Adobe Experience Manager Sites & More

maheshp · 6/6/22

We have a global deny rule on dispatcher

/0001 { /type "deny" /glob "*" }

and have allowed specific POST requests via rules like

{ /type "allow" /url "POST /content/[.]*.form.html" } #Example rule

However, on publishers an autodiscover request is landing

POST /content/mySite/AutoDiscover/autodiscover.xml HTTP/1.1] org.apache.sling.servlets.post.impl.operations.ModifyOperation Unable to create resource named autodiscover.xml in /content/mySite/AutoDiscover

Though we have a allow rule for content tree

{/type "allow" /glob "/content/mySite*" }

Any suggestions on how could this request be

1. Generating

2. Landing on publishers, even after the global deny rule

bipinchandra92 · 6/6/22

Hi @maheshp , The dispatcher filter rule {/type "allow" /glob "/content/mySite*" } allows both POST and GET request , thus the Autodiscovery.xml is getting requested on the publisher. To simple check this you can direct call your website URL from postman with POST call and it will give you 200.

To block the all other call and to only allow the get request to pass through use this filter

{/type "allow" /method "GET" /url"/content/mySite*" }

View solution in original post

bipinchandra92 · 6/6/22

Hi @maheshp , The dispatcher filter rule {/type "allow" /glob "/content/mySite*" } allows both POST and GET request , thus the Autodiscovery.xml is getting requested on the publisher. To simple check this you can direct call your website URL from postman with POST call and it will give you 200.

To block the all other call and to only allow the get request to pass through use this filter

{/type "allow" /method "GET" /url"/content/mySite*" }

Adobe Experience Manager Sites & More

Dispatcher Configurations for POST request

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe