Overview of the Problem
A “Missing CFIDE folder” error occurs when a ColdFusion application, feature, or administrator page expects to access the CFIDE directory (e.g., /CFIDE or /CFIDE/administrator) but the web server can’t find or serve it. This typically shows up as 404 Not Found or 403 Forbidden when browsing to paths like /CFIDE/administrator or when ColdFusion UI components try to load supporting assets.
Why it happens:
- The CFIDE directory contains ColdFusion Administrator files and, in older versions, assets used by tags/UI (AJAX, cfgrid, etc.). If the CFIDE folder isn’t present in the active web root, isn’t mapped, or is intentionally blocked for Security, requests referencing it will fail.
- Newer ColdFusion versions shifted most public assets from /CFIDE to /cf_scripts/scripts, which can cause confusion and misconfigurations after upgrades.
- Hardened environments often restrict or hide CFIDE, and a connector or alias may be missing.
Symptoms and Error Messages
You may encounter:
- 404 Not Found for /CFIDE/, /CFIDE/administrator/, or /CFIDE/scripts
- 403 Forbidden when CFIDE exists but access is blocked
- UI components failing to load JavaScript/CSS with references to /CFIDE or /cf_scripts
- IIS/Apache/Nginx logs showing requests for /CFIDE that map to the wrong document root or return denials
Example logs:
- IIS: sc-status/sc-substatus/sc-win32-status = 404 0 2 or 403 0 0 in C:\inetpub\logs\LogFiles\W3SVC*\u_exYYMMDD.log
- Apache error_log: File does not exist: /var/www/html/CFIDE
- ColdFusion connector logs (IIS isapi_redirect.log or Apache mod_jk.log) showing requests never reaching Tomcat if they are static and unmapped
Possible Causes
Quick reference (cause → solution):
- CFIDE not present under the active web root → Map a virtual directory/alias to the CFIDE folder located in cfusion/wwwroot or restore the folder.
- Connector misconfiguration (wsconfig) after update or Migration → Re-run the web server Configuration tool and restart Web services.
- Security lockdown removed or blocked CFIDE → Re-enable a secure, IP-restricted mapping or use the built-in CF web server for admin only.
- Wrong root/site binding or vhost pointing to wrong directory → Correct site root or virtual host Configuration to include a CFIDE mapping.
- Permissions/SELinux prevent web server from reading CFIDE → Fix file permissions/ownership and apply correct SELinux context.
- Confusing CFIDE with cf_scripts (newer CF) → Ensure /cf_scripts/scripts is mapped; not all apps need CFIDE.
Step-by-Step Troubleshooting Guide
1. Locate the CFIDE Directory on Disk
- Default paths (adjust for your version/edition):
- Windows: C:\ColdFusion2021\cfusion\wwwroot\CFIDE
- Linux: /opt/ColdFusion2021/cfusion/wwwroot/CFIDE
- If missing, confirm whether the installation excluded the Administrator or if a security lockdown removed it.
Tip: Use the built-in CF web server to test:
- http://127.0.0.1:8500/CFIDE/administrator/ (standalone)
- If this works, CFIDE exists and ColdFusion is fine. Your external web server mapping is the issue.
2. Verify the Web Server Mapping (Alias/Virtual Directory)
- The production site’s document root might not include the CFIDE directory. Create a virtual directory or alias:
- IIS: Virtual Directory “CFIDE” pointing to cfusion/wwwroot/CFIDE.
- Apache: Alias /CFIDE /opt/ColdFusion2021/cfusion/wwwroot/CFIDE.
- Nginx: location /CFIDE { alias /opt/ColdFusion2021/cfusion/wwwroot/CFIDE; }
Security note: Restrict access—don’t expose Administrator publicly.
3. Check the ColdFusion Web Server Connector (wsconfig)
If dynamic CF pages return correctly but CFIDE static files 404, your alias might be missing; if CF pages fail entirely, the connector may be broken.
- Re-run the connector:
- Windows: C:\ColdFusion2021\cfusion\runtime\bin\wsconfig.exe
- Linux: /opt/ColdFusion2021/cfusion/runtime/bin/wsconfig
PowerShell example (IIS, run as Administrator):
& “C:\ColdFusion2021\cfusion\runtime\bin\wsconfig.exe”
- Reconfigure sites, apply, and restart IIS/Apache.
