Announcing Web Application Firewall for ColdFusion
I'm proud to announce a Web Application Firewall for ColdFusion, a new product that I have been working on. This product detects malicious requests (such as SQL Injection, Cross Site Scripting, etc) and then logs, filters, or blocks the request.
The firewall is written in CFML so you can easily use it with existing ColdFusion applications by including the firewall with a
CFINCLUDE in your
Application.cfm. You can also write your own filter by creating a CFC and adding it to the configuration.
There is still more work to be done on this product, but it should be ready "soon". If you are interested in beta testing please contact me. In addition, be sure to add your email address here for release date notification.
Update: the Web Application Firewall for ColdFusion has been released!
- Web Application Vulnerabilities trump Buffer Overflows - November 2, 2006
- J2EE Sessions in CF10 Uses Secure Cookies - April 5, 2013
- Adobe eSeminar on FuseGuard - October 26, 2011
- Path Traversal Vulnerability Security Hotfix for ColdFusion Released - August 12, 2010
- Using AntiSamy with ColdFusion - August 5, 2010
- Updating Java on ColdFusion or Lucee
- ColdFusion returning empty response with server-error: true
- Careful applying CF11u16, CF2016u8, CF2018u2
- Sessions don't work in Chrome but do in IE
- csrfVerifyToken does not invalidate the token
- The cf_sql_ is optional in cfqueryparam
- Cookie Expires / Max-Age 1969-12-31T23:59:59.000Z
- Burst Throttling on AWS API Gateway Explained