Hi -
I am trying to restrict system/console url in the publisher by applying the filter in the dispatcher something as below
/0001 { /type "deny" /glob "*" }
/0204 { /type "deny" /url "/system/*" }
But still, I am getting 500 error instead of the 404. Anybody have any idea what I am missing?
Solved! Go to Solution.
Views
Replies
Total Likes
Ideally the deny everything rule should work. Below is a sample filters.any which works fine to deny access to any request to /system/*.
# Deny everything first and then allow specific entries
/0001 { /type "deny" /glob "*" }
# Open consoles
# /0011 { /type "allow" /url "/admin/*" } # allow servlet engine admin
# /0012 { /type "allow" /url "/crx/*" } # allow content repository
# /0013 { /type "allow" /url "/system/*" } # allow OSGi console
# Allow non-public content directories
# /0021 { /type "allow" /url "/apps/*" } # allow apps access
# /0022 { /type "allow" /url "/bin/*" }
/0023 { /type "allow" /url "/content*" } # disable this rule to allow mapped content only
# /0024 { /type "allow" /url "/libs/*" }
# /0025 { /type "deny" /url "/libs/shindig/proxy*" } # if you enable /libs close access to proxy
# /0026 { /type "allow" /url "/home/*" }
# /0027 { /type "allow" /url "/tmp/*" }
# /0028 { /type "allow" /url "/var/*" }
# Enable extensions in non-public content directories, using a regular expression
/0041
{
/type "allow"
/extension '(clientlibs|css|gif|ico|js|png|swf|jpe?g|woff2?|ttf|txt)'
}
# Enable features
/0062 { /type "allow" /url "/libs/cq/personalization/*" } # enable personalization
#CSRF Token:
/0088 { /type "allow" /path "/libs/granite/csrf/token" /method "GET" /extension "json" }
/0099 { /type "allow" /path "/libs/dam/viewers/*" /method "GET"}
Also in rewrite .conf add the path of 404 page like below
ErrorDocument 404 ${AEM_CONTENT_ROOT_PATH}/error/404.html
ErrorDocument 500 ${AEM_CONTENT_ROOT_PATH}/error/500.html
Views
Replies
Total Likes
Check if you can access the same url on publish directly w/o any error?
Could you share your dispatcher.any filter section?
Views
Replies
Total Likes
Higauravb41175071 -
I tried to access publish domain with system/console and it is giving 500 error. Ideal case it should return 404.
Here is the content of the filter section file(please see highlighted below:
/0200 { /type "allow" /method "GET" /url "/bin/external*" }
/0201 { /type "allow" /url "/etc/designs/*" }
/0202 { /type "allow" /url "/etc/dam/*" }
/0203 { /type "allow" /url "/content/*" }
/0204 { /type "deny" /url "/system/*" }
/0205 { /type "allow" /url "/useradmin/*" }
/0206 { /type "allow" /url "/crx/*" }
/0207 { /type "allow" /url "/lib/*" }
/0208 { /type "allow" /url "/bin/*" }
/0209 { /type "allow" /url "/dotcom/*" }
/0210 { /type "allow" /url "/etc/acs-commons/lists*" }
/0212 { /type "allow" /method "POST" /url "/lp/*"}
/0213 { /type "allow" /url "/system/sling/logout*"}
/0214 { /type "allow" /url "/etc.clientlibs/*" }
/0215 { /type "allow" /url "/libs/granite/csrf/token.json" }
/0217 {/type "allow" /url "/apps/onup/counter/external*"}
/0220 { /type "allow" /url "/etc/cloudsettings*" }
/0221 { /type "allow" /url "/etc/segmentation*" }
Views
Replies
Total Likes
Ideally the deny everything rule should work. Below is a sample filters.any which works fine to deny access to any request to /system/*.
# Deny everything first and then allow specific entries
/0001 { /type "deny" /glob "*" }
# Open consoles
# /0011 { /type "allow" /url "/admin/*" } # allow servlet engine admin
# /0012 { /type "allow" /url "/crx/*" } # allow content repository
# /0013 { /type "allow" /url "/system/*" } # allow OSGi console
# Allow non-public content directories
# /0021 { /type "allow" /url "/apps/*" } # allow apps access
# /0022 { /type "allow" /url "/bin/*" }
/0023 { /type "allow" /url "/content*" } # disable this rule to allow mapped content only
# /0024 { /type "allow" /url "/libs/*" }
# /0025 { /type "deny" /url "/libs/shindig/proxy*" } # if you enable /libs close access to proxy
# /0026 { /type "allow" /url "/home/*" }
# /0027 { /type "allow" /url "/tmp/*" }
# /0028 { /type "allow" /url "/var/*" }
# Enable extensions in non-public content directories, using a regular expression
/0041
{
/type "allow"
/extension '(clientlibs|css|gif|ico|js|png|swf|jpe?g|woff2?|ttf|txt)'
}
# Enable features
/0062 { /type "allow" /url "/libs/cq/personalization/*" } # enable personalization
#CSRF Token:
/0088 { /type "allow" /path "/libs/granite/csrf/token" /method "GET" /extension "json" }
/0099 { /type "allow" /path "/libs/dam/viewers/*" /method "GET"}
Also in rewrite .conf add the path of 404 page like below
ErrorDocument 404 ${AEM_CONTENT_ROOT_PATH}/error/404.html
ErrorDocument 500 ${AEM_CONTENT_ROOT_PATH}/error/500.html
Views
Replies
Total Likes
Views
Likes
Replies
Views
Likes
Replies
Views
Likes
Replies