Expand my Community achievements bar.

SOLVED

Aem Publish - block access to a path

Avatar

Level 4
Level 4
1/18/23 10:14:21 AM

Good morning,

 

on Publish machines without working on the Dispatchers is it possible to block access to a path both logged in and logged out?

I would like to block the following paths:

 

- /crx/explorer/browser/index.jsp

- /crx/explorer/index.jsp

- /crx/explorer/ui/search.jsp

- /system/sling/info.sessionInfo.txt

- /crx/explorer/ui/namespace_editor.jsp

-/bin/wcm/search/gql.json?query=...

 

Thanks

Views

1.1K

Replies

2
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Community Advisor
Community Advisor
1/20/23 8:16:24 AM

Hi @robertol6836527 have you tried to block the given paths using the Apache Sling Referrer filter configuration? 

example - 

  1. Go to the AEM publish instance's Felix Console (http://<publish-instance-host>:<port>/system/console/configMgr)

  2. Search for "Apache Sling Referrer Filter"

  3. Click on the "Apache Sling Referrer Filter" configuration

  4. In the "Allowed Referrers" field, add the following value: -^(?!.*(crx/explorer/browser/index.jsp)).*$

  5. Click on "Save"

 

View solution in original post

Views

1.0K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
2 Replies

Avatar

Level 7
Level 7
1/18/23 11:38:16 AM

/crx/explorer is shipped with AEM as part of the jar so it's there is no Sling configuration associated with it. You may need to go to /system/console/bundles, search "Adobe Granite CRX Explorer" and stop the bundle. For other paths, you can go to /system/console/configMgr, search "Apache Sling Authentication Service", for instance, add "-/system/slinginfo.sessionInfo.txt" to the "Authentication Requirements" field, save it. That should be able to stop anonymous access to the path.

Views

1.1K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Correct answer by
Community Advisor
Community Advisor
1/20/23 8:16:24 AM

Hi @robertol6836527 have you tried to block the given paths using the Apache Sling Referrer filter configuration? 

example - 

  1. Go to the AEM publish instance's Felix Console (http://<publish-instance-host>:<port>/system/console/configMgr)

  2. Search for "Apache Sling Referrer Filter"

  3. Click on the "Apache Sling Referrer Filter" configuration

  4. In the "Allowed Referrers" field, add the following value: -^(?!.*(crx/explorer/browser/index.jsp)).*$

  5. Click on "Save"

 

Views

1.0K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
Related Conversations
Obsolete Ciphers And TLS signature - Secure AEM against various SSL / TLS vulnerabilities

Views

58

Likes

0

Replies

1
How to reuse multiple component when building new one

Views

70

Likes

0

Replies

2
jcr:uuid not being generated for pages in AEM Cloud

Views

109

Likes

0

Replies

3
How to Accessing particular rendition of an Image uplaoded in aem dam using graphql

Views

109

Likes

0

Replies

2
RabbitMQ 5.6 and above conflict with AEM 6.5.21 version jar packages

Views

98

Likes

0

Replies

1