We have a billing server on Windows Server 2012 R2, running a coldfusion billing application (CF11 Enterprise), which has a web address (http://billing.blah.com) for administrators to log on and administer accounts, run reports, etc.
We want to "lock down" this website so that the only way you can view it is via Remote Desktop (IP addresses must be whitelisted, which can be handled via the server). We no longer want the site accessible on the open internet.
Note, that when we RDP to the server, we access the site via http://127.0.0.1/blah.
I've asked our server guy whether this is something that can be done via a server rule/routine or whatever. But I am just wondering if there is any way ColdFusion can actually do something like that.
<!-- internal webserver start -->
<Connector packetSize="65535" port="8500" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8447" />
<!-- Define an AJP 1.3 Connector on port 8009 -->
<!-- begin connector -->
<Connector packetSize="65535" port="8014" protocol="AJP/1.3" redirectPort="8447" tomcatAuthentication="false" />
To have Tomcat (the underlying webserver/-container of ColdFusion) only listen to a local IP address, go to /ColdFusion/cfusion/runtime/conf/server.xml, search for:
<Connector executor="tomcatThreadPool" maxThreads="50"
port="8500" protocol="org.apache.coyote.http11.Http11Protocol"
connectionTimeout="20000"
redirectPort="8445" />
and add address="127.0.0.1" to it, like this:
<Connector executor="tomcatThreadPool" maxThreads="50"
address="127.0.0.1" port="8500" protocol="org.apache.coyote.http11.Http11Protocol"
connectionTimeout="20000"
redirectPort="8445" />
This tells Tomcat to only listen to that specific address instead of any address on the OS. Restart ColdFusion server and you are done.
Note: Depending on the ColdFusion version, the <Connector> tag might have different attributes. Generally look for the tag where the port attribute value matches the one you setup on installation, usually 8500.