Expand my Community achievements bar.

Dive into Adobe Summit 2024! Explore curated list of AEM sessions & labs, register, connect with experts, ask questions, engage, and share insights. Don't miss the excitement.
SOLVED

404 not found - from dispatcher

Avatar

Level 7

I have successfully accessed a servlet through ajax call on an AEM page from publish instance.

When I accessed the page from dispatcher, I was able to access the page. But ajax call, that happens when I click a button does not go through.

Not Found

The requested URL /bin/my-site/soap/register-profile was not found on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

In dispatcher.any file - filter section.

I have added an entry to allow

/0102 { /type "allow" /url "/bin/my-site/*" }

Any ideas ??

Thanks,

Sri

1 Accepted Solution

Avatar

Correct answer by
Level 10

That means the request contains a blank Referrer which is passed to publish server. The dispatcher config is fine as it allows all headers to passthrough - /clientheaders *

Sling Referrer Filter checks if the hostname of the referring page (HTTP header: referer) is the same as the hostname in the HTTP host header. HTTP Referer header is typically set at Load balancer or other proxy servers of your AEM setup. If this is your sandbox, you could use empty header or may setup referer-policy in apache config. It is not recommended to use empty referer in the production environment.

View solution in original post

6 Replies

Avatar

Level 10

Is this an AJAX-POST call?

Can you share dispatcher.log file relevant to this call in DEBUG mode?

check if this is allowed in dispatcher.any config -   { /type "allow" /url "/libs/granite/csrf/token.json "  }

Avatar

Level 7

yes , I have /libs/granite/csrf/*

Avatar

Level 7

.

#

# Configuration for a publish instance

#

# Each farm configures a set of load balanced renders (i.e. remote servers)

/farms

  {

  # First farm entry

  /website

    {

    # Request headers that should be forwarded to the remote server.

    /clientheaders

      {

      # Forward all request headers that are end-to-end. If you want

      # to forward a specific set of headers, you'll have to list

      # them here.

      "*"

      }

    # Hostname globbing for farm selection (virtual domain addressing)

    /virtualhosts

      {

      # Entries will be compared against the "Host" request header

      # and an optional request URL prefix.

      #

      # Examples:

      #

      #   www.company.com

      #   intranet.*

      #   myhost:8888/mysite

      "*"

      }

    # The load will be balanced among these render instances

    /renders

      {

      /rend01

        {

        # hostname or IP of the render

        /hostname "localhost"

        # port of the render

        /port "4503"

        # Connect timeout in milliseconds, 0 to wait indefinitely

        # /timeout "0"

        }

      }

    /filter

      {

      # Deny everything first and then allow specific entries

      /0001 { /type "deny" /glob "*" }

      # Open consoles

#     /0011 { /type "allow" /url "/admin/*"  }  # allow servlet engine admin

#     /0012 { /type "allow" /url "/crx/*"    }  # allow content repository

#     /0013 { /type "allow" /url "/system/*" }  # allow OSGi console

      # Allow non-public content directories

#     /0021 { /type "allow" /url "/apps/*"   }  # allow apps access

#     /0022 { /type "allow" /url "/bin/*"    }

      /0023 { /type "allow" /url "/content*" }  # disable this rule to allow mapped content only

      /0024 { /type "allow" /url "/services*" }  # disable this rule to allow mapped content only

