> How does the RDS feature work? Does it use a specific port > or just 80?
As Justin has said, RDS is handled just like all other CF requests - the web server receives the request, and has the CF service handle it, instead of handling it itself. The CF service then determines that it should be handled by RDS. So, by default, when you install CF on a web server, RDS requests use port 80, just like all other CF requests. Now, as Justin has also mentioned, you can limit RDS access to one or more specific virtual servers, listening on whatever ports you want them to listen on. However, it's not as simple as setting up a new virtual server; you have to configure the filesystem to allow RDS requests to one virtual server but not the other. To do this, you have to know how the web server decides that a specific HTTP request should be handled by the RDS service. That part, actually, is pretty simple; the web service looks for requests like this: GET /CFIDE/Main/ide.cfm .. Any such request is then handled by RDS. So, you need to make sure that, for the virtual server that you want to handle RDS, this request succeeds, but for the one that you don't, it fails. However, by default, if you're using IIS, this request would succeed for each virtual server. So, if you're using IIS, you need to configure the filesystem permissions appropriately. This means that, for all virtual servers that shouldn't allow RDS access, you need to make sure that the above GET request's path goes to an existing directory and file, but that the permissions on the directory and its files are such that the request will fail. Likewise, for the virtual servers that should allow RDS, you want the above path to go to an existing directory and file, and have the appropriate permissions to allow developers to access the file. Now, there's one last thing. By default, when you install CF 5, two directories are placed in your webroot (assuming you've chosen not to install documentation, and of course no one in their right mind would install the documentation on a publicly-accessible server, right?) Those two directories are /CFIDE and /Main. However, the installer is buggy - there should only be one directory, /CFIDE, with Main as a subdirectory (/CFIDE/Main). So, you'll need to actually create or move the Main directory as appropriate, to disable RDS connectivity for the virtual servers that shouldn't have it. By default, IIS doesn't check for the existence of a .cfm file before passing the request to the CF server, so even if the directory doesn't exist, RDS requests will be accepted! If you're using a web service other than IIS, you may have to jump through some of the same hoops, just to get RDS working in the first place. This stuff is covered in greater depth in Fig Leaf's "Securing CF Servers on Windows" course, if you're interested: http://training.figleaf.com/ > Should SSL be used on all RDS connections? Yes, if you're accessing them over the public internet and you're at all concerned with securing RDS access. Or, better yet, RDS should be turned off on production servers. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ voice: (202) 797-5496 fax: (202) 797-5444 ______________________________________________________________________ Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
