can't secure cfm page

Posted on 2011-05-12
Last Modified: 2012-05-11
Hi there.  I'm running Apache and railo (open source coldfusion) on my server.  I'm trying to prevent someone from accessing my cfm page in the browser.  In apache I set the permission but railo seems to loosen the restrictions in apache.  any idea how to fix that in railo or at least set a file in railo to prevent someone from accessing it from the browser?
Question by:COwebmaster
    LVL 24

    Expert Comment

    there are different ways to secure a website or webpage.
    it depends on what you are trying to do
    one very typical scenario is that a website may have public pages that anyone can browse around on and then it has "member" pages where in order to browse around there you need to be logged in and you also might have "admin" pages where not only do you need to be logged in but you need to be an administrator.


    i have also seen people want to disallow everyone except their own ip address


    many other scenarios ....

    would you please describe in just a bit more detail what you are trying to do?

    and also when you say "prevent someone from accessing my cfm page" do you mean a specific individual or machine or do you mean prevent everyone except me?

    Author Comment

    I'm just trying to set permissions on a sub directory under root so that no one can access any files in that directory via their browser.  How do I set file and directory permissions in railo?
    LVL 24

    Accepted Solution


    i guess i have no idea about railio (dont even know what it is)
    but something real simple in ColdFusion would be:

    <cfset This.AuthIP=","><!--- a list of authorized ips --->
    <cfset This.Seper="\"><!--- windows is back slash - otherwise a / --->
    <cfset This.RestrictedDirectoryName="myFolder">

    <cfif Not listfind(This.AuthIP,cgi.remote_addr) and
          <cflocation url="/" addtoken="0"><!--- locates back to default page of root directory --->
    now if someone who is not in authip list enters the directory myfolder - they will be thrown out.

    That code would be put into your Application.cfc file under onRequestStart function.
    or if using Application.cfm just put it anywhere after the cfapplication tag
    in this case also just change the "This." to "Variables." without any quotes of course!
    good luck ...

    Author Closing Comment

    That worked great!  Thank you!
    LVL 24

    Expert Comment

    glad it worked ...

    Featured Post

    Better Security Awareness With Threat Intelligence

    See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

    Join & Write a Comment

    It is possible to boost certain documents at query time in Solr. Query time boosting can be a powerful resource for finding the most relevant and "best" content. Of course the more information you index, the more fields you will be able to use for y…
    In Solr 4.0 it is possible to atomically (or partially) update individual fields in a document. This article will show the operations possible for atomic updating as well as setting up your Solr instance to be able to perform the actions. One major …
    Internet Business Fax to Email Made Easy - With eFax Corporate (, you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    733 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    24 Experts available now in Live!

    Get 1:1 Help Now