Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

SOLVED

AEM Dispatcher Cross Domain Injection issue

Avatar

Level 2

Hi All,

 

We have recently encountered an issue with cross domain injection as we are managing multiple sites in dispatcher for multiple site content paths

Example:-

/content/site1/en-us/en.html
/content/site2/en-us/en.html

 

1) When a user is trying to access the site with www.example.com/content/site1/en-us/en.html this will become as shortened URL as we will implement masking rules and other required rules in rewrite section of the site1 and the URL will become like www.example.com/en.html and page en.html with be served from publisher path /content/site1/en-us/en.html

2) Same with the case www.example1.com/en.html will be served from publisher path /content/site2/en-us/en.html

3) When the same user is trying to access the site with www.example.com/content/site2/en-us/en.html . User is able to access the page en.html of site2 from site1 (i.e. from /content/site2/en-us/en.html )

 

i.e. Entire content of one site is accessible with another domain

 

Fix:

Added last 3 lines in the rewrite section of site1 to only allow the content of its own site and block others.

 

RewriteCond %{HTTP:X-Forwarded-Proto} https
RewriteCond %{REQUEST_URI} !^/apps
RewriteCond %{REQUEST_URI} !^/services
RewriteCond %{REQUEST_URI} !^/content
RewriteCond %{REQUEST_URI} !^/etc
RewriteCond %{REQUEST_URI} !^/home
RewriteCond %{REQUEST_URI} !^/libs
RewriteCond %{REQUEST_URI} !^/bin
RewriteCond %{REQUEST_URI} !^/tmp
RewriteCond %{REQUEST_URI} !^/var
RewriteRule ^/(.*)$ /content/site1/en-us/$1 [NC,PT,L]

 

 

 

RewriteCond %{REQUEST_URI} ^/content   
RewriteCond %{REQUEST_URI} !^/content/dam
RewriteRule ^ !/content/site1/$ [R=404,NC,L]

 



In case if we are using the same DNS to access multiple content paths, paths needs to be allowed  in above rules. 

1 Accepted Solution

Avatar

Correct answer by
Level 2

Adding above 3 lines fixed the issue

View solution in original post

1 Reply

Avatar

Correct answer by
Level 2

Adding above 3 lines fixed the issue