Expand my Community achievements bar.

Join expert-led, customer-led sessions on Adobe Experience Manager Assets on August 20th at our Skill Exchange.

Mark Solution

This conversation has been locked due to inactivity. Please create a new post.

SOLVED

How to block invalid URL with query param contains extension(.alfa OR .php) on dispatcher

Avatar

Level 4

Valid URL
/content/govt/en/us/doctor/doctor-detail.html?doctorId=ss222-001


Invalid URL going to AEM publisher.
/content/govt/en/us/doctor/doctor-detail.html?doctorId=ss222-001/ALFA_DATA/alfacgiapi/perl.alfa
/content/govt/en/us/doctor/doctor-detail.html?doctorId=ss222-001/wp-plain.php

 

How to block invalid URL with query param contains extension(.alfa OR .php) on dispatcher ? Invalid URL need to redirect to error page.

1 Accepted Solution

Avatar

Correct answer by
Community Advisor

Hi,

You can remove those query param using apache rewrite rule

 

Example

RewriteEngine On
RewriteCond %{QUERY_STRING} ^doctorId=.*(.alfa|.php)$
RewriteCond %{REQUEST_URI} /doctor/doctor-detail\.html$
RewriteRule (.*) $0?
Arun Patidar

AEM LinksLinkedIn

View solution in original post

3 Replies

Avatar

Correct answer by
Community Advisor

Hi,

You can remove those query param using apache rewrite rule

 

Example

RewriteEngine On
RewriteCond %{QUERY_STRING} ^doctorId=.*(.alfa|.php)$
RewriteCond %{REQUEST_URI} /doctor/doctor-detail\.html$
RewriteRule (.*) $0?
Arun Patidar

AEM LinksLinkedIn

Avatar

Level 4

Thanks @arunpatidar for your response. Multiple requests are coming from unknown ip(hacker). So We need to block the request and redirect to error page. Can we achieve it using filter section? 

Avatar

Community Advisor

I think, for that you have to use the DDoS protection.

 

But of you think, the query parameters are not required at backend, you can simply remove the query parameter from request propagation(example is above) so that cached page can be served.

 

Arun Patidar

AEM LinksLinkedIn