Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
BedrockMission!

Learn More

View all

Sign in to view all badges

Are there any /bin/* urls that are at security risk in AEM?

Avatar

Avatar
Validate 1
Level 2
yogeshVaidya
Level 2

Likes

6 likes

Total Posts

16 posts

Correct Reply

0 solutions
Top badges earned
Validate 1
Boost 5
Boost 3
Boost 1
Applaud 5
View profile

Avatar
Validate 1
Level 2
yogeshVaidya
Level 2

Likes

6 likes

Total Posts

16 posts

Correct Reply

0 solutions
Top badges earned
Validate 1
Boost 5
Boost 3
Boost 1
Applaud 5
View profile
yogeshVaidya
Level 2

09-07-2019

I am allowing all of the URLs starting with /bin in my dispatcher setup. I am also using various servlets with different extensions (.txt, .xml). I found out that my dispatcher is exposing querybuilder's .json URL.  I have followed the dispatcher security checklist but it doesn't have the /bin/* URLs in the checklist. I am looking for a recommended approach for blocking /bin/* URLs.

View Entire Topic

Avatar

Avatar
Give Back 5
Level 3
anujg3325839
Level 3

Likes

27 likes

Total Posts

26 posts

Correct Reply

8 solutions
Top badges earned
Give Back 5
Give Back 3
Give Back
Boost 5
Boost 3
View profile

Avatar
Give Back 5
Level 3
anujg3325839
Level 3

Likes

27 likes

Total Posts

26 posts

Correct Reply

8 solutions
Top badges earned
Give Back 5
Give Back 3
Give Back
Boost 5
Boost 3
View profile
anujg3325839
Level 3

09-07-2019

Hi

The /bin folder is an empty one, and it does not contain any node default from AEM. It is given for the custom development just in case some developer wants to use it for there servlet. hence no security issue from default AEM perspective. But if you are planning to use it and add some stuff in it for internal use, you can block it on the dispatcher. else you can leave it as it does not contain anything.

Thx, Anuj