Can't Redirect ^/cfide/administrator/$

Topics: User Forum
Mar 6, 2012 at 8:26 AM

For security, I am trying to hide a well-known application (ColdFusion) directory from public view - /cfide/administrator/.  My firewall does a fine job of blocking HTTP requests but cannot perform deep packet inspection on HTTPS requests.  Consequently, I'd like to redirect HTTPS requests for /cfide/administrator/ to HTTP and let the firewall handle the rest.  Unfortunately, /cfide/administrator/ always resolves (displays the page or, if secured by file permissions, a login prompt).  Any other address will follow IIRF's redirects.  It's like this one directory is magically protected.

Assuming this to be a problem with ISAPI filter order, I gave IIRF top priority, over URLScan (which can successfully block the URL but not redirect it), JRun Connector Filter (Coldfusion's ISAPI filter), and every other ISAPI filter, but to no avail.  Every time I request the page, it loads without redirecting.

For the record, Check that file exists is enabled for the relevant ColdFusion extensions.

I have also restarted the server, disabled caching in my browser, and employed dummy url parameters to trip up any caching.  Still, no luck.

This directory refuses to be redirected!

Any ideas?

Mar 6, 2012 at 7:48 PM

Aha!  I figured it out.

As it turns out, /cfide is a virtual directory in my environment.  Though I must've read it a thousand times in the docs, I didn't realize the requirement for a separate IIRF.ini file in the /cfide physical directory, having never redirected a virtual directory before.  As it turns out, this greatly simplifies my security problem, being that I can employ a much simpler, brick wall IIRF.ini file here that replicates automatically to other ColdFusion sites on the server.

I hope this information is helpful to someone.

Mar 13, 2012 at 1:09 AM

Thanks for posting your insights.