Adobe 38043740 - ColdFusion Standard - Mac Manual page 17
Server lockdown guide
Hide thumbs
Also See for 38043740 - ColdFusion Standard - Mac:
- User manual (112 pages) ,
- Development manual (1350 pages)
Table of Contents
Advertisement
Remove any Application Pools that are defined and not in use, such as the DefaultAppPool
2.2.7 Anonymous Access Identity
By default IIS7 is setup to use the built-in Windows user account called IUSR for anonymous request
authentication. This means that when a request is made to your web site without authenticating with the web
server will use IUSR for the NTFS file permissions.
The IUSR account is setup to be a low privilege account, but there may be cases where you want to change
this to another account, for example if you want to isolate between multiple web sites or applications. The
IUSR account is inherently a member of the Users group which may allow for additional unnecessary access to
files.
2.2.8 Setup Request Filtering
Make sure that you have the Request Filtering Role Service for IIS installed. Under the IIS root (applicable for
all web sites) click on Request Filtering. Select the URL tab and click Deny Sequence.
When a string is added to the Deny Sequence if it is matched in the url IIS will return a 404 Not Found
response, and the request will not reach the ColdFusion server.
17
Advertisement
Table of Contents
Related Manuals for Adobe 38043740 - ColdFusion Standard - Mac
Related Products for Adobe 38043740 - ColdFusion Standard - Mac
- Adobe 38040334 - Dreamweaver CS3
- Adobe 38040286 - Contribute CS3 - PC
- Adobe 38040165 - Visual Communicator - PC
- Adobe 38043755 - ColdFusion Enterprise - Mac
- Adobe 38000511 - Macromedia Flash Basic
- Adobe 38039927 - Fireworks CS3 - PC
- Adobe 38039481 - Flash CS3 Professional
- Adobe 38000827 - Macromedia ColdFusion MX Standard Edition