Twitter: raymondcamden

Address: Lafayette, LA, USA

ColdFusion 11 Lockdown Guide

05-15-2014 2,903 views ColdFusion 12 Comments

The excellent ColdFusion 11 Lockdown Guide has been released. You can view it here (PDF):


These comments will soon be imported into Disqus. To add a comment, use Disqus above.
  • Dana K #
    Commented on 05-15-2014 at 8:46 AM
    I'm glad they coordinated the release date with this on a much improved timeframe from last version!
  • ayhan #
    Commented on 05-15-2014 at 9:09 AM
    Adobe doesn't show coldfusion under products. Checked all products! Not even under web development!! Why are they still keeping? maybe they should sell to some company who can care!
  • Commented on 05-15-2014 at 9:13 AM
    This (the prominence on the home page) has been the same for many years. Yeah it sucks, but honestly, it hasn't "killed" CF yet and as we just released 2 major updates w/ 12 on the way, I'd not be too concerned about it.
  • ayhan #
    Commented on 05-15-2014 at 10:01 AM
    i know it hasn't killed. Just it really sucks that nobody gives s**t
  • Daniel Mejia #
    Commented on 06-24-2014 at 8:00 PM
    Back on topic. Pete suggests to install coldfusion on a separate partition and in a custom folder name (section 2.2). Then in section 2.11 he suggests to make the physical path of the cf admin site on another partition within the sites folder, ie: d:/sites/cfadmin-web/.

    However, the files for the admin site are installed in {cf-root}/cfusion/wwwroot/CFIDE. So I attempted to move the entire CFIDE to my new cfadmin folder under my sites partition.

    Ofcourse, now my admin site is throwing a 500.19 "Cannot read configuration file". Which is attempting to reference the web.config file under the {cf-root}/cfusion/wwwroot/CFIDE.

    So this guide is missing instructions on this part. What do I do?
  • Commented on 06-24-2014 at 9:28 PM
    Not to pawn you off, but did you try asking Pete?
  • Daniel Mejia #
    Commented on 06-24-2014 at 11:03 PM
    I did, but I also want to get the answers on the only blog post I found regarding this guide. I'm positive someone else will be searching too.
  • Lee #
    Commented on 08-06-2014 at 11:58 AM
    I'm having the same issue as Daniel Mejia. It's like the guide is missing some steps or something. Was hoping to see someone else having a similar problem and found a solution, or that the CF11 Lockdown guide would have been updated by now.
  • Commented on 08-06-2014 at 12:13 PM
    @Lee: I've reach out to Pete.
  • Lee #
    Commented on 08-06-2014 at 12:27 PM
    @Raymond: I tried to contact him through his website, but I was getting an error on his contact form. So I sent him a message through his company, so I don't know if he'll get to it or not. Thanks a lot of reaching out to him since you probably have a better means of communicating with him.
  • Commented on 08-06-2014 at 12:53 PM
    @Daniel - never move the /CFIDE folder, your copy of CFIDE will never be updated with security hotfixes / patches when you run the ColdFusion updater.

    The /CFIDE IIS virtual directory gets created automatically when you run the web server configuration tool (step 2.13), as long as you configure all sites or each site manually.

    For the permissions error you are getting it sounds like you didn't add read file system permissions to {cf-root}/cfusion/wwwroot/CFIDE for the IIS application pool identity user & IUSR (step 2.5).
  • WsuApe #
    Commented on 09-19-2014 at 11:35 AM
    The lockdown guide does not seem correct in listing steps to create the separate cfadmin webiste. I created the site with the security cert but, cant get anything to pull up as the site just throws errors. Do I need to create a virtual mapping to CFIDE from within that site? Can someone list some detailed steps here?