4. Fix File System Permissions and SELinux
-
Ensure the web server user can read CFIDE:
-
Windows (ICACLS):
icacls “C:\ColdFusion2021\cfusion\wwwroot\CFIDE” /grant “IIS_IUSRS:(OI)(CI)RX” /T
-
Linux (SELinux):
chcon -R -t httpd_sys_content_t /opt/ColdFusion2021/cfusion/wwwroot/CFIDE
restorecon -R /opt/ColdFusion2021/cfusion/wwwroot/CFIDE
-
-
Apache/Nginx must have read access to the CFIDE path.
5. Account for Security Lockdown or Renamed CFIDE
- Adobe’s Lockdown guide may remove public CFIDE mapping and restrict Admin to localhost.
- If CFIDE was intentionally removed, decide whether to:
- Expose a limited, IP-restricted mapping for /CFIDE/administrator, or
- Use the built-in web server (localhost:8500) or a secure management bastion to access Admin.
6. Validate the /cf_scripts/scripts Mapping (Newer CF)
-
Since CF10+, client-side assets are typically under /cf_scripts/scripts, not /CFIDE/scripts.
-
Ensure a mapping exists:
-
IIS Virtual Directory: cf_scripts → C:\ColdFusion2021\cfusion\wwwroot\cf_scripts
-
Apache:
Alias /cf_scripts /opt/ColdFusion2021/cfusion/wwwroot/cf_scripts
<Directory “/opt/ColdFusion2021/cfusion/wwwroot/cf_scripts”>
Require all granted
-
-
Update Legacy code references if needed.
7. Test Using the Built-in Web Server
- Test admin and scripts directly:
- If these work, the ColdFusion side is fine; focus on external web Server configuration.
8. Inspect Logs
- IIS: C:\inetpub\logs\LogFiles\W3SVC*
- Apache: access_log and error_log
- Connector: C:\ColdFusion2021\cfusion\logs\wsconfig\1\isapi_redirect.log or /opt/ColdFusion2021/cfusion/logs/wsconfig/1/mod_jk.log
- ColdFusion: cfusion\logs\Application.log, coldfusion-out.log
Look for 404s on /CFIDE or permission errors.
9. Restore CFIDE from Installer or Backup
- Re-run the ColdFusion installer with Administrator/Webroot options enabled, or copy from a validated backup.
- Never copy CFIDE from unknown sources; verify version matches your CF patches/hotfix level.
Platform-Specific Fixes
Adobe ColdFusion with IIS on Windows
Steps:
- Confirm CFIDE exists at C:\ColdFusion20XX\cfusion\wwwroot\CFIDE.
- In IIS Manager, under your site, add a Virtual Directory:
- Alias: CFIDE
- Physical path: C:\ColdFusion20XX\cfusion\wwwroot\CFIDE
- Restrict access (recommended) to internal IPs or admins.
- Add cf_scripts mapping similarly if needed.
- Recycle the application pool and test.
Example web.config snippet to restrict Administrator by IP:
Apache HTTPD on Linux
Add to your vhost:
Alias /CFIDE /opt/ColdFusion2021/cfusion/wwwroot/CFIDE
<Directory “/opt/ColdFusion2021/cfusion/wwwroot/CFIDE”>
Options FollowSymLinks
AllowOverride None
Require ip 127.0.0.1 10.0.0.0/8
Alias /cf_scripts /opt/ColdFusion2021/cfusion/wwwroot/cf_scripts
<Directory “/opt/ColdFusion2021/cfusion/wwwroot/cf_scripts”>
Options FollowSymLinks
AllowOverride None
Require all granted
- Restart Apache. If SELinux is enforcing, apply the context as shown earlier.
Nginx (Proxy to ColdFusion/Tomcat)
Example server block:
server {
listen 80;
server_name example.com;
root /var/www/site;
Restrict CF Admin
location ^~ /CFIDE/administrator {
allow 127.0.0.1;
allow 10.0.0.0/8;
deny all;
alias /opt/ColdFusion2021/cfusion/wwwroot/CFIDE/administrator;
}
Allow cf_scripts for client assets
location ^~ /cf_scripts/ {
alias /opt/ColdFusion2021/cfusion/wwwroot/cf_scripts/;
}
CF dynamic requests (adjust connector/proxy to AJP/HTTP)
location ~ .(cfm|cfc)(/.*)?$ {
proxy_pass http://127.0.0.1:8500;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
}
Note: Some shops proxy all requests to CF; in that case, serve CFIDE/cf_scripts via alias or upstream if desired, while still restricting Admin access.
