Expand my Community achievements bar.

SOLVED

AEM Dispatcher Cross Domain Injection issue

Avatar

Level 2

Hi All,

 

We have recently encountered an issue with cross domain injection as we are managing multiple sites in dispatcher for multiple site content paths

Example:-

/content/site1/en-us/en.html
/content/site2/en-us/en.html

 

1) When a user is trying to access the site with www.example.com/content/site1/en-us/en.html this will become as shortened URL as we will implement masking rules and other required rules in rewrite section of the site1 and the URL will become like www.example.com/en.html and page en.html with be served from publisher path /content/site1/en-us/en.html

2) Same with the case www.example1.com/en.html will be served from publisher path /content/site2/en-us/en.html

3) When the same user is trying to access the site with www.example.com/content/site2/en-us/en.html . User is able to access the page en.html of site2 from site1 (i.e. from /content/site2/en-us/en.html )

 

i.e. Entire content of one site is accessible with another domain

 

Fix:

Added last 3 lines in the rewrite section of site1 to only allow the content of its own site and block others.

 

RewriteCond %{HTTP:X-Forwarded-Proto} https
RewriteCond %{REQUEST_URI} !^/apps
RewriteCond %{REQUEST_URI} !^/services
RewriteCond %{REQUEST_URI} !^/content
RewriteCond %{REQUEST_URI} !^/etc
RewriteCond %{REQUEST_URI} !^/home
RewriteCond %{REQUEST_URI} !^/libs
RewriteCond %{REQUEST_URI} !^/bin
RewriteCond %{REQUEST_URI} !^/tmp
RewriteCond %{REQUEST_URI} !^/var
RewriteRule ^/(.*)$ /content/site1/en-us/$1 [NC,PT,L]

 

 

 

RewriteCond %{REQUEST_URI} ^/content   
RewriteCond %{REQUEST_URI} !^/content/dam
RewriteRule ^ !/content/site1/$ [R=404,NC,L]

 



In case if we are using the same DNS to access multiple content paths, paths needs to be allowed  in above rules. 

1 Accepted Solution

Avatar

Correct answer by
Level 2

Adding above 3 lines fixed the issue

View solution in original post

1 Reply

Avatar

Correct answer by
Level 2

Adding above 3 lines fixed the issue