I'm glad they coordinated the release date with this on a much improved timeframe from last version!

Adobe doesn't show coldfusion under products. Checked all products! Not even under web development!! Why are they still keeping? maybe they should sell to some company who can care!

This (the prominence on the home page) has been the same for many years. Yeah it sucks, but honestly, it hasn't "killed" CF yet and as we just released 2 major updates w/ 12 on the way, I'd not be too concerned about it.

i know it hasn't killed. Just it really sucks that nobody gives s**t

Back on topic. Pete suggests to install coldfusion on a separate partition and in a custom folder name (section 2.2). Then in section 2.11 he suggests to make the physical path of the cf admin site on another partition within the sites folder, ie: d:/sites/cfadmin-web/.

However, the files for the admin site are installed in {cf-root}/cfusion/wwwroot/CFIDE. So I attempted to move the entire CFIDE to my new cfadmin folder under my sites partition.

Ofcourse, now my admin site is throwing a 500.19 "Cannot read configuration file". Which is attempting to reference the web.config file under the {cf-root}/cfusion/wwwroot/CFIDE.

So this guide is missing instructions on this part. What do I do?

Not to pawn you off, but did you try asking Pete?

I did, but I also want to get the answers on the only blog post I found regarding this guide. I'm positive someone else will be searching too.

I'm having the same issue as Daniel Mejia. It's like the guide is missing some steps or something. Was hoping to see someone else having a similar problem and found a solution, or that the CF11 Lockdown guide would have been updated by now.

@Lee: I've reach out to Pete.

@Raymond: I tried to contact him through his website, but I was getting an error on his contact form. So I sent him a message through his company, so I don't know if he'll get to it or not. Thanks a lot of reaching out to him since you probably have a better means of communicating with him.

@Daniel - never move the /CFIDE folder, your copy of CFIDE will never be updated with security hotfixes / patches when you run the ColdFusion updater.

The /CFIDE IIS virtual directory gets created automatically when you run the web server configuration tool (step 2.13), as long as you configure all sites or each site manually.

For the permissions error you are getting it sounds like you didn't add read file system permissions to {cf-root}/cfusion/wwwroot/CFIDE for the IIS application pool identity user & IUSR (step 2.5).

The lockdown guide does not seem correct in listing steps to create the separate cfadmin webiste. I created the site with the security cert but, cant get anything to pull up as the site just throws errors. Do I need to create a virtual mapping to CFIDE from within that site? Can someone list some detailed steps here?