I have been working with ColdFusion for a long time. Something that has been seeded in my brain is that for maximum security you should physically separate the web server from the ColdFusion server. So I have always done this using what Adobe refers to as "distributed mode". IIS is on one server and ColdFusion is on a different server. They communicate via the web connector as usual, albeit over the network.
For several years now I have come across posts that mention using a reverse proxy is just as secure as running in distributed mode. With the reverse proxy setup, the web server and ColdFusion server are on the same physical machine but there is a proxy server that handles the requests and functions as the web server (basically). Still in my mind I see the physical separation as being more secure.
It is hard to find any definitive recommendation on the internet. Distributed mode is still mentioned even in the ColdFusion 11 documentation - For more information on the Web Server Configuration Tool, including information on multihoming and distributed usage, see the Configuring and Administering ColdFusion guide. (Although there is not really much information about it on that referenced page.) Both setups seem to be mentioned on various blogs and posts but I find it more common that people are using the reverse proxy setup rather than the distributed mode setup. Nothing concrete, just my perception as I have scoured the web. Running in distributed mode, with the web server and ColdFusion server on separate servers, definitely adds a layer of complexity when setting things up. Static files reside on the web server and the CFML files on the ColdFusion server. Etc. When you are using third party products this can be difficult to configure correctly.
So my question is, assuming everything else is equal, for maximum security do you use distributed mode or a reverse proxy setup? And some reasons why you do.
Unfortunately the ColdFusion lock down guides are confusing the matter. Here is what I have found.
In the ColdFusion 9 lock down guide (pages 14-15) it states:
You might also consider installing ColdFusion in distributed mode. This allows the web server to reside on a physically separate server from the ColdFusion server. You can also connect multiple web servers to a single ColdFusion server (this is called multihoming in the ColdFusion 9 documentation). This separation can provide additional security and should be considered in environments requiring maximum security. To install distributed mode, select the built-in web server option. For information about configuring distributed mode, see http://www.adobe.com/support/coldfusion/administration/cfmx_in_distributed_mode/cfmx_in_distributed_mode02.html. For details about multihoming, see http://help.adobe.com/en_US/ColdFusion/9.0/Admin/WSc3ff6d0ea77859461172e0811cbf364104-7fc3.html.
Another way to separate the public-facing web server and the ColdFusion server is by using a reverse proxy. In a reverse proxy setup, the ColdFusion server still has a web server installed, but all external client requests are handled by the proxy server, and certain requests are sent to the ColdFusion server for processing.
In the ColdFusion 10 lock down guide (page 27) that statement was trimmed down to this:
For maximum security consider running the web server and ColdFusion on separate physical servers. One way to separate the public facing web server and the ColdFusion server is by using a reverse proxy.
In a reverse proxy setup the ColdFusion server will still have a web server installed, however all external client requests will be handled by the proxy server, and only specific requests will be sent to the ColdFusion server for processing. Consult your web servers documentation to set up a reverse proxy.
And in the ColdFusion 11 lock down guide there is no mention of either. It seems like it should be on or around page 11 which is where the statements were located in the other docs along with running the web server configuration tool. I am very curious as to why Pete took this out of the latest document.
While I am using Adobe ColdFusion I have tagged this question with Railo as well for more input.