URI
Application.cf
WEB-INF
/cfformgateway
/flex2gateway
/cfform-internal
/flex-internal
Table 2.2.8.1 : CFIDE URIs
Additional URI Sequences to consider blocking:
Purpose
Block Application.cfc and
Application.cfm requests which
result in an error when accessed
directly.
WEB-INF contains configuration
data used by the java
application server. The Tomcat
connector will block this already,
but you can block it at the web
server level as well.
Used for <cfform format=flash>
Flex Remoting
Used for <cfform format=flash>
Flex Remoting
Safe to Block
Yes
Yes
Only if Flash Forms are not
used.
Only if Flex Remoting is not
used.
Only if Flash Forms are not
used.
Only if Flex Remoting is not
used.
22