Expand my Community achievements bar.

Enhance your AEM Assets & Boost Your Development: [AEM Gems | June 19, 2024] Improving the Developer Experience with New APIs and Events
SOLVED

Aem Publish - block access to a path

Avatar

Level 4

Good morning,

 

on Publish machines without working on the Dispatchers is it possible to block access to a path both logged in and logged out?

I would like to block the following paths:

 

- /crx/explorer/browser/index.jsp

- /crx/explorer/index.jsp

- /crx/explorer/ui/search.jsp

- /system/sling/info.sessionInfo.txt

- /crx/explorer/ui/namespace_editor.jsp

-/bin/wcm/search/gql.json?query=...

 

Thanks

1 Accepted Solution

Avatar

Correct answer by
Community Advisor

Hi @robertol6836527 have you tried to block the given paths using the Apache Sling Referrer filter configuration? 

example - 

  1. Go to the AEM publish instance's Felix Console (http://<publish-instance-host>:<port>/system/console/configMgr)

  2. Search for "Apache Sling Referrer Filter"

  3. Click on the "Apache Sling Referrer Filter" configuration

  4. In the "Allowed Referrers" field, add the following value: -^(?!.*(crx/explorer/browser/index.jsp)).*$

  5. Click on "Save"

 

View solution in original post

2 Replies

Avatar

Level 7

/crx/explorer is shipped with AEM as part of the jar so it's there is no Sling configuration associated with it. You may need to go to /system/console/bundles, search "Adobe Granite CRX Explorer" and stop the bundle. For other paths, you can go to /system/console/configMgr, search "Apache Sling Authentication Service", for instance, add "-/system/slinginfo.sessionInfo.txt" to the "Authentication Requirements" field, save it. That should be able to stop anonymous access to the path.

Avatar

Correct answer by
Community Advisor

Hi @robertol6836527 have you tried to block the given paths using the Apache Sling Referrer filter configuration? 

example - 

  1. Go to the AEM publish instance's Felix Console (http://<publish-instance-host>:<port>/system/console/configMgr)

  2. Search for "Apache Sling Referrer Filter"

  3. Click on the "Apache Sling Referrer Filter" configuration

  4. In the "Allowed Referrers" field, add the following value: -^(?!.*(crx/explorer/browser/index.jsp)).*$

  5. Click on "Save"