put an Application.cfc in that directory and add code in onRequestStart method in it to check for cgi.server_name or cgi.http_host ( or for getPageContext().getRequest().getServerName() ) and abort the request (and maybe return a 403 header) if the domain the request is coming from is not allowed.
Azadi Saryev Sabai-dee.com http://www.sabai-dee.com/ On 02/06/2009 23:58, Peter Boughton wrote: > Well, the user wont be authenticated, because the point is to block this > directory completely on this site (it will be accessed via an entirely > different domain/port). > > But I think the login prompt that displays with anonymous access disabled is > a good enough block, (even though a straight 403 would be better). > > Thanks. > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:323099 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
