Adobe Experience Manager Sites & More

Raja-kp · 9/21/21

Hi All - We are using OWASP ZAP open source tool to find the vulnerability in the websites and the result doesn't show the paths supposed to be blocked from dispatcher side [0]. When we were in AMS platform - Adobe CSE used to perform the security vulnerability scan on a monthly basis and shares the paths should be blocked from dispatcher like [0] if they find anything.

Can you please suggest a tool that tells what are all the paths supposed to be blocked from dispatcher side (to improve the security of the website)

[0]

/content.json
/content.1.json
/content.infinity.json
/content.xml
/content.1.xml
/content.feed.xml

Regards,

Raja

Kishore_Kumar_ · 9/21/21

Hi @Raja-kp ,

You can prepare the custom script like mentioned below and validate ,it none of the urls should return 200.

https://hashimkhan.in/2018/03/13/tool-for-dispatcher-security/

View solution in original post

Kishore_Kumar_ · 9/21/21

Hi @Raja-kp ,

You can prepare the custom script like mentioned below and validate ,it none of the urls should return 200.

https://hashimkhan.in/2018/03/13/tool-for-dispatcher-security/

Raja-kp · 9/21/21

Thanks @Kishore_Kumar_ - we will check this.

manpreetk908 · 9/21/21

Hi @Raja-kp,

You can refer the Adobe documentation https://experienceleague.adobe.com/docs/experience-manager-dispatcher/using/configuring/dispatcher-c... which lists the paths which should be blocked from dispatcher.

Hope it helps!

Regards,

Manpreet

Raja-kp · 9/21/21

Thanks for your response - we have already blocked all the paths mentioned in above mentioned Adobe document, but still we have to run the security scan every quarter to identify the vulnerabilities in AEM.

Adobe Experience Manager Sites & More

AEM Security vulnerability scan

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe