Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

Adobe Summit 2023 [19th to 23rd March, Las Vegas and Virtual] | Complete AEM Session & Lab list
SOLVED

Enable /bin/querybuilder on Publishing instance

Avatar

Level 4

hi,

 

just for a test we would like to enable querybuilder  on cloud sandbox publishing instance.

We tried changing filters.any 

Added 2 rules

 

$include "./default_filters.any"

 

/0100 { /type "allow" /path "*/bin/querybuilder*" /selectors "*" /extension "*" }

 

# allow non-public content directories if this isn't a production environment by uncommenting the next few lines
/0304 { /type "allow" /url "/apps/*" }
/0305 { /type "allow" /url "/bin/*" }

 

but no rule is allowing us to access /bin/querybuilder.json on publishing instance, we get "not found"

 

 

Thanks

1 Accepted Solution

Avatar

Correct answer by
Level 4

This is resolved by running proper pipeline (with unchecked Ignore Web Tier Configuration).

Rules that were used (I guess only 0100 would be enough)

 

/0100 { /type "allow" /url "/bin/querybuilder.json"}

/0304 { /type "allow" /url "/apps/*" }
/0305 { /type "allow" /url "/bin/*" }

7 Replies

Avatar

Community Advisor

Hi,

 

Are you trying to access from dispatcher or publisher instance ? Try checking directly from publish instance with ip and also check whether /bin is added under below configuration

 

Apache Sling Servlet/Script Resolver and Error Handler

Avatar

Level 4

hi,

 

I'm trying to access on publisher instance.

I'll check Apache Sling Servlet/Script Resolver and Error Handler

 

 

 

Avatar

Level 4

Checked config on publishing, looks good.


This id from dispatcher log:
"GET /bin/querybuilder.json" -0ms [publishfarm/-] [actionblocked]


Getting Fastly error when trying using IP.

 

Is there any way to enable debug log on dispatcher ?

 

Config:
scriptServiceUserMapped.target: "(|(subServiceName=scripts)(!(subServiceName=*)))"
servletContext.target: "(name=org.apache.sling)"
servletresolver.cacheSize: 1000
servletresolver.defaultExtensions:
- "html"
servletresolver.mountProviders: false
servletresolver.paths:
- "/bin/"
- "/libs/"
- "/apps/"
- "/system/"
- "/index.servlet"
- "/login.servlet"
- "/services/"
- "/etc/commerce/searchpromote/feed/deleted.servlet"
- "/graphql/"
servletresolver.servletRoot: -1

Avatar

Community Advisor

 Yes, you can enable the debug logging for dispatcher. Change the value of the DISP_LOG_LEVEL to Debug in global.vars file located under conf.d/variables and run the deployment. 

 

Define DISP_LOG_LEVEL Debug

 

Avatar

Community Advisor

Default dispatcher files should not be edited in Cloud Service, and default_filters.any is one of them. Instead, you can add those rules to the filters.any file and test the querybuilder in non-production instances.

 

In case you've not noticed, there is a text block like the one below mentioned in the default filters.any file at the top of it.


#
# This is the default filter ACL specifying what requests are handled by the dispatcher.
#
# DO NOT EDIT this file, your changes will have no impact on your deployment.
#
# Instead modify filters.any.
#

But the comment mentioned in the default_filters.any for allowing /bin and /apps for non-production instances is confusing. At least, it should say, "add these rules in the filters.any file to allow non-public content directories if this isn't a production environment".

# allow non-public content directories if this isn't a production environment by uncommenting the next few lines
# /004 { /type "allow" /url "/apps/*" } # allow apps access
# /005 { /type "allow" /url "/bin/*" } # allow bin path access

 

Avatar

Correct answer by
Level 4

This is resolved by running proper pipeline (with unchecked Ignore Web Tier Configuration).

Rules that were used (I guess only 0100 would be enough)

 

/0100 { /type "allow" /url "/bin/querybuilder.json"}

/0304 { /type "allow" /url "/apps/*" }
/0305 { /type "allow" /url "/bin/*" }