Putting the XML file outside webroot works for me, no adiditonal software, isapi filters etc required.
Snake -----Original Message----- From: Joseph Lamoree [mailto:[EMAIL PROTECTED] Sent: 26 August 2006 04:07 To: CF-Talk Subject: Re: Securing your config.xml file All of my servers run either Apache or support servlet filters. On the Apache sites, I use mod_rewrite; on the J2EE servers, I use the UrlRewriteFilter (http://tuckey.org/urlrewrite/). mod_rewrite: RewriteRule ^/config/.* / [R] UrlRewriteFilter: <rule> <from>.*</from> <condition type="request-uri">^/config/.*</condition> <to type="redirect" last="true">/</to> </rule> That does the trick for me. -- Joseph Lamoree ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:251169 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4