Please note: Changing the port setting may cause the shutdown of the ColdFusion Service on Windows
to fail, you may need to kill the process manually to stop ColdFusion. The Linux shutdown script
should still work properly when the port is changed.
4.3.5 Add a connector shared secret
Specify a shared secret for the AJP connector by editing
{cf.instance.home}/runtime/conf/server.xml
Look for a line similar to:
<Connector port="8012" protocol="AJP/1.3" redirectPort="8445"
tomcatAuthentication="false" />
Add a requiredSecret attribute with a random strong password:
<Connector port="8012" protocol="AJP/1.3" redirectPort="8445"
tomcatAuthentication="false" requiredSecret="yourSecret" />
Next edit the corresponding workers.properties file, eg
{cf.home}/config/wsconfig/1/workers.properties and add a line:
worker.cfusion.secret=yourSecret
4.3.6 Additional Tomcat Security Considerations
Consult the Tomcat 7 Security Considerations document
(http://tomcat.apache.org/tomcat-7.0-doc/security-
howto.html) for additional tomcat specific security settings.
4.3.7 Additional File Security Considerations
Pay careful attention to the file permissions of sensitive configuration files located in
{cf.instance.home}/lib/ such as password.properties, seed.properties and all neo-*.xml
files. In addition the files located in {cf.instance.home}/runtime/conf/ contain important configuration
files utilized by the Tomcat container.
56