Adobe 38043740 Lockdown Guide - Page 22
Table 2.2.8.1 : CFIDE URIs, Additional URI Sequences to consider blocking:, Flex Remoting
 |
UPC - 883919135168
View all Adobe 38043740 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 22 highlights
URI Application.cf WEB-INF /cfformgateway /flex2gateway /cfform-internal /flex-internal Table 2.2.8.1 : CFIDE URIs Additional URI Sequences to consider blocking: Purpose Safe to Block Block Application.cfc and Yes Application.cfm requests which result in an error when accessed directly. WEB-INF contains configuration Yes data used by the java application server. The Tomcat connector will block this already, but you can block it at the web server level as well. Used for Only if Flash Forms are not used. Flex Remoting Only if Flex Remoting is not used. Used for Only if Flash Forms are not used. Flex Remoting Only if Flex Remoting is not used. 22
-
1 -
2
-
3
-
4
-
5
-
6
-
7
-
8
-
9
-
10
-
11
-
12
-
13
-
14
-
15
-
16
-
17 -
18 -
19 -
20 -
21 -
22 -
23 -
24 -
25 -
26 -
27 -
28
-
29
-
30
-
31
-
32
-
33
-
34
-
35
-
36
-
37
-
38
-
39
-
40
-
41
-
42
-
43
-
44
-
45
-
46
-
47
-
48
-
49
-
50
-
51
-
52
-
53
-
54
-
55
-
56
-
57
-
58
-
59
-
60
-
61
-
62
-
63
-
64
-
65
-
66
-
67
-
68
-
69
-
70
-
71
-
72
-
73
-
74
-
75
-
76
-
77
-
78
-
79
-
80
-
81
-
82
-
83
-
84
-
85
-
86
-
87
 |
 |
22
Table 2.2.8.1 : CFIDE URIs
Additional URI Sequences to consider blocking:
URI
Purpose
Safe to Block
Application.cf
Block Application.cfc and
Application.cfm requests which
result in an error when accessed
directly.
Yes
WEB-INF
WEB-INF contains configuration
data used by the java
application server. The Tomcat
connector will block this already,
but you can block it at the web
server level as well.
Yes
/cfformgateway
Used for <cfform format=flash>
Only if Flash Forms are not
used.
/flex2gateway
Flex Remoting
Only if Flex Remoting is not
used.
/cfform-internal
Used for <cfform format=flash>
Only if Flash Forms are not
used.
/flex-internal
Flex Remoting
Only if Flex Remoting is not
used.