Lock down Lucee Admin to localhost with IIS

Lucee Admin can be locked to be accessed only from the localhost with IIS. For this, you need to have Remote Access to the server.

  1. Go to IIS admin (inetmgr).
  2. Navigate to a particular domain.
  3. Go into the /WEB-INF/ directory.
  4. Select the /lucee/ directory.
  5. Click the “Add Allow Entry” option in the actions sidebar.
  6. Enter 127.0.0.1 for Specific IP Address and click OK.
  7. Select the root of the server from the left menu.
  8. Open the Request Filtering.
  9. Click the URL tab.
  10. Select ‘Deny Sequence…’ from the right menu.
  11. Enter /lucee/admin/ for ‘URL Sequence’ and click OK.

Leave a Comment