Expand my Community achievements bar.

Dive into Adobe Summit 2024! Explore curated list of AEM sessions & labs, register, connect with experts, ask questions, engage, and share insights. Don't miss the excitement.
SOLVED

Blacklist and whitelist filters

Avatar

Level 7

Hi , 

from where in AEM i can check Blacklist and whitelist filter setting configurations?

I have checked "AEM web console Sling Health check" and /system/console/configMgr/com.adobe.cq.deserfw.impl.DeserializationFirewallImpl.But i was unable to find desired results in there.

1 Accepted Solution

Avatar

Correct answer by
Community Advisor

I think the settings you are looking for that does not comes by default with general server installation, so you are not able to find it in the configMgr.

Please click on the below links to get some info on it.

https://docs.adobe.com/content/help/en/experience-manager-65/administering/security/mitigating-seria...

hope this will help.

Regards

Umesh Thakur

View solution in original post

5 Replies

Avatar

Community Advisor

Hi @JakeCham,

Not clear on your question but I think may be you're looking for 'Apache Sling Referrer Filter'

Jineet_Vora_0-1601466978919.png


Jineet

Avatar

Employee Advisor

What settings are you looking for? There are a few settings which I would qualify as allow or deny lists.

Avatar

Level 7
i have got vulnerability issue report from one of my client.in there he has provided some links to verify that those links have been blocked properly in black list and white list configurations. i got this project in halfway through so i am looking from where it has been blocked

Avatar

Employee Advisor

Hi,

 

you mention "blocking links", which makes me think of "blocking URLs". So do you want to block some URLs so they are not reachable from the public anymore? That would be a topic for using the dispatcher to block them.

Check https://docs.adobe.com/content/help/en/experience-manager-dispatcher/using/configuring/dispatcher-co... for the official documentation how you can allow or deny access to certain URLs.

Avatar

Correct answer by
Community Advisor

I think the settings you are looking for that does not comes by default with general server installation, so you are not able to find it in the configMgr.

Please click on the below links to get some info on it.

https://docs.adobe.com/content/help/en/experience-manager-65/administering/security/mitigating-seria...

hope this will help.

Regards

Umesh Thakur