Expand my Community achievements bar.

Don’t miss the AEM Skill Exchange in SF on Nov 14—hear from industry leaders, learn best practices, and enhance your AEM strategy with practical tips.
SOLVED

Dispatcher

Avatar

Level 4

What is the out-of-the-box response of the dispatcher when requesting a URL which is defined as deny in /filter setting of the dispatcher?

A. 400

B. 404

C. 403

1 Accepted Solution

Avatar

Correct answer by
Community Advisor

C. 404

The dispatcher module for Adobe Experience Manager (AEM) uses the /filter setting to define which URLs should be allowed or denied. If a URL is explicitly denied in these settings, the dispatcher returns a 403 (forbiden) as we might think, but really it returns 404 NOT FOUND status code. This is a security measure to prevent access to restricted resources, ensuring that the denied URLs are not accessible by unauthorized users or requests.

Screenshot 2024-06-13 at 12.37.52 AM.png

 

Screenshot 2024-06-13 at 12.32.59 AM.png


Adobe Official Documentation: https://experienceleague.adobe.com/en/docs/experience-manager-dispatcher/using/configuring/dispatche...


--------------------------------


In addition to learning dispatcher:

The best way to determine correct configurations either your AEM project or dispatcher configurations is following Adobe best practices is to check the WKND project on github. Looking at these files exposes best practices for how an AEM website should be built.

For your dispatcher question about 400,403,500,etc... lets take a look at how the WKND project have implemented this, https://github.com/adobe/aem-guides-wknd/blob/main/dispatcher/src/conf.d/available_vhosts/wknd.vhost

 

From here, you can see that they have setup:
ErrorDocument 404 ${404_PAGE}
ErrorDocument 500 ${500_PAGE}
ErrorDocument 502 ${500_PAGE}
ErrorDocument 503 ${500_PAGE}
ErrorDocument 504 ${500_PAGE}

Confused on the variables, it can be found here -> https://github.com/adobe/aem-guides-wknd/blob/main/dispatcher/src/conf.d/variables/custom.vars

In addition to your question about error pages, you must create these error pages on your AEM author and publish these pages, 


View solution in original post

5 Replies

Avatar

Level 6

Hi @bhavigoyal 

B. 404
the /filter defines allowed and denied requests. URL denied by a filter the dispatcher won't process it further, Since the request isn't processed and the content isn't found, a 404 Not Found response is the most appropriate.

Avatar

Level 4

It seems your answer is correct but i think for better explanation below article is suitable which state that if we deny all it gives 404 but for specified area deny it gives 403.

Am I correct??

 

https://github.com/AdobeDocs/experience-manager-dispatcher.en/blob/main/help/using/dispatcher-config...

Avatar

Level 6

right 

if you configure the Dispatcher to deny access to specific areas, requests to those areas will result in a 403 error (forbidden), indicating that access is explicitly denied.
The key is how the /filter rules are defined in the Dispatcher’s configuration.

Avatar

Correct answer by
Community Advisor

C. 404

The dispatcher module for Adobe Experience Manager (AEM) uses the /filter setting to define which URLs should be allowed or denied. If a URL is explicitly denied in these settings, the dispatcher returns a 403 (forbiden) as we might think, but really it returns 404 NOT FOUND status code. This is a security measure to prevent access to restricted resources, ensuring that the denied URLs are not accessible by unauthorized users or requests.

Screenshot 2024-06-13 at 12.37.52 AM.png

 

Screenshot 2024-06-13 at 12.32.59 AM.png


Adobe Official Documentation: https://experienceleague.adobe.com/en/docs/experience-manager-dispatcher/using/configuring/dispatche...


--------------------------------


In addition to learning dispatcher:

The best way to determine correct configurations either your AEM project or dispatcher configurations is following Adobe best practices is to check the WKND project on github. Looking at these files exposes best practices for how an AEM website should be built.

For your dispatcher question about 400,403,500,etc... lets take a look at how the WKND project have implemented this, https://github.com/adobe/aem-guides-wknd/blob/main/dispatcher/src/conf.d/available_vhosts/wknd.vhost

 

From here, you can see that they have setup:
ErrorDocument 404 ${404_PAGE}
ErrorDocument 500 ${500_PAGE}
ErrorDocument 502 ${500_PAGE}
ErrorDocument 503 ${500_PAGE}
ErrorDocument 504 ${500_PAGE}

Confused on the variables, it can be found here -> https://github.com/adobe/aem-guides-wknd/blob/main/dispatcher/src/conf.d/variables/custom.vars

In addition to your question about error pages, you must create these error pages on your AEM author and publish these pages,