Expand my Community achievements bar.

SOLVED

Aem Publish - block access to a path

Avatar

Level 3
Level 3
‎18-01-2023 10:14 PST

Good morning,

 

on Publish machines without working on the Dispatchers is it possible to block access to a path both logged in and logged out?

I would like to block the following paths:

 

- /crx/explorer/browser/index.jsp

- /crx/explorer/index.jsp

- /crx/explorer/ui/search.jsp

- /system/sling/info.sessionInfo.txt

- /crx/explorer/ui/namespace_editor.jsp

-/bin/wcm/search/gql.json?query=...

 

Thanks

Views

244

Replies

2

Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Community Advisor
Community Advisor
‎20-01-2023 08:16 PST

Hi @robertol6836527 have you tried to block the given paths using the Apache Sling Referrer filter configuration? 

example - 

  1. Go to the AEM publish instance's Felix Console (http://<publish-instance-host>:<port>/system/console/configMgr)

  2. Search for "Apache Sling Referrer Filter"

  3. Click on the "Apache Sling Referrer Filter" configuration

  4. In the "Allowed Referrers" field, add the following value: -^(?!.*(crx/explorer/browser/index.jsp)).*$

  5. Click on "Save"

 

Views

179

Replies

0

Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
2 Replies

Avatar

Level 5
Level 5
‎18-01-2023 11:38 PST

/crx/explorer is shipped with AEM as part of the jar so it's there is no Sling configuration associated with it. You may need to go to /system/console/bundles, search "Adobe Granite CRX Explorer" and stop the bundle. For other paths, you can go to /system/console/configMgr, search "Apache Sling Authentication Service", for instance, add "-/system/slinginfo.sessionInfo.txt" to the "Authentication Requirements" field, save it. That should be able to stop anonymous access to the path.

Views

231

Replies

0

Sign in to like this content

Total Likes

Translate
Translate

Avatar

Correct answer by
Community Advisor
Community Advisor
‎20-01-2023 08:16 PST

Hi @robertol6836527 have you tried to block the given paths using the Apache Sling Referrer filter configuration? 

example - 

  1. Go to the AEM publish instance's Felix Console (http://<publish-instance-host>:<port>/system/console/configMgr)

  2. Search for "Apache Sling Referrer Filter"

  3. Click on the "Apache Sling Referrer Filter" configuration

  4. In the "Allowed Referrers" field, add the following value: -^(?!.*(crx/explorer/browser/index.jsp)).*$

  5. Click on "Save"

 

Views

180

Replies

0

Sign in to like this content

Total Likes

Translate
Translate
Jump to reply