Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Here is an example lockdown for a ColdFusion server that can be applied via CFConfig
{
"adminAllowConcurrentLogin":false,
"adminAllowedIPList":"127.0.0.1,192.168.50.10",
"adminLoginRequired":true,
"adminRDSEnabled":"false",
"adminRDSLoginRequired":"true",
"adminRDSUserIDRequired":false,
"adminRootUserID":"cfadm",
"adminUserIDRequired":true,
"ajaxDebugWindowEnabled":false,
"allowApplicationVarsInServletContext":false,
"allowExtraAttributesInAttrColl":true,
"applicationMangement":true,
"applicationMaximumTimeout":"0,2,0,0",
"applicationMode":"curr2driveroot",
"applicationTimeout":"0,2,0,0",
"CFaaSGeneratedFilesExpiryTime":30,
"CFFormScriptDirectory":"/cfscripts_CF2016/",
"clientStorage":"Cookie",
"compileExtForCFInclude":".CFC,.CFM,.CFML",
"componentCacheEnabled":true,
"debuggingEnabled":false,
"debuggingIPList":"127.0.0.1,0:0:0:0:0:0:0:1",
"debuggingReportExecutionTimes":false,
"debuggingShowDatabase":false,
"debuggingShowException":false,
"debuggingShowFlashFormCompileErrors":false,
"debuggingShowGeneral":false,
"debuggingShowTimer":false,
"debuggingShowTrace":false,
"debuggingShowVariableApplication":false,
"debuggingShowVariableCGI":false,
"debuggingShowVariableClient":false,
"debuggingShowVariableCookie":false,
"debuggingShowVariableForm":false,
"debuggingShowVariableRequest":false,
"debuggingShowVariables":false,
"debuggingShowVariableServer":false,
"debuggingShowVariableSession":false,
"debuggingShowVariableURL":false,
"debuggingTemplate":"/WEB-INF/debug/classic.cfm",
"disableInternalCFJavaComponents":true,
"disallowUnamedAppScope":true,
"dotNotationUpperCase":true,
"errorStatusCode":false,
"eventGatewayEnabled":false,
"FlashRemotingEnable":false,
"flexDataServicesEnable":false,
"generalErrorTemplate":"secure",
"inMemoryFileSystemAppLimit":20,
"inMemoryFileSystemEnabled":true,
"inMemoryFileSystemLimit":100,
"inspectTemplate":"once",
"lineDebuggerEnabled":false,
"lineDebuggerMaxSessions":5,
"lineDebuggerPort":5005,
"mailConnectionTimeout":60,
"mailDefaultEncoding":"UTF-8",
"mailDownloadUndeliveredAttachments":true,
"mailSignKeyAlias":"",
"mailSignKeyPassword":"",
"mailSignKeystore":"",
"mailSignKeystorePassword":"",
"mailSignMesssage":false,
"mailSpoolEnable":true,
"mailSpoolInterval":15,
"maxCFCFunctionRequests":1,
"maxCFThreads":1,
"maxFlashRemotingRequests":1,
"maxOutputBufferSize":1024,
"maxReportRequests":1,
"maxTemplateRequests":25,
"maxWebServiceRequests":1,
"missingErrorTemplate":"/CFIDE/administrator/templates/missing_template_error.htm",
"monitoringServiceHost":"0.0.0.0",
"monitoringServicePort":"5500",
"ORMSearchIndexDirectory":"",
"perAppSettingsEnabled":true,
"postParametersLimit":1000,
"postSizeLimit":1500,
"requestQueueTimeout":300,
"requestQueueTimeoutPage":"/CFIDE/administrator/templates/request_timeout_error.htm",
"requestTimeout":"0,0,0,60",
"requestTimeoutEnabled":true,
"RMISSLEnable":false,
"RMISSLKeystore":"",
"robustExceptionEnabled":false,
"sandboxEnabled":true,
"saveClassFiles":true,
"schedulerLogFileExtensions":"log,txt",
"schedulerLoggingEnabled":true,
"scriptProtect":"FORM,URL,COOKIE,CGI",
"secureJSON":true,
"secureJSONPrefix":"//",
"secureProfileEnabled":true,
"serverCFCEenabled":false,
"sessionCookieDisableUpdate":false,
"sessionCookieHTTPOnly":true,
"sessionCookieSecure":true,
"sessionCookieTimeout":-60,
"sessionMangement":true,
"sessionMaximumTimeout":"0,2,0,0",
"sessionTimeout":"0,2,0,0",
"sessionType":"j2ee",
"templateCacheSize":1024,
"throttleThreshold":4,
"totalThrottleMemory":1600,
"UDFTypeChecking":true,
"useUUIDForCFToken":true,
"watchConfigFilesForChangesEnabled":false,
"websocketEnabled":false,
"weinreRemoteInspectionEnabled":false
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment