I see the discussion, but the solution, which is to review the Coldfusion Lockdown Guide, isn't quite right for me because the lockdown guide makes some assumptions - most importantly that you are running UNIX if you're using Apache.
<Location /CFIDE> only sort of works with Apache on Windows. Coldfusion still seemed to respond to /cfide/administrator/index.cfm - because windows is case insenstive. So, I decided to use the <Directory> block instead... but clearly, that's not working for cfm requests. SO, I toyed around a little with LocationMatch instead and came up with this: <LocationMatch /[cC][fF][iI][dD][eE]> Order deny,allow Deny from all </LocationMatch> Blocking all requests to /CFIDE no matter what the case Then, in my specific virtual hosts, aliasing /CFIDE and using <Location /CFIDE> there... This seems to prevent coldfusion from responding to any requests outside the specified virtual hosts - and in those hosts will only respond to requests using /CFIDE (all caps). Rick ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:354630 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
