Expand my Community achievements bar.

Adobe Summit 2025: AEM Session Recordings Are Live! Missed a session or want to revisit your favorites? Watch the latest recordings now.
Watch Now!

Mark Solution

This conversation has been locked due to inactivity. Please create a new post.

SOLVED

Aem Publish - block access to a path

Avatar

Level 4
Level 4
1/18/23 10:14:21 AM

Good morning,

 

on Publish machines without working on the Dispatchers is it possible to block access to a path both logged in and logged out?

I would like to block the following paths:

 

- /crx/explorer/browser/index.jsp

- /crx/explorer/index.jsp

- /crx/explorer/ui/search.jsp

- /system/sling/info.sessionInfo.txt

- /crx/explorer/ui/namespace_editor.jsp

-/bin/wcm/search/gql.json?query=...

 

Thanks

Views

1.3K

Replies

2
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Community Advisor
Community Advisor
1/20/23 8:16:24 AM

Hi @robertol6836527 have you tried to block the given paths using the Apache Sling Referrer filter configuration? 

example - 

  1. Go to the AEM publish instance's Felix Console (http://<publish-instance-host>:<port>/system/console/configMgr)

  2. Search for "Apache Sling Referrer Filter"

  3. Click on the "Apache Sling Referrer Filter" configuration

  4. In the "Allowed Referrers" field, add the following value: -^(?!.*(crx/explorer/browser/index.jsp)).*$

  5. Click on "Save"

 

View solution in original post

Views

1.2K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
2 Replies

Avatar

Level 7
Level 7
1/18/23 11:38:16 AM

/crx/explorer is shipped with AEM as part of the jar so it's there is no Sling configuration associated with it. You may need to go to /system/console/bundles, search "Adobe Granite CRX Explorer" and stop the bundle. For other paths, you can go to /system/console/configMgr, search "Apache Sling Authentication Service", for instance, add "-/system/slinginfo.sessionInfo.txt" to the "Authentication Requirements" field, save it. That should be able to stop anonymous access to the path.

Views

1.3K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Correct answer by
Community Advisor
Community Advisor
1/20/23 8:16:24 AM

Hi @robertol6836527 have you tried to block the given paths using the Apache Sling Referrer filter configuration? 

example - 

  1. Go to the AEM publish instance's Felix Console (http://<publish-instance-host>:<port>/system/console/configMgr)

  2. Search for "Apache Sling Referrer Filter"

  3. Click on the "Apache Sling Referrer Filter" configuration

  4. In the "Allowed Referrers" field, add the following value: -^(?!.*(crx/explorer/browser/index.jsp)).*$

  5. Click on "Save"

 

Views

1.2K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
Related Conversations
Issue facing in AEM Workflow Custom Process Step Solved

Views

97

Likes

0

Replies

3
How to setup a local AEMaaCS instance to support SSI Solved

Views

120

Likes

0

Replies

4
What is the recommended way to retrieve content fragment ETag in AEM cloud without using Sites HTTP API?

Views

67

Likes

0

Replies

2
How to enable anchor plug-in for RTE in content fragment?

Views

69

Likes

0

Replies

1
request.getRequestDispatcher("/content/aem/en_us.html").include(request,response) is not working

Views

115

Likes

0

Replies

3