#     /0024 { /type "allow" /url "/libs/*"   }

#     /0025 { /type "deny"  /url "/libs/shindig/proxy*" } # if you enable /libs close access to proxy

#     /0026 { /type "allow" /url "/home/*"   }

#     /0027 { /type "allow" /url "/tmp/*"    }

#     /0028 { /type "allow" /url "/var/*"    }

      /0029 { /type "allow" /url "/libs/granite/core*"   }

      # Enable specific mime types in non-public content directories

      /0041 { /type "allow" /url "*.css"   }  # enable css

      /0042 { /type "allow" /url "*.gif"   }  # enable gifs

      /0043 { /type "allow" /url "*.ico"   }  # enable icos

      /0044 { /type "allow" /url "*.js"    }  # enable javascript

      /0045 { /type "allow" /url "*.png"   }  # enable png

      /0046 { /type "allow" /url "*.swf"   }  # enable flash

      /0047 { /type "allow" /url "*.jpg"   }  # enable jpg

      /0048 { /type "allow" /url "*.jpeg"  }  # enable jpeg

      /0049 { /type "allow" /url "*.svg"  }

      /0050 { /type "allow" /url "*.ttf"  }

      /0051 { /type "allow" /url "*.woff"  }

      /0052 { /type "allow" /url "*.eot"  }

      /0053 { /type "allow" /url "*.woff2"  }

      # Enable features

      /0062 { /type "allow" /url "/libs/cq/personalization/*"  }  # enable personalization

     # Deny content grabbing

      /0081 { /type "deny"  /url "*.infinity.json" }

      /0082 { /type "allow"  /url "*.tidy.json"     }

      /0083 { /type "deny"  /url "*.sysview.xml"   }

      /0084 { /type "deny"  /url "*.docview.json"  }

      /0085 { /type "deny"  /url "*.docview.xml"  }

      /0086 { /type "deny"  /url "*.*[0-9].json" }

#     /0087 { /type "allow" /method "GET" /url "*.1.json" }  # allow one-level json requests

      # Deny query

      /0090 { /type "deny"  /url "*.query.json" }

      /0091 { /type "allow" /url "/bin/my-site-2/*" }

      /0092 { /type "allow" /url "/libs/granite/csrf/*" }

      /0093 { /type "allow" /url "/etc/acs-commons/lists/countries/*list.infinity.json" }

      /0094 { /type "allow" /url "/etc/acs-commons/lists/states/*list.infinity.json" }

      /0095 { /type "allow" /url "/libs/cq/i18n/dict.en.json" }

      /0096 { /type "allow" /url "/etc/seo/*" }

      /0097 { /type "allow" /url "/sitemap.xml" }

      /0098 { /type "allow" /url "/robots.txt" }

      /0099 { /type "allow" /url "/etc/acs-commons/*list.infinity.json" }

      /0100 { /type "allow" /url "/bin/my-site-3/*" }

      # BWGRS-734 : SEO URLs                   

      /0101 { /type "allow" /url "/[a-z]*_[A-Z]*.*" }

      /0102 { /type "allow" /url "/etc/designs/my-site/*" }

      /0103 { /type "deny"  /url "*/_jcr_content.json" }

      /0104 { /type "deny"  /url "*/_jcr_content.feed" }

      /0105 { /type "deny"  /url "*/jcr:content.json" }

      /0106 { /type "deny"  /url "*/jcr:content.feed" }

      /0107 { /type "allow" /url "/bin/my-site/*" }

      }

      # Allow Vanity URL's - soukene 09Sep2015

      /vanity_urls {

       /url "/content/static/vanityurls.html"

       /file "/tmp/vanity_urls5"

      /delay 300

      }

    # The cache section regulates what responses will be cached and where.

    /cache

      {

      # The docroot must be equal to the document root of the webserver. The

      # dispatcher will store files relative to this directory and subsequent

      # requests may be "declined" by the dispatcher, allowing the webserver

      # to deliver them just like static files.

      /docroot "/var/www/dispatcher/cache"

      # Sets the level upto which files named ".stat" will be created in the

      # document root of the webserver. When an activation request for some

      # page is received, only files within the same subtree are affected

      # by the invalidation.

      /statfileslevel "3"

      # Flag indicating whether to cache responses to requests that contain

      # authorization information.

      #/allowAuthorized "0"

      # Flag indicating whether the dispatcher should serve stale content if

      # no remote server is available.

      /serveStaleOnError "1"

