System information

Adobe documentation - Confidential

Next we will use the semanage utility (you may need to run yum install policycoreutils-python) to add

port 8014 to the list of ports httpd can connect to.

semanage port -a -t http_port_t -p tcp 8014

Restart apache and test accessing a cfm file.

Setup ColdFusion Administrator Web Site

In this section we will create an Apache virtual host which will be used exclusively for accessing the

ColdFusion administrator. An alternate approach is to access the ColdFusion administrator from the

builtin web server instead. Please read Section 5.1 for additional consideration.

To use SSL on apache make sure you have mod_ssl installed by running:

yum install mod_ssl

Next add the following to the bottom of your httpd.conf file:

NameVirtualHost 127.0.0.1:443

ServerName localhost

DocumentRoot /www/administrator/wwwroot/

SSLEngine on

SSLCertificateFile /etc/pki/tls/certs/localhost.crt

SSLCertificateKeyFile /etc/pki/tls/private/localhost.key

SSLProtocol +SSLv3 +TLSv1

SSLCipherSuite RSA:!EXP:!NULL:+HIGH:-MEDIUM:-LOW

ErrorLog logs/cfadmin.ssl.error.log

CustomLog logs/cfadmin.ssl.access.log common

</VirtualHost>

The above creates a virtual host allowing you to access the ColdFusion administrator at

https://localhost/CFIDE/administrator/

In our example we use the self signed certificate generated during openssl installation, it is

recommended that you use a certificate signed by a trusted certificate authority instead.

Next let’s tell apache that SSL is required for the URI /CFIDE/administrator:

SSLRequireSSL

</LocationMatch>

Finally, let’s require authentication for the /CFIDE/administrator URI, this will allow you to audit which

administrators have made changes to the administrator settings. In this example we use Digest

authentication, which requires a modern web browser (IE 6 and below may not work correctly) and

mod_auth_digest installed on the server side. First we need to create a password file:

Adobe documentation - Confidential