I’m running apache2 & Tomcat. I thought I could return a 404 if I linked directly to application.cfc
But it returns a 200 and an empty response body (which is good), however that tells (the hacker) I’m using coldfusion (200 response).
In apache default.conf I have:
<Directory /var/www/vhosts/*****/www/> <Files application.cfc> Order deny,allow Deny from all Allow from 127.0.0.1 </Files> </Directory>
I would expect this to return a 404, any ideas why it doesn’t?