I already commented out the RDS in \JRun4\servers\[name]\cfusion.ear\cfusion.war\WEB-INF\web.xml
However, the RDS tab is still there in the CF Administrator, and browsing to a CFC still redirect me to /CFIDE/componentutils/cfcexplorer.cfc
How to disable "Component Browser" in ColdFusion?
Thanks
The "Component Browser" cannot be disabled--it is a hard-wired function of ColdFusion, which automatically fires when you make a web request to the full location where a .CFC resides--and is unrelated to RDS, whether it is enabled or not.
You will have to decide upon a methodology that you want to approach to prevent direct access to your CFCs, and implement it that way, instead. Such options are:
Disabling the "auto-documentation" of a CFC, as described in the post provided by Henry above (Source: Ray Camden).
Remove the /CFIDE virtual mapping from any of your public facing websites, so that a direct .CFC web request results in a HTTP 500 (as cfcexplorer will no longer be accessible).
A slicker option altogether is to make your public-facing websites use a different virtual /CFIDE directory:
Within that directory, create a folder called "componentutils". , 4. Within "componentutils", create a single file, "cfcexplorer.cfc", which you will then use to make a single call, and return a 403 (Forbidden) code to the browser:
<cfheader statuscode="403" statustext="Forbidden" />
This option is good, because you not only hide your CFCs from direct access via the implicit functionality of the Component Browser, you also hide your CF Administrator from the public (which many CF sites often forget about).