We have a global deny rule on dispatcher
/0001 { /type "deny" /glob "*" }
and have allowed specific POST requests via rules like
{ /type "allow" /url "POST /content/[.]*.form.html" } #Example rule
However, on publishers an autodiscover request is landing
POST /content/mySite/AutoDiscover/autodiscover.xml HTTP/1.1] org.apache.sling.servlets.post.impl.operations.ModifyOperation Unable to create resource named autodiscover.xml in /content/mySite/AutoDiscover
Though we have a allow rule for content tree
{/type "allow" /glob "/content/mySite*" }
Any suggestions on how could this request be
1. Generating
2. Landing on publishers, even after the global deny rule
Solved! Go to Solution.
Views
Replies
Total Likes
Hi @maheshp , The dispatcher filter rule {/type "allow" /glob "/content/mySite*" } allows both POST and GET request , thus the Autodiscovery.xml is getting requested on the publisher. To simple check this you can direct call your website URL from postman with POST call and it will give you 200.
To block the all other call and to only allow the get request to pass through use this filter
{/type "allow" /method "GET" /url"/content/mySite*" }
Hi @maheshp , The dispatcher filter rule {/type "allow" /glob "/content/mySite*" } allows both POST and GET request , thus the Autodiscovery.xml is getting requested on the publisher. To simple check this you can direct call your website URL from postman with POST call and it will give you 200.
To block the all other call and to only allow the get request to pass through use this filter
{/type "allow" /method "GET" /url"/content/mySite*" }