Expand my Community achievements bar.

SOLVED

How to prevent pages from being served with arbitrary selectors and return 404 instead?

Avatar

Level 7
Level 7
10/15/15 7:26:23 PM

Hi,

We have just noticed that pages on our sites can be access with arbitrary extensions. For example, http://www.mysite.com/home.html, is also being served with http://www.mysite.com/home.phphttp://www.mysite.com/home.asphttp://www.mysite.com/home.do, http://www.mysite.com/home.foo as well as http://www.mysite.com/home.php.htmlhttp://www.mysite.com/home.asp.html, etc.

I can disable all these extensions in the dispatcher.any, but this is not elegant, as I either have to add lots of deny lines or accidentally disable valid extensions.

Is there an elegant way to prevent this from happening? 

Thanks in advance,
Behrang

Views

227

Replies

1
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Level 10
Level 10
10/15/15 7:26:23 PM

Hi Behrang,

   Seem like your current configuration is not as per recommendation.  Please Use a “whitelist” approach. Deny everything and only allow what you need. Watch out our Webinar Recording: http://my.adobeconnect.com/p7th2gf8k43/

Thanks,

Sham

View solution in original post

Views

207

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
1 Reply

Avatar

Correct answer by
Level 10
Level 10
10/15/15 7:26:23 PM

Hi Behrang,

   Seem like your current configuration is not as per recommendation.  Please Use a “whitelist” approach. Deny everything and only allow what you need. Watch out our Webinar Recording: http://my.adobeconnect.com/p7th2gf8k43/

Thanks,

Sham

Views

208

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply