AEM site is interacting with external site for some operation. During performance testing external site endpoint is is changed and application is redirected to new endpoint(modified endpoint). I want to restrict this behavior in AEM so that only valid domain/site will be allowed to interact from the AEM site.
I tried 'Apache Sling Referrer Filter' & csrf token and dispatcher token header. Will this solution work? Please advise something that can be controlled through AEM.
Also you can add some filter rules at dispatcher to directly block such requests reaching AEM. The Dispatcher filter can be used to allow or deny external access to specific areas of AEM. To protect our instance we should configure the Dispatcher to restrict external access as far as possible. First we should deny access to all files and then allow/deny access to specific areas. Example