Adobe 38043740 Lockdown Guide - Page 30
SSLCipherSuite RSA:!EXP:!NULL:+HIGH:-MEDIUM:-LOW, SSLProtocol +SSLv3 +TLSv1
 |
UPC - 883919135168
View all Adobe 38043740 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 30 highlights
Deny from all Allow from 127.0.0.1 The above blocks all requests starting with /CFIDE for all IP's except 127.0.0.1. You may want to change that to the IP address of an administration workstation instead, to allow yourself access to the ColdFusion Administrator. Order Deny,Allow Allow from all The above allows the URI /CFIDE/GraphData.cfm to pass through to ColdFusion. If you are not using cfchart you may skip this step. See Table 2.2.8.1 CFIDE URIs for a full list of URIs to determine if other URIs should be whitelisted under CFIDE. Next lets create a virtual host for the ColdFusion administrator website. This example uses the self signed certificate generated during installation, it is recommended that you use a signed certificate instead. ServerName localhost DocumentRoot /web/cfadmin/wwwroot/ SSLEngine on SSLCertificateFile /etc/pki/tls/certs/localhost.crt SSLCertificateKeyFile /etc/pki/tls/private/localhost.key SSLProtocol +SSLv3 +TLSv1 SSLCipherSuite RSA:!EXP:!NULL:+HIGH:-MEDIUM:-LOW ErrorLog logs/cfadmin.ssl.error.log CustomLog logs/cfadmin.ssl.access.log common The above creates a virtual host allowing you to access the ColdFusion administrator at https://localhost/CFIDE/administrator/ Next let's tell apache that SSL is required for the URI /CFIDE/administrator: 30
-
1 -
2
-
3
-
4
-
5
-
6
-
7
-
8
-
9
-
10
-
11
-
12
-
13
-
14
-
15
-
16
-
17
-
18
-
19
-
20
-
21
-
22
-
23
-
24
-
25 -
26 -
27 -
28 -
29 -
30 -
31 -
32 -
33 -
34 -
35 -
36
-
37
-
38
-
39
-
40
-
41
-
42
-
43
-
44
-
45
-
46
-
47
-
48
-
49
-
50
-
51
-
52
-
53
-
54
-
55
-
56
-
57
-
58
-
59
-
60
-
61
-
62
-
63
-
64
-
65
-
66
-
67
-
68
-
69
-
70
-
71
-
72
-
73
-
74
-
75
-
76
-
77
-
78
-
79
-
80
-
81
-
82
-
83
-
84
-
85
-
86
-
87
 |
 |
