I remember that boncodes settings in C:\Windows\boncodeAJP13.setting got installed with EnableRemoteAdmin =false in the past. I've noticed a change in that behavior with win installer 5.3.6.061 & 5.3.5.092 where it is set to true. Didn't look into other versions because of lack of time. But here are my findings:
During installation a boncodeAJP13.setting file is copied to C:\windows with:
<EnableRemoteAdmin>false</EnableRemoteAdmin> but as soon as the boncdoe setting file gets changed because of<RequiredSecret> and <ModCfmlSecret> being added to the file, <EnableRemoteAdmin> is set to true.
If this is wanted, I don't think it shouldn't be silently set (security as default). The user should at least be informed during installation that lucee server admin will be public/remotely accesible trough IIS. Alternatively the user could be asked during installation to "allow" per check box public access to Lucees administration sites through IIS.
I remember that boncodes settings in C:\Windows\boncodeAJP13.setting got installed with EnableRemoteAdmin =false in the past. I've noticed a change in that behavior with win installer 5.3.6.061 & 5.3.5.092 where it is set to true. Didn't look into other versions because of lack of time. But here are my findings:
During installation a boncodeAJP13.setting file is copied to C:\windows with:
<EnableRemoteAdmin>false</EnableRemoteAdmin>but as soon as the boncdoe setting file gets changed because of<RequiredSecret> and <ModCfmlSecret>being added to the file,<EnableRemoteAdmin>is set to true.If this is wanted, I don't think it shouldn't be silently set (security as default). The user should at least be informed during installation that lucee server admin will be public/remotely accesible trough IIS. Alternatively the user could be asked during installation to "allow" per check box public access to Lucees administration sites through IIS.
This is the post that made me verify the installation: https://dev.lucee.org/t/server-admin-available-from-the-net/7064/4