AEM Perf testing | CSRF token issue

Avatar

Avatar
Validate 1
Level 1
pradeepd1320668
Level 1

Likes

2 likes

Total Posts

30 posts

Correct reply

0 solutions
Top badges earned
Validate 1
Ignite 1
Give Back
Boost 1
View profile

Avatar
Validate 1
Level 1
pradeepd1320668
Level 1

Likes

2 likes

Total Posts

30 posts

Correct reply

0 solutions
Top badges earned
Validate 1
Ignite 1
Give Back
Boost 1
View profile
pradeepd1320668
Level 1

21-08-2020

Hi All,

 

AEM site is interacting with external site for some operation. During performance testing external site endpoint is is changed and application is redirected to new endpoint(modified endpoint). I want to restrict this behavior in AEM so that only valid domain/site will be allowed to interact from the AEM site.

I tried 'Apache Sling Referrer Filter' & csrf token and dispatcher token header. Will this solution work? Please advise something that can be controlled through AEM.

 

Which will be best and recommended approach?

 

Thanks,

Pradeep

Accepted Solutions (1)

Accepted Solutions (1)

Avatar

Avatar
Give Back 5
Employee
vanegi
Employee

Likes

392 likes

Total Posts

378 posts

Correct reply

148 solutions
Top badges earned
Give Back 5
Give Back 3
Give Back 10
Give Back
Boost 50
View profile

Avatar
Give Back 5
Employee
vanegi
Employee

Likes

392 likes

Total Posts

378 posts

Correct reply

148 solutions
Top badges earned
Give Back 5
Give Back 3
Give Back 10
Give Back
Boost 50
View profile
vanegi
Employee

21-08-2020

Hi @pradeepd1320668,

You are following the correct recommendation to restrict access to only allow valid endpoints. Configuring Apache sling referrer filter would help here, see this https://docs.adobe.com/content/help/en/experience-manager-65/administering/security/security-checkli...for more details.

 

Also you can add some filter rules at dispatcher to directly block such requests reaching AEM. The Dispatcher filter can be used to allow or deny external access to specific areas of AEM. To protect our instance we should configure the Dispatcher to restrict external access as far as possible. First we should deny access to all files and then allow/deny access to specific areas. Example

/filter {
/0001 { /glob "*" /type "deny" }
/0002 { /type "allow" /url "/libs/cq/workflow/content/console*" }
/0003 { /type "deny" /url "/libs/cq/workflow/content/console/archive*" }
}
 
 
Thanks!!

Answers (0)