Restoring the CFIDE Directory Safely
- Preferred: Reinstall or modify the ColdFusion installation to include the Administrator files, ensuring your patch level remains consistent.
- Alternative: Copy CFIDE from the same server’s cfusion/wwwroot or the same version/build media. Validate integrity and permissions.
- After restore, immediately:
- Restrict access to /CFIDE/administrator.
- Disable RDS unless explicitly needed.
- Update ColdFusion to the latest security hotfixes.
Securing CFIDE and the Administrator
Never leave CFIDE broadly exposed.
Recommended controls:
- Restrict by IP or require VPN.
- Add secondary auth (Basic Auth/SSO) in front of Administrator.
- Bind Admin to localhost only and manage via bastion or SSH tunnel.
- Use Adobe’s Lockdown guide and secure profile installation.
- Monitor logs for attempts against /CFIDE/administrator.
IIS Basic Auth example (paired with IP allow):
- Enable Basic Authentication on the CFIDE/administrator virtual directory.
- Ensure HTTPS is enforced.
Apache basic auth example:
<Directory “/opt/ColdFusion2021/cfusion/wwwroot/CFIDE/administrator”>
Require ip 127.0.0.1 10.0.0.0/8
AuthType Basic
AuthName “Restricted”
AuthUserFile /etc/httpd/.htpasswd
Require valid-user
Common mistakes and How to Avoid Them
- Copying CFIDE into your public site root and exposing Administrator to the internet.
- Avoid: Use virtual directory with IP restriction.
- Confusing /CFIDE/scripts with /cf_scripts/scripts in newer versions.
- Fix: Map /cf_scripts/scripts and update legacy references.
- Reinstalling the connector but forgetting to restart services.
- Always restart IIS/Apache and verify logs.
- Overlooking SELinux or Windows ACLs causing 403 or 404.
- Confirm permissions and SELinux contexts.
- Using mismatched CFIDE version from another server.
- Only use the same build/hotfix level or reinstall to ensure consistency.
Prevention Tips / Best practices
- Standardize web server configs with a version-controlled template that includes:
- Virtual directories for /cf_scripts (and CFIDE if truly required), with secure access rules.
- Keep ColdFusion and connectors patched; re-run wsconfig after major updates.
- Separate admin access from public apps:
- Access Administrator via localhost/bastion only.
- Monitor logs and set alerts for requests to /CFIDE/administrator from unknown IPs.
- Use Deployment Automation (Ansible, DSC, etc.) to enforce permissions and SELinux contexts.
Key Takeaways
- A Missing CFIDE error is usually a web server mapping or security restriction issue, not a core ColdFusion failure.
- In modern ColdFusion, most public assets come from /cf_scripts/scripts, not CFIDE—map the right path.
- If you must expose CFIDE, restrict it aggressively; ideally keep Administrator accessible only from localhost or via VPN.
- Validate connector health, virtual directories, permissions, and SELinux/ACLs to resolve 404/403 errors quickly.
FAQ
Can I delete the CFIDE folder from my server?
You can remove the public mapping, and in hardened environments that’s recommended. However, deleting the CFIDE directory from the ColdFusion installation may prevent access to the Administrator. Keep CFIDE on disk but restrict access; or use the secure installer profile that binds Admin to localhost.
What is the difference between CFIDE and cf_scripts?
CFIDE historically included the Administrator and some client assets. Newer ColdFusion versions moved client-facing assets to /cf_scripts/scripts. Most applications today only need /cf_scripts/scripts public; do not expose /CFIDE/administrator publicly.
After a ColdFusion update, CFIDE returns 404. What changed?
Updates can reset or invalidate web server connectors or site configurations. Re-run the wsconfig tool, verify that your virtual directory/alias for CFIDE (if required) still exists, and confirm permissions. Also check that /cf_scripts/scripts is mapped correctly.
I’m using Lucee, why do I see CFIDE references?
Lucee uses different admin paths (e.g., /lucee/admin). If your app references CFIDE, it may be Legacy code or assets bundled with the app. Update references to the correct paths or provide equivalent assets.
How do I access the Administrator without exposing CFIDE publicly?
Bind Administrator to localhost (via the secure profile or web server rules) and use an SSH tunnel or a VPN/bastion host. Alternatively, use the built-in CF web server on 127.0.0.1:8500 and never publish /CFIDE/administrator on the public site.
