Expand my Community achievements bar.

Applications for the 2024-2025 Adobe Experience Manager Champion Program are open!
SOLVED

AMS dispatcher returning 403 without "user-agent" header

Avatar

Level 2

When AEM servlet APIs are being called  AEM dispatcher returns 403 forbidden error without delegating the request to AEM server. But when I am making the calling by passing "user-agent" header in request . I am getting successful response. Without "user-agent" header dispatcher is not allowing the request. This is happening for all types of request "GET,POST,PUT, DELETE". I am suspecting due to some configuration in dispatcher request are getting invalidated. Can anyone help me with this issue?

1 Accepted Solution

Avatar

Correct answer by
Community Advisor

Hi,

Yes it is possibel that request are blocked from dispatcher to avoid bot. But before you investigate check with Adobe or whoever manages the httpd or dispatcher configuration.



Arun Patidar

View solution in original post

5 Replies

Avatar

Community Advisor

Hi @raviranjan 

 

Out of the box, AEM denies all server names or hosts to make HTTP request to the respective running AEM publish/author instance. During a HTTP request made to the AEM publish/author, AEM checks the Referrer header configuration. If the referrer configured to allow the host(s), then AEM will full-fill the request, and if not, the AEM “referrer not allowed” error message will be shown.

 

OSGi Config: org.apache.sling.security.impl.ReferrerFilter

 

So we need to enable the header in the dispatcher and pass it along with all request.

https://experienceleague.adobe.com/docs/experience-manager-dispatcher/using/configuring/dispatcher-c...

 

Thanks!

Avatar

Level 2

Hy @Asutosh_Jena_ 

Referer filter configuration is properly configured. As in when I Bypass the dispatcher and hit the AEM server api url directly I get the 200 response  successfully. But while hitting the url via dispatcher layer. I get this 403 as response until I pass user-agent as request header . Also the header is enabled in dispatcher as mentioned in the document.

 

raviranjan_0-1638783052313.png

 

Avatar

Correct answer by
Community Advisor

Hi,

Yes it is possibel that request are blocked from dispatcher to avoid bot. But before you investigate check with Adobe or whoever manages the httpd or dispatcher configuration.



Arun Patidar

Avatar

Level 3

In order to fix this add the below lines in your virtual host file or rewrite.rules file

 

RewriteEngine On
RewriteCond %{REQUEST_METHOD} OPTIONS
RewriteRule ^(.*)$ $1 [R=200,L]