Server Settings - Settings
Configure general server settings and request handling behavior
Overview
The Server Settings page contains fundamental configuration options that control how ColdFusion handles requests, errors, and missing templates. These settings affect global server behavior and should be configured carefully based on your application requirements and environment.
Request Settings
Control how ColdFusion processes and manages incoming requests.
Timeout Requests After (seconds)
PurposeMaximum time a request can run before being terminated
Default60 seconds
RecommendationProduction: 30-60 seconds for web requests
Development: 120+ seconds for debugging
Batch Processing: Higher timeouts as needed
Development: 120+ seconds for debugging
Batch Processing: Higher timeouts as needed
ImpactPrevents runaway requests from consuming server resources indefinitely
Best Practice: Use
<cfsetting requestTimeout="value"> to override timeout for specific pages that require longer execution (e.g., reports, batch operations).Use UUID for cftoken
PurposeGenerate UUIDs instead of random numbers for CFTOKEN values
DefaultEnabled (recommended)
RecommendationAlways enable for better security
ImpactMakes session hijacking more difficult by using cryptographically secure UUIDs
Security: Disabling this setting makes CFTOKEN values predictable and increases risk of session hijacking attacks.
Enable Per App Settings
PurposeAllow Application.cfc to override administrator settings
DefaultEnabled
RecommendationEnable for flexibility in multi-application servers
ImpactApplications can customize datasources, mappings, mail settings, and other configurations per application
Use Case: Essential for hosting multiple applications with different configuration requirements on the same ColdFusion instance.
Enable Application.cfc/Application.cfm
PurposeProcess Application.cfc and Application.cfm files
DefaultEnabled
RecommendationAlways enable unless you have specific legacy requirements
ImpactDisabling prevents application-level initialization and request lifecycle management
Warning: Disabling this breaks most modern ColdFusion applications that rely on Application.cfc for initialization.
Missing Template Handler
Configure how ColdFusion handles missing templates and errors.
Missing Template Handler Path
PurposeSpecify a template to execute when a requested .cfm file is not found
DefaultEmpty (shows default 404 error)
RecommendationSet to a custom 404 handler for better user experience
Example
/errors/404.cfmBest Practices:
- Log 404 errors for analysis (detect broken links, security probes)
- Provide search functionality to help users find content
- Suggest similar or related pages
- Include navigation to main sections
- Set proper 404 HTTP status code:
<cfheader statuscode="404">
Example Missing Template Handler
Basic 404.cfm showing core functionality:
🔍 404.cfm - Missing Template Handler
<!--- /errors/404.cfm --->
<cfscript>
// Set 404 HTTP status code
cfheader(statuscode="404", statustext="Not Found");
// Log the 404 error
writeLog(
file="404-errors",
type="warning",
text="404: #cgi.script_name# from #cgi.http_referer#"
);
</cfscript>
<!DOCTYPE html>
<html>
<head>
<title>Page Not Found</title>
</head>
<body>
<h1>404 - Page Not Found</h1>
<p>The requested page could not be found.</p>
<p><a href="/">Return to Homepage</a></p>
</body>
</html><!--- /errors/404.cfm --->
<cfheader statuscode="404" statustext="Not Found">
<cflog
file="404-errors"
type="warning"
text="404: #cgi.script_name# from #cgi.http_referer#">
<!DOCTYPE html>
<html>
<head>
<title>Page Not Found</title>
</head>
<body>
<h1>404 - Page Not Found</h1>
<p>The requested page could not be found.</p>
<p><a href="/">Return to Homepage</a></p>
</body>
</html>Best Practices:
- HTTP Status: Always set 404 status code for proper SEO
- Logging: Log 404 errors to identify broken links
- User-Friendly: Provide clear message and link back to homepage
- SEO: Review 404 logs regularly to fix broken links
Site-wide Error Handler Path
PurposeGlobal error handling template for unhandled exceptions
DefaultEmpty
RecommendationAlways configure for production environments
Example
/errors/error.cfmSecurity Critical: Never expose stack traces or error details to end users in production. Log errors securely server-side and display user-friendly messages only.
