Pete FreitagHow to Disable Robust Exception Information on Lucee or Railo
As you know one of the first things you should do on a production ColdFusion server is disable robust exception information (this includes things like source code, and file path disclosures in error messages), in the ColdFusion Administrator. This information is great for developers debugging problems, but it's also great info for hackers.
If you are using Lucee or Railo, it too outputs this information in error messages by default. You can disable server wide by going into the Lucee Server Administrator /lucee/admin/server.cfm. Click on the Error link under Settings. Change General Error Template (500) from error.cfm to error-public.cfm, also change Missing Template Error (404) from error.cfm to error-public.cfm.
Your pages will now output a message in red:
We're sorry - An Error Occurred
Now that you know how to change the default, you might want to create a custom global 500 and 404 handler cfm file.
Like this? Follow me ↯
Tweet Follow @pfreitagHow to Disable Robust Exception Information on Lucee or Railo was first published on May 13, 2010.
If you like reading about railo, security, errors, or lucee then you might also like:
- Scope Injection in CFML
- OpenSSL and ColdFusion / Lucee / Tomcat
- Spring4Shell and ColdFusion
- Log4j CVE-2021-44228 Log4Shell Vulnerability on ColdFusion / Lucee
- Disable Flash Remoting on ColdFusion Servers
- Using Railo, Secure The railo-context
The FuseGuard Web Application Firewall for ColdFusion & CFML is a high performance, customizable engine that blocks various attacks against your ColdFusion applications.