Adobe 38043740 Lockdown Guide - Page 55

connectionTimeout="20000" redirectPort="8445" /> This must be repeated for each ColdFusion instance created. 4.3.3 Apply any ColdFusion additional Security Patches Visit: http://www.adobe.com/support/security/ and read all pertinent ColdFusion Security Bulletins. Download and install any relevant security hotfixes not already installed. 4.3.4 Tomcat Shutdown Port Tomcat listens on a TCP port (8007 by default, may differ if multiple instances) for a SHUTDOWN command. When the command is received on the specified port the server will shutdown. Edit the file {cf.instance.home}/runtime/conf/server.xml and locate the line similar to: Change 8007 to -1 to disable this feature, or to random port number. Tomcat should only listen on 127.0.0.1 for this port, however you should also ensure that your firewall does not allow external connections to this port. Also consider changing the shutdown command, that is the value of the shutdown attribute of the Server tag. This string is essentially a password used to shut down the server locally when the port is enabled. Next look in: {cf.instance.home}/bin/port.properties and edit the following line to match server.xml port value: SHUTDOWN=8007 Ensure that global read permission is denied for both these files. 55