I’m sorry for coming in here with such a basic question but I am at the end of my rope with this. Nothing I do seems to have any effect whatsoever.
I’m on Windows and using IIS. I ran the Lucee installer and also chose to install AJP and mod_cfml. This was all successful. My CFML pages process, I can see the BonCode handler mappings in IIS, and I can access and configure Lucee via the server admin. Everything’s working.
Except, no matter what I do, I can’t disable access to the server admin. What I want is for the admin to only be accessible from localhost, all other connections should be blocked. I’m aware there is a setting in BonCodeAJP13.settings:
<EnableRemoteAdmin>False</EnableRemoteAdmin>
But it is set to ‘false’ and the server admin is still remotely accessible. I thought I had it when I realized I’d been editing the BonCodeAJP13.settings file located in C:\lucee\AJP13 but when I configured the same file in C:\Windows it still didn’t work. I also tried Apache Location directives, but those didn’t work either. Maybe I put them in the wrong files or specified the wrong path. I restart the Apache Tomcat service every time I change a config, so it’s not that. I can’t block it in IIS because the requests to myLucee.com:8888 go straight to Tomcat and IIS never has a chance to process them. For some reason, even setting up an inbound rule on the windows firewall to block port 8888 didn’t work.
I can’t imagine it’s actually this difficult to do something so simple. Can anyone show me what boneheaded thing I’m doing that’s screwing this up?
OS: Windows Server 2016 x64
Java Version: 11.0.7
Tomcat Version: 9.0.35
IIS Version: 10.0.14393.0
Lucee Version: 5.3.6.61