Adobe Experience Manager Sites & More

saik8550271 · 3/11/19

Hi -

I am trying to restrict system/console url in the publisher by applying the filter in the dispatcher something as below

/0001 { /type "deny" /glob "*" }

/0204 { /type "deny" /url "/system/*" }

But still, I am getting 500 error instead of the 404. Anybody have any idea what I am missing?

Ashish_Ranjan1 · 3/12/19

Ideally the deny everything rule should work. Below is a sample filters.any which works fine to deny access to any request to /system/*.

# Deny everything first and then allow specific entries

/0001 { /type "deny" /glob "*" }

# Open consoles

# /0011 { /type "allow" /url "/admin/*" } # allow servlet engine admin

# /0012 { /type "allow" /url "/crx/*" } # allow content repository

# /0013 { /type "allow" /url "/system/*" } # allow OSGi console

# Allow non-public content directories

# /0021 { /type "allow" /url "/apps/*" } # allow apps access

# /0022 { /type "allow" /url "/bin/*" }

/0023 { /type "allow" /url "/content*" } # disable this rule to allow mapped content only

# /0024 { /type "allow" /url "/libs/*" }

# /0025 { /type "deny" /url "/libs/shindig/proxy*" } # if you enable /libs close access to proxy

# /0026 { /type "allow" /url "/home/*" }

# /0027 { /type "allow" /url "/tmp/*" }

# /0028 { /type "allow" /url "/var/*" }

# Enable extensions in non-public content directories, using a regular expression

/0041

{

/type "allow"

/extension '(clientlibs|css|gif|ico|js|png|swf|jpe?g|woff2?|ttf|txt)'

}

# Enable features

/0062 { /type "allow" /url "/libs/cq/personalization/*" } # enable personalization

#CSRF Token:

/0088 { /type "allow" /path "/libs/granite/csrf/token" /method "GET" /extension "json" }

/0099 { /type "allow" /path "/libs/dam/viewers/*" /method "GET"}

Also in rewrite .conf add the path of 404 page like below

ErrorDocument 404 ${AEM_CONTENT_ROOT_PATH}/error/404.html

ErrorDocument 500 ${AEM_CONTENT_ROOT_PATH}/error/500.html

View solution in original post

Gaurav-Behl · 3/11/19

Check if you can access the same url on publish directly w/o any error?

Could you share your dispatcher.any filter section?

saik8550271 · 3/11/19

Higauravb41175071 -

I tried to access publish domain with system/console and it is giving 500 error. Ideal case it should return 404.

Here is the content of the filter section file(please see highlighted below:

/0200 { /type "allow" /method "GET" /url "/bin/external*" }

/0201 { /type "allow" /url "/etc/designs/*" }

/0202 { /type "allow" /url "/etc/dam/*" }

/0203 { /type "allow" /url "/content/*" }

/0204 { /type "deny" /url "/system/*" }

/0205 { /type "allow" /url "/useradmin/*" }

/0206 { /type "allow" /url "/crx/*" }

/0207 { /type "allow" /url "/lib/*" }

/0208 { /type "allow" /url "/bin/*" }

/0209 { /type "allow" /url "/dotcom/*" }

/0210 { /type "allow" /url "/etc/acs-commons/lists*" }

/0212 { /type "allow" /method "POST" /url "/lp/*"}

/0213 { /type "allow" /url "/system/sling/logout*"}

/0214 { /type "allow" /url "/etc.clientlibs/*" }

/0215 { /type "allow" /url "/libs/granite/csrf/token.json" }

/0217 {/type "allow" /url "/apps/onup/counter/external*"}

/0220 { /type "allow" /url "/etc/cloudsettings*" }

/0221 { /type "allow" /url "/etc/segmentation*" }

Ashish_Ranjan1 · 3/12/19

Ideally the deny everything rule should work. Below is a sample filters.any which works fine to deny access to any request to /system/*.

# Deny everything first and then allow specific entries

/0001 { /type "deny" /glob "*" }

# Open consoles

# /0011 { /type "allow" /url "/admin/*" } # allow servlet engine admin

# /0012 { /type "allow" /url "/crx/*" } # allow content repository

# /0013 { /type "allow" /url "/system/*" } # allow OSGi console

# Allow non-public content directories

# /0021 { /type "allow" /url "/apps/*" } # allow apps access

# /0022 { /type "allow" /url "/bin/*" }

/0023 { /type "allow" /url "/content*" } # disable this rule to allow mapped content only

# /0024 { /type "allow" /url "/libs/*" }

# /0025 { /type "deny" /url "/libs/shindig/proxy*" } # if you enable /libs close access to proxy

# /0026 { /type "allow" /url "/home/*" }

# /0027 { /type "allow" /url "/tmp/*" }

# /0028 { /type "allow" /url "/var/*" }

# Enable extensions in non-public content directories, using a regular expression

/0041

{

/type "allow"

/extension '(clientlibs|css|gif|ico|js|png|swf|jpe?g|woff2?|ttf|txt)'

}

# Enable features

/0062 { /type "allow" /url "/libs/cq/personalization/*" } # enable personalization

#CSRF Token:

/0088 { /type "allow" /path "/libs/granite/csrf/token" /method "GET" /extension "json" }

/0099 { /type "allow" /path "/libs/dam/viewers/*" /method "GET"}

Also in rewrite .conf add the path of 404 page like below

ErrorDocument 404 ${AEM_CONTENT_ROOT_PATH}/error/404.html

ErrorDocument 500 ${AEM_CONTENT_ROOT_PATH}/error/500.html

Adobe Experience Manager Sites & More

Dispatcher- publisher System/console is giving 500 error.

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe