Why am I getting "File Not Found" when attempting to access ColdFusion Administrator?

Question

I am in the process of installing and configuring ColdFusion 11 on IIS 8.5, using the instructions found in Pete Freitag's CF11 Lockdown Guide.

Everything is going fine until I get to section 2.16 - "Create Alias for /CFIDE/scripts". When I attempt to access the ColdFusion Administrator website at https://127.0.0.1/CFIDE/administrator/index.cfm, I get a "File Not Found" exception:

I have configured IIS to Deny access for all /CFIDE sub-directories (Request Filtering at the root), and removed /CFIDE/administrator from the Request Filtering URLs in the CF Admin IIS website.

I tried removing all /CFIDE sub-directories from the Request Filtering for the website, but this accomplished nothing.

Answer 1

It turns out there is one important step missing from Pete Freitag's wonderful ColdFusion 11 Lockdown Guide.

After running the Web Server Configuration Tool, which adds the CFIDE directory to each website, including your ColdFusion Administrator website, you need to grant permission on the CFIDE directory to the ColdFusion user account.

1. Right click on your {cfinstance.root}/wwwroot/CFIDE directory in Windows Explorer and select Properties.
2. Click on the Security tab then click Advanced.
3. Click the Add button
4. In the Permission Entry dialog click Select a principal.
5. Enter the ColdFusion user account as the principal.
6. Check Read & Execute, List folder contents, and Read and click OK.
7. Check the checkbox to Replace all child object permission entries with inheritable permission entries from this object.
8. Click OK to apply these permissions.

Answer 2

Did you add the following URL deny request filtering in IIS for the site where your CF admin is located: /CFIDE/administrator

Try removing that entry, or create a new IIS site which points to the CF admin and ensure that /CFIDE/administrator is not added as URL deny entry to the IIS request filtering for your CF admin IIS site.