We often set up publishing platforms with a separate URL for admin or contributors.
For example, admin.magicalunicorn.com for admin and www.magicalunicorn.com for the general public.
Your options for securing the domain, having different caching profiles and so on are made a lot simpler by the separation. Unfortunately, admins can find themselves on the wrong domain and often attempt to logon and contribute content through the webtop on the public domain.
You can block access to the webtop completely by setting a flag when the application initialises:
<cfset application.sysinfo.bwebtopaccess = false>
You can wrap that setting in a check for the hostname or domain name of the server.
In turn, that variable will get picked up the following code block in the webtop Application.cfc:
<!--- Restrict access if webtop access is disabled --->
<cfif not application.sysinfo.bwebtopaccess>
<cfoutput>
<div style="margin: 10% 30% 0% 30%; padding: 10px; border: 2px navy solid; background: ##dedeff; font-family: Verdana; font-color: navy; text-align: center;">
<h2>Webtop Access Restricted</h2>
<p>Webtop access has been specifically restricted on this server. Please contact your system administrator for details.</p>
</div>
</cfoutput>
<cfabort />
</cfif>
Thought that might be of interest to someone 