As long ad you do have a real cfide vdir in the site, which u need for ajax,.cfform etc anyway, then you wont have that problem.
Regards Russ Michaels www.michaels.me.uk www.cfmldeveloper.com - Free CFML hosting for developers www.cfsearch.com - CF search engine On Feb 22, 2013 4:53 PM, "Rick Root" <[email protected]> wrote: > > I see the discussion, but the solution, which is to review the Coldfusion > Lockdown Guide, isn't quite right for me because the lockdown guide makes > some assumptions - most importantly that you are running UNIX if you're > using Apache. > > <Location /CFIDE> only sort of works with Apache on Windows. Coldfusion > still seemed to respond to /cfide/administrator/index.cfm - because windows > is case insenstive. > > So, I decided to use the <Directory> block instead... but clearly, that's > not working for cfm requests. > > SO, I toyed around a little with LocationMatch instead and came up with > this: > > <LocationMatch /[cC][fF][iI][dD][eE]> > Order deny,allow > Deny from all > </LocationMatch> > > Blocking all requests to /CFIDE no matter what the case > > Then, in my specific virtual hosts, aliasing /CFIDE and using <Location > /CFIDE> there... > > This seems to prevent coldfusion from responding to any requests outside > the specified virtual hosts - and in those hosts will only respond to > requests using /CFIDE (all caps). > > Rick > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:354634 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
