Thursday, 28 May 2009

PCI Compliance - ColdFusion Debug Information

It should be blocked anyway but it is a common problem when undergoing PCI Compliance that ColdFusion debug information may be displayed by appending mode=debug to any CF URL. To prevent this limit the IPs that can access the debug information, preferably limit this to 127.0.0.1:

  • Open CF administrator

  • Select "Debugging Ips"

  • Add 127.0.0.1

  • Remove all other IPs

No comments: