Expand my Community achievements bar.

Guidelines for the Responsible Use of Generative AI in the Experience Cloud Community.
SOLVED

Enable /bin/querybuilder on Publishing instance

Avatar

Level 5

hi,

 

just for a test we would like to enable querybuilder  on cloud sandbox publishing instance.

We tried changing filters.any 

Added 2 rules

 

$include "./default_filters.any"

 

/0100 { /type "allow" /path "*/bin/querybuilder*" /selectors "*" /extension "*" }

 

# allow non-public content directories if this isn't a production environment by uncommenting the next few lines
/0304 { /type "allow" /url "/apps/*" }
/0305 { /type "allow" /url "/bin/*" }

 

but no rule is allowing us to access /bin/querybuilder.json on publishing instance, we get "not found"

 

 

Thanks

1 Accepted Solution

Avatar

Correct answer by
Level 5

This is resolved by running proper pipeline (with unchecked Ignore Web Tier Configuration).

Rules that were used (I guess only 0100 would be enough)

 

/0100 { /type "allow" /url "/bin/querybuilder.json"}

/0304 { /type "allow" /url "/apps/*" }
/0305 { /type "allow" /url "/bin/*" }

View solution in original post

7 Replies

Avatar

Community Advisor

Hi,

 

Are you trying to access from dispatcher or publisher instance ? Try checking directly from publish instance with ip and also check whether /bin is added under below configuration

 

Apache Sling Servlet/Script Resolver and Error Handler

Avatar

Level 5

hi,

 

I'm trying to access on publisher instance.

I'll check Apache Sling Servlet/Script Resolver and Error Handler

 

 

 

Avatar

Level 5

Checked config on publishing, looks good.


This id from dispatcher log:
"GET /bin/querybuilder.json" -0ms [publishfarm/-] [actionblocked]


Getting Fastly error when trying using IP.

 

Is there any way to enable debug log on dispatcher ?

 

Config:
scriptServiceUserMapped.target: "(|(subServiceName=scripts)(!(subServiceName=*)))"
servletContext.target: "(name=org.apache.sling)"
servletresolver.cacheSize: 1000
servletresolver.defaultExtensions:
- "html"
servletresolver.mountProviders: false
servletresolver.paths:
- "/bin/"
- "/libs/"
- "/apps/"
- "/system/"
- "/index.servlet"
- "/login.servlet"
- "/services/"
- "/etc/commerce/searchpromote/feed/deleted.servlet"
- "/graphql/"
servletresolver.servletRoot: -1

Avatar

Community Advisor

 Yes, you can enable the debug logging for dispatcher. Change the value of the DISP_LOG_LEVEL to Debug in global.vars file located under conf.d/variables and run the deployment. 

 

Define DISP_LOG_LEVEL Debug

 

Avatar

Community Advisor

Default dispatcher files should not be edited in Cloud Service, and default_filters.any is one of them. Instead, you can add those rules to the filters.any file and test the querybuilder in non-production instances.

 

In case you've not noticed, there is a text block like the one below mentioned in the default filters.any file at the top of it.


#
# This is the default filter ACL specifying what requests are handled by the dispatcher.
#
# DO NOT EDIT this file, your changes will have no impact on your deployment.
#
# Instead modify filters.any.
#

But the comment mentioned in the default_filters.any for allowing /bin and /apps for non-production instances is confusing. At least, it should say, "add these rules in the filters.any file to allow non-public content directories if this isn't a production environment".

# allow non-public content directories if this isn't a production environment by uncommenting the next few lines
# /004 { /type "allow" /url "/apps/*" } # allow apps access
# /005 { /type "allow" /url "/bin/*" } # allow bin path access

 

Avatar

Correct answer by
Level 5

This is resolved by running proper pipeline (with unchecked Ignore Web Tier Configuration).

Rules that were used (I guess only 0100 would be enough)

 

/0100 { /type "allow" /url "/bin/querybuilder.json"}

/0304 { /type "allow" /url "/apps/*" }
/0305 { /type "allow" /url "/bin/*" }