Error Handler Best Practices:
- Log complete error details (message, stack trace, request variables) server-side
- Display generic, user-friendly error message
- Send email notifications for critical errors
- Include request ID for support troubleshooting
- Set proper 500 HTTP status code
- Avoid complex logic in error handler (keep it simple to prevent recursive errors)
Example Error Handler Template
Basic error.cfm showing core functionality:
📄 error.cfm - Error Handler
<!--- /errors/error.cfm --->
<cfscript>
// Generate tracking ID
errorID = createUUID();
// Set 500 HTTP status code
cfheader(statuscode="500", statustext="Internal Server Error");
// Log the error
writeLog(
file="application-errors",
type="error",
text="Error ID: #errorID# | #error.message# | Template: #cgi.script_name#"
);
</cfscript>
<!DOCTYPE html>
<html>
<head>
<title>System Error</title>
</head>
<body>
<h1>System Error</h1>
<p>An error occurred while processing your request.</p>
<p>Error ID: <cfoutput>#errorID#</cfoutput></p>
<p><a href="/">Return to Homepage</a></p>
</body>
</html><!--- /errors/error.cfm --->
<cfset errorID = createUUID()>
<cfheader statuscode="500" statustext="Internal Server Error">
<cflog
file="application-errors"
type="error"
text="Error ID: #errorID# | #error.message# | Template: #cgi.script_name#">
<!DOCTYPE html>
<html>
<head>
<title>System Error</title>
</head>
<body>
<h1>System Error</h1>
<p>An error occurred while processing your request.</p>
<p>Error ID: <cfoutput>#errorID#</cfoutput></p>
<p><a href="/">Return to Homepage</a></p>
</body>
</html>Best Practices:
- Security: Never display stack traces or error details to end users
- Tracking: Use unique error IDs to help support troubleshoot issues
- Logging: Log errors to dedicated files for analysis
- HTTP Status: Always set 500 status code for server errors
- User-Friendly: Display simple, helpful messages with next steps
Request Queue Settings
Control request size limits and throttling behavior.
Maximum Size of Post Data
PurposeLimit the size of POST request bodies
Default100 MB
RecommendationSet based on your file upload requirements (typically 10-50 MB)
SecurityLower values prevent denial-of-service attacks via large POST requests
Considerations:
- Must be larger than your largest expected file upload
- Balance between functionality and security
- For large file uploads, consider alternative approaches (chunked uploads, S3 direct upload)
- Monitor for large POST attempts in logs
Request Throttle Threshold
PurposeNumber of concurrent requests before throttling begins
DefaultBased on available memory
RecommendationSet to 2x number of CPU cores for CPU-bound applications
ImpactPrevents server overload during traffic spikes by queuing excess requests
Tuning Guide:
- CPU-bound apps: 2x CPU cores
- I/O-bound apps: 4-8x CPU cores
- Mixed workloads: Start at 3x and adjust based on monitoring
- Monitor request queue length under load
- Use load testing to determine optimal value
Request Throttle Memory
PurposeMemory threshold (percentage) that triggers request throttling
Default80%
Recommendation70-80% for production servers
ImpactQueues new requests when memory usage is high to prevent OutOfMemoryError
Warning: Setting this too high (85%+) may not provide enough protection during traffic spikes. Setting too low (65%) may unnecessarily throttle under normal load.
Request Limits
Set concurrent request limits for different request types.
Simultaneous Requests
- Default
- 50 (Enterprise) / 10 (Standard)
- Recommendation
- 2-4x CPU cores, test under load
Hard limit on concurrent request processing. Requests beyond this are queued or rejected.
Flash Remoting Requests
- Default
- 5
- Recommendation
- 0 (legacy feature, use REST instead)
Flash Player EOL December 2020. Disable if not using legacy Flash applications.
Web Service Requests
- Default
- 10
- Recommendation
- Based on SOAP usage patterns
SOAP web service invocations are often slower than regular requests.
CFC Function Requests
- Default
- 10
- Recommendation
- Based on API usage, lower for security
Remote CFC invocations. Lower values help prevent API abuse.
Report Requests
- Default
- 5
- Recommendation
- Keep low (3-5), use async generation
CFReport is resource-intensive. Generate reports asynchronously during off-peak hours.
Character Encoding
Default Template Character Encoding
- Default
- UTF-8
- Recommendation
- Always use UTF-8
Character encoding for CFM templates. Ensure all templates are saved in UTF-8 encoding.
Default Resource Character Encoding
- Default
- UTF-8
- Recommendation
- Match template encoding (UTF-8)
Character encoding for cffile, cfmail, and other operations.
Common Issues & Solutions
Request Timeout Errors
Symptom: Requests timing out before completion, users see timeout errors
Solutions:
- Increase global timeout setting (temporary fix)
- Use
<cfsetting requestTimeout>for specific long-running pages - Optimize slow database queries (use query analyzer)
- Profile code to identify performance bottlenecks
- Consider asynchronous processing for long operations
Request Queue Full
Symptom: Users seeing "Request Rejected" or "Request Timeout" errors during peak traffic
Solutions:
- Increase concurrent request limit (if resources available)
- Add more servers and load balance
- Optimize slow requests (often root cause)
- Implement caching to reduce database load
- Enable request throttling to gracefully handle spikes
Out of Memory Errors
Symptom: Server crashes,
java.lang.OutOfMemoryError, request failures under loadSolutions:
- Enable request throttling (immediate protection)
- Increase JVM heap size if physical RAM available
- Reduce concurrent request limits to match available memory
- Fix memory leaks in application code
- Monitor memory usage and set alerts