Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

Configure AEM Dispatcher to prevent DoS Attacks | AEM Community Blog Seeding

Avatar

Administrator

BlogImage.jpg

Configure AEM Dispatcher to prevent DoS Attacks by Aemrules

Abstract

A denial of service (DoS) attack is an attempt to make a computer resource unavailable to its intended users.

At the dispatcher level, there are two methods of configuring to prevent DoS attacks:

Use the mod_rewrite module (for example, Apache 2.4) to perform URL validations (if the URL pattern rules are not too complex).
Prevent the dispatcher from caching URLs with spurious extensions by using filters. For example, change the caching rules to limit caching to the expected mime types, such as
.html
.jpeg
.gif
.swf
.js
.doc
.pdf
.ppt
.... as per your project requirement.
An example configuration file is given below, for this includes restrictions for mime types.

When configuring Dispatcher you should restrict external access as much as possible. The following example provides example for the minimal access for external visitors, you can refer the default file.

/filter
{
# Deny everything first and then allow specific entries
/0001 { /type "deny" /glob "*" }

# Enable extensions in non-public content directories,
#using a regular expression
/0041
{
/type "allow"
/extension '(css|gif|ico|js|png|swf|jpe?g)'
}

# Enable features # enable personalization
/0062 { /type "allow" /url "/libs/cq/personalization/*" }

# Deny content grabbing, on all accessible pages, using regular expressions
/0081
{
/type "deny"
/selectors '((sys|doc)view|query|[0-9-]+)'
/extension '(json|xml)'
}
# Deny content grabbing for /content and its subtree
/0082
{
/type "deny"
/path "/content/*"
/selectors '(feed|rss|pages|languages|blueprint|infinity|tidy)'
/extension '(json|xml|html)'
}

# allow one-level json requests
# /0087 { /type "allow" /method "GET" /extension 'json' "*.1.json" }
}

Read Full Blog

Configure AEM Dispatcher to prevent DoS Attacks

Q&A

Please use this thread to ask the related questions.

0 Replies