Recently had to add some requestfiltering deny rules to a number of servers. This was because of a detected vunerabiltiy with Coldfusion and its admin portal.
So to achieve this quickly and consistently I developed the following powershell script.
It adds a deny rule at the server level and then an removes the rule for the CF administration portal site.
The first two lines ensure that the web administration tools are imported in all versions of powershell.
I like my config to be in the central applicationhost.config file, which runs less risk of developers overwriting the config in a web.config file. The line
-pspath 'MACHINE/WEBROOT/APPHOST'
ensures the config is saved in the applicationhost.config file.
–location "CFAdminPortal”
This line ensures that the config is applied to the site called CFAdminPortal
Add-PSSnapin WebAdministration Import-Module WebAdministration #Add requestfiltering Add-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST' -filter "system.webServer/security/requestFiltering/denyUrlSequences" -name "." -value @{sequence='/CFIDE'} #Remove requestfiltering for the CFIDE site Remove-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST' –location "CFAdminPortal" -filter "system.webServer/security/requestFiltering/denyUrlSequences" -name "." -AtElement @{sequence='/CFIDE'}
kayseri escort - kayseri escort - kayseri escort - kayseri escort - kayseri escort - kayseri escort - kayseri escort - kayseri escort - kayseri escort - kayseri escort - kayseri escort - kayseri escort - kayseri escort - kayseri escort - kayseri escort - kayseri escort - kayseri escort - gaziantep escort
ReplyDelete