Add the undertow Predicate cf-admin() which returns true if the incoming URL is to the Lucee or ColdFusion admin:
Ex:
Add the undertow Handler block-external() which blocks any request not from localhost with a 404 response code.
Ex:
Add the undertow Handler block-cf-admin() which blocks any request to the Lucee or ColdFusion admin with a 404 response code.
Ex:
Add the following settings to server.json:
web.blockCFAdmin - control access to Lucee and Adobe CF admin UI. Possible values are:
true - Block ALL access to admin
false - Do not block access to admin
external - Only block access to requests not coming from localhost
web.blockSensitivePaths - control access to “special” files such as box.json, server.json, or any path starting with a period. Possible values are:
true - Block access to paths
false - Do not block access to paths