.adobe.com/cfusion/showcase/index.cfm?event=finder&productID=1522&loc=en_us Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:292786 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
