Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

SOLVED

AMS dispatcher returning 403 without "user-agent" header

raviranjan
Level 2
Level 2

When AEM servlet APIs are being called  AEM dispatcher returns 403 forbidden error without delegating the request to AEM server. But when I am making the calling by passing "user-agent" header in request . I am getting successful response. Without "user-agent" header dispatcher is not allowing the request. This is happening for all types of request "GET,POST,PUT, DELETE". I am suspecting due to some configuration in dispatcher request are getting invalidated. Can anyone help me with this issue?

1 Accepted Solution
Arun_Patidar
Correct answer by
Community Advisor
Community Advisor

Hi,

Yes it is possibel that request are blocked from dispatcher to avoid bot. But before you investigate check with Adobe or whoever manages the httpd or dispatcher configuration.

View solution in original post

4 Replies
Asutosh_Jena_
Community Advisor
Community Advisor

Hi @raviranjan 

 

Out of the box, AEM denies all server names or hosts to make HTTP request to the respective running AEM publish/author instance. During a HTTP request made to the AEM publish/author, AEM checks the Referrer header configuration. If the referrer configured to allow the host(s), then AEM will full-fill the request, and if not, the AEM “referrer not allowed” error message will be shown.

 

OSGi Config: org.apache.sling.security.impl.ReferrerFilter

 

So we need to enable the header in the dispatcher and pass it along with all request.

https://experienceleague.adobe.com/docs/experience-manager-dispatcher/using/configuring/dispatcher-c...

 

Thanks!

raviranjan
Level 2
Level 2

Hy @Asutosh_Jena_ 

Referer filter configuration is properly configured. As in when I Bypass the dispatcher and hit the AEM server api url directly I get the 200 response  successfully. But while hitting the url via dispatcher layer. I get this 403 as response until I pass user-agent as request header . Also the header is enabled in dispatcher as mentioned in the document.

 

raviranjan_0-1638783052313.png

 

Arun_Patidar
Correct answer by
Community Advisor
Community Advisor

Hi,

Yes it is possibel that request are blocked from dispatcher to avoid bot. But before you investigate check with Adobe or whoever manages the httpd or dispatcher configuration.