Copy link to clipboard
Copied
The lockdown guide for CF10 says to update JVM. After doing that on the machine, the CF administrator information still shows the older CF10 installation version. How do I sync the machine installation with CF10? Do I need a second installation in the ColdFusion10/jre folder?
Copy link to clipboard
Copied
How did you update the JVM? Can you be specific? You should definitely NOT need a second installation in the ColdFusion10/jre folder.
-Carl V.
Copy link to clipboard
Copied
Login to the ColdFusion administrator and click on "Java and JVM" under "Server Settings" on the left nav. Then update the Java Virtual Machine Path to point to the JVM that you just installed, for example "C:/Program Files/Java/jdk1.7.X_XX/jre"
Copy link to clipboard
Copied
I seem to have broken my administrator. After I changed the path to "C:\Program Files (x86)\Java\jre7", I stopped the service and it would not restart. I did not put the path in quotation marks. The administartor accepted the change. How do I reverse this since I can't get back into the administrator since the service will not restart.
Copy link to clipboard
Copied
First, you will need to get ColdFusion pointing back to the original JVM. Open the jvm.config file found at C:\ColdFusion10\cfusion\bin using a text editor. Near the top of the file, look for the line that starts with "java.home=". Change the path to "C:\\ColdFusion10\\jre" (don't use quotation marks around the path). Save and close the file. Now try starting ColdFusion.
Second, you can't use the Java JRE that comes in the standard Java consumer download. You need to download the Java SE Development Kit (JDK), which contains the JRE and some server components that ColdFusion needs. You can get the JDK here: http://www.oracle.com/technetwork/java/javase/downloads/jdk7-downloads-1880260.html. Download and install the appropriate JDK for your operating system. You should now have both a "jre7" and a "jdk1.7.0_XX" folder inside of "C:\Program Files (x86)\Java". Now follow Peter's suggestion on updating the JVM setting in CF Administrator.
-Carl V.
Copy link to clipboard
Copied
OK. We are in business. I think I only have one more question related to the CF 10 lockdown. The documentation next talks of blocking unneeded file types. I have been looking on MS Server 2008-R2 IIS for a way to simply block them without removing them. I was looking at the MIME Types and Handlers areas, but these do not seem to be the right tools for this task. Am I approaching this the wrong way? (The lockdown guide sometimes glides over details and uses inconsistent terminology.) I am glad you guys know what you are doing. Thanks.
P.S.: The guide implies that the CFIDE virtual directory should be removed from the lockdown admin site. But if you do that the CF admin doesn't work -- none of the graphics show up. So I put it back. I don't understand how the lockdown admin site can work if CFIDE is removed as a virtual directory.
Copy link to clipboard
Copied
You can block the unused file types using Request Filtering file extensions. You will need a /CFIDE virtual directory for the admin site, but you only need to allow the URI /CFIDE/administrator/ you will also need access to /CFIDE/scripts/ (but if you follow the guide you would alias that to another URI like /cf-scripts/ or something)