I was reading through the Lucee Lockdown guide for Apache and Lucee. I locked down the admin fine, but using the following location directive.
This allows the 999.999.999.999 ip address and ip adresses that start with 888.888.888 to access the admin fine. You can add any number or ip adn partial ip addresses to this line separated by a space. Unfortunately it breaks the graphs CFCHART generates. To fix this issue you need to add following location directive after the above location directive.
This enables the graphs and still locks down the admin and can be applied to anything in the folder.