If I create a redirect using something like "<cflocation url="index.cfm" addtoken="false" statuscode="301">", it will redirect me to /jakarta/index.cfm.
I've been able to replicate this with two different servers, both in a folder with a blank application.cfm file, so I know it doesn't have anything to do with that. My quick fix was to just not reference url's this way and use the fully qualified /folder/index.cfm. This works well, however this doesn't fix an even bigger problem. Apparently the cfide/administrator login uses this same type of redirect, and when I log into the ColdFusion Administrator I get redirected to /Jakarta/index.cfm.
If it helps, I'm on ColdFusion 11. Any ideas on what could cause this?
Not sure of the cause of your issues, but you might try following the way the lockdown guide suggests setting up sites - don't allow access to CF Administrator from within a production site. Set up a dedicated site just for accessing CF Administrator. Better yet, restrict that site to only be accessible from localhost so that unauthorized access to the CF Administrator is prevented.
As far as the redirects, are you using a framework in your application, such that all urls map through index.cfm? Are you using any rewrite rules on your web server (IIS, Apache, etc.)?