You can add application.cfm or Application.cfc to the folder and <cfabort> any request. that will ensure that no cfm file is executed
On Thu, Aug 20, 2009 at 11:21 AM, Philip Kaplan <pkap...@gmail.com> wrote: > > I'm allowing people to FTP-upload into one of my web server directories, > but > I don't want them to be able to upload and run cfm (or asp, etc) scripts. > > I right-clicked on the directory in IIS and changed "execute permissions" > to > "none," but it seems the cfm files in that directory are still running. > > Here's an example: > http://hitmelater.com/affiliate/index.cfm > > Any ideas? > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:325569 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