      # Enable TTL evaluates the response headers from the backend, and if they

      # contain a Cache-Control max-age or Expires date, an auxiliary, empty file

      # next to the cache file is created, with modification time equal to the

      # expiry date. When the cache file is requested past the modification time

      # it is automatically re-requested from the backend.

      #

      /enableTTL "1"

      # The rules section defines what responses should be cached based on

      # the requested URL. Please note that only the following requests can

      # lead to cacheable responses:

      #

      # - HTTP method is GET

      # - URL has an extension

      # - Request has no query string

      # - Request has no "Authorization" header (unless allowAuthorized is 1)

      /rules

        {

        /0000

          {

          # the globbing pattern to be compared against the url

          # example: *             -> everything

          #        : /foo/bar.*    -> only the /foo/bar documents

          #        : /foo/bar/*    -> all pages below /foo/bar

          #        : /foo/bar[./]* -> all pages below and /foo/bar itself

          #        : *.html        -> all .html files

          /glob "*"

          /type "allow"

          }

        }

      # The invalidate section defines the pages that are "invalidated" after

      # any activation. Please note that the activated page itself and all

      # related documents are flushed on an modification. For example: if the

      # page /foo/bar is activated, all /foo/bar.* files are removed from the

      # cache.

      /invalidate

        {

        /0000

          {

          /glob "*"

          /type "deny"

          }

        /0001

          {

          # Consider all HTML files stale after an activation.

          /glob "*.html"

          /type "allow"

          }

        /0002

          {

          /glob "/etc/segmentation.segment.js"

          /type "allow"

          }

        /0003

          {

          /glob "*/analytics.sitecatalyst.js"

          /type "allow"

          }

        }

      # The allowedClients section restricts the client IP addresses that are

      # allowed to issue activation requests.

      /allowedClients

        {

        # Uncomment the following to restrict activation requests to originate

        # from "localhost" only.

        #

        #/0000

        #  {

        #  /glob "*"

        #  /type "deny"

        #  }

        #/0001

        #  {

        #  /glob "127.0.0.1"

        #  /type "allow"

        #  }

        }

      # The ignoreUrlParams section contains query string parameter names that

      # should be ignored when determining whether some request's output can be

      # cached or delivered from cache.

      #

      # In this example configuration, the "q" parameter will be ignored.

      #/ignoreUrlParams

      #  {

      #  /0001 { /glob "*" /type "deny" }

      #  /0002 { /glob "q" /type "allow" }

      #  }

      }

    # The statistics sections dictates how the load should be balanced among the

    # renders according to the media-type.

    /statistics

      {

      /categories

        {

        /html

          {

          /glob "*.html"

          }

        /others

          {

          /glob "*"

          }

        }

      }

    }

  }

Above is dispatcher.any file.

Avatar

Level 10

If the same servlet is accessible via publish server directly but not by dispatcher, then its most likely related to

CSRF, Referrer Filter, Headers, dispatcher configs.

Can you check Referrer Filter configuration in /configMgr and the ajax call request-headers? Could you share the request/response screenshot with headers? What do you see in the dispatcher logs for the same request?

Apache Sling Referrer Filter:

If the servlet is invoked externally then make sure the host name of the source system is added to the Allow Hosts section of the Apache Sling Referrer Filter

referrer

Avatar

Level 7

If I check check box for Allow Empty - request is going through fine.

If you do not mind, can you tell me, if I am missing some set up in dispatcher?

as I read "allow empty" should be checked for only testing purposes.

Thanks again for the help.

Avatar

Correct answer by
Level 10

That means the request contains a blank Referrer which is passed to publish server. The dispatcher config is fine as it allows all headers to passthrough - /clientheaders *

Sling Referrer Filter checks if the hostname of the referring page (HTTP header: referer) is the same as the hostname in the HTTP host header. HTTP Referer header is typically set at Load balancer or other proxy servers of your AEM setup. If this is your sandbox, you could use empty header or may setup referer-policy in apache config. It is not recommended to use empty referer in the production environment.