Does anyone explicitly block requests with CFID or...
# cfml-generala
aliaspooryorik
05/25/2023, 11:10 AM
Does anyone explicitly block requests with CFID or CFTOKEN in the url params?
aliaspooryorik
05/25/2023, 11:12 AM
We don't pass them in the URL but someone could attempt to add them so as they are not expected maybe that request should be blocked
aliaspooryorik
05/25/2023, 11:17 AM
r
Rodney
05/25/2023, 12:02 PMWe use IIS so we'd just use an IIS rewrite rule to remove them or use request filtering to reject the request.
a
aliaspooryorik
05/25/2023, 12:04 PM
I've done it with Fuseguard as that is already in use and gives us some metrics which may be interesting. I might move to web server level if we find we have a lot to take the load off the CFML server.