AEM Dispatcher Cross Domain Injection issue

Question

Hi All, We have recently encountered an issue with cross domain injection as we are managing multiple sites in dispatcher for multiple site content pathsExample:-/content/site1/en-us/en.html/content/site2/en-us/en.html 1) When a user is trying to access the site with www.example.com/content/site1/en-us/en.html this will become as shortened URL as we will implement masking rules and other required rules in rewrite section of the site1 and the URL will become like www.example.com/en.html and page en.html with be served from publisher path /content/site1/en-us/en.html2) Same with the case www.example1.com/en.html will be served from publisher path /content/site2/en-us/en.html3) When the same user is trying to access the site with www.example.com/content/site2/en-us/en.html . User is able to access the page en.html of site2 from site1 (i.e. from /content/site2/en-us/en.html ) i.e. Entire content of one site is accessible with another domain Fix:Added last 3 lines in the rewrite section of site1 to only allow the content of its own site and block others. RewriteCond %{HTTP:X-Forwarded-Proto} https
RewriteCond %{REQUEST_URI} !^/apps
RewriteCond %{REQUEST_URI} !^/services
RewriteCond %{REQUEST_URI} !^/content
RewriteCond %{REQUEST_URI} !^/etc
RewriteCond %{REQUEST_URI} !^/home
RewriteCond %{REQUEST_URI} !^/libs
RewriteCond %{REQUEST_URI} !^/bin
RewriteCond %{REQUEST_URI} !^/tmp
RewriteCond %{REQUEST_URI} !^/var
RewriteRule ^/(.*)$ /content/site1/en-us/$1 [NC,PT,L]   RewriteCond %{REQUEST_URI} ^/content   
RewriteCond %{REQUEST_URI} !^/content/dam
RewriteRule ^ !/content/site1/$ [R=404,NC,L] In case if we are using the same DNS to access multiple content paths, paths needs to be allowed  in above rules.

SaiAnil · Accepted Answer

Adding above 3 lines fixed the issue

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded