how to prevent xdd attack to childlist selector in AEM? | Community
Skip to main content
X
XiaoyuLi
July 18, 2024
Solved

how to prevent xdd attack to childlist selector in AEM?

  • July 18, 2024
  • 1 reply
  • 708 views

I'm having an issue to block xss attacks to childlist selector:

I've tried adding several stuff in dispatcher.any and httpd.conf, to block the url or redirect to somewhere else, but nothing works.

 

this issue remains:

in the response header, the content-type is text/html

any ideas how to deal with this?
This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by Lokesh_Vajrala

Hi @xiaoyuli 

 

You can try this filter 

{ /type "deny" /path "/etc/designs/xh1x" /selectors "childrenlist" /extension "json" /method "GET" }

 

There are these new elements /path/selectors/extension, and /suffix in filters, which can be used to further control the behaviour. 

 

Thanks,

Lokesh 

1 reply

Lokesh_Vajrala
Community Advisor
Lokesh_VajralaCommunity AdvisorAccepted solution
Community Advisor
July 19, 2024

Hi @xiaoyuli 

 

You can try this filter 

{ /type "deny" /path "/etc/designs/xh1x" /selectors "childrenlist" /extension "json" /method "GET" }

 

There are these new elements /path/selectors/extension, and /suffix in filters, which can be used to further control the behaviour. 

 

Thanks,

Lokesh 

    Terms & ConditionsAccessibility statement

    Loading footer...