How to prevent pages from being served with arbitrary selectors and return 404 instead? | Community
Skip to main content
LinearGradient
LinearGradient
Level 6
October 16, 2015
Solved

How to prevent pages from being served with arbitrary selectors and return 404 instead?

  • October 16, 2015
  • 1 reply
  • 513 views

Hi,

We have just noticed that pages on our sites can be access with arbitrary extensions. For example, http://www.mysite.com/home.html, is also being served with http://www.mysite.com/home.phphttp://www.mysite.com/home.asphttp://www.mysite.com/home.do, http://www.mysite.com/home.foo as well as http://www.mysite.com/home.php.htmlhttp://www.mysite.com/home.asp.html, etc.

I can disable all these extensions in the dispatcher.any, but this is not elegant, as I either have to add lots of deny lines or accidentally disable valid extensions.

Is there an elegant way to prevent this from happening? 

Thanks in advance,
Behrang

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by Sham_HC

Hi Behrang,

   Seem like your current configuration is not as per recommendation.  Please Use a “whitelist” approach. Deny everything and only allow what you need. Watch out our Webinar Recording: http://my.adobeconnect.com/p7th2gf8k43/

Thanks,

Sham

1 reply

Sham_HC
Sham_HCAccepted solution
Level 10
October 16, 2015

Hi Behrang,

   Seem like your current configuration is not as per recommendation.  Please Use a “whitelist” approach. Deny everything and only allow what you need. Watch out our Webinar Recording: http://my.adobeconnect.com/p7th2gf8k43/

Thanks,

Sham

Terms & ConditionsAccessibility statement

Loading footer...