Expand my Community achievements bar.

July 31st AEM Gems Webinar: Elevate your AEM development to master the integration of private GitHub repositories within AEM Cloud Manager.

Dispatcher will not deny content paths

Avatar

Level 1

We have one instance of AEM 6.2 running an external facing website.  We will call it " sitea " external

We are in the process of adding an internal facing site that will be served from the same AEM instance. We will call that site "siteb" internal

We have an external facing webserver and dispatcher configuration as well as an internal webserver and dispatcher configuration

We are trying to deny access to any paths to site b internal on the external dispatcher it is not working.

#/0022 { /type "allow" /url "/content/*" }  # disable this rule to allow mapped content only

/0022 { /type "allow" /url "/content/sitea/*" }  # disable this rule to allow mapped content only

/0023 { /type "allow" /url "/etc/designs/sitea/*"   }

/0024 { /type "allow" /url "/content/dam/sitea/*" }

# Deny access to internal

/0029 { /type "deny" /url "/content/siteb/*" }  # disable this rule to allow mapped content only

/0030 { /type "deny" /url "/etc/designs/siteb/*"   }

Please advise

5 Replies

Avatar

Level 1

What part is not working?  Does sites still serve and siteb as well, or do neither work?  Is there anything in the dispatcher cache for siteb already?

Avatar

Level 1

The problem is Site B and any of its content / assets should NOT be reachable via the external facing webserver / dispatcher instance.

I placed deny filters in the dispatcher conf, but I am still able to get to resources of site b.

I commented dispatcher cache to isolate the issue and cleared cache.

Avatar

Level 1

Check dispatcher.log to see what farm it is being served from.  It would say something like this:

Found farm siteb for siteb.company.com

It is possible it is getting through using another farm definition.  I have seen invalidation_only serve content when it should not.

Avatar

Level 1

We have two separate webservers.  One exposed to the internet with references for "sitea" only.  There is only one farm on that server and in the dispatcher configuration we are trying to deny access to /siteb path.  This is something that should be a simple deny rule but is not working.

We have an internal facing webserver with siteb configuration only, that is not exposed to the public.

The dispatcher is reacting to other changes, but not the deny rules.

Avatar

Level 1

I would still say double check the dispatcher logs to see what messaging you get when you hit it.  Set debugging for a few, hit the path for siteb through sitea url and see if there is any messaging on the path.  You might also try changing your deny from url to glob to see if that will block it.