Expand my Community achievements bar.

SOLVED

Login Screen Visible to Web Crawlers (Google)

Avatar

Level 1

Hi,

Our site has been working fine for years - all anonymous access.  On google someone was able to see our login screen and the managers would like it to be not visible from our website.  Is there a way to block its visibility? 

Thanks,

1 Accepted Solution

Avatar

Correct answer by
Employee Advisor

You can block the login page at dispatcher level with a rule like below:

/0011 { /type "deny" /url "libs/granite/core/content/login.html"  }

Ideally, you should be blocking "*" and only allow the URL's that are required to load the site.

View solution in original post

4 Replies

Avatar

Correct answer by
Employee Advisor

You can block the login page at dispatcher level with a rule like below:

/0011 { /type "deny" /url "libs/granite/core/content/login.html"  }

Ideally, you should be blocking "*" and only allow the URL's that are required to load the site.

Avatar

Level 1

Thanks.  I tried adding

/0032 { /type "deny" /url "libs/granite/core/content/login.html"  }

/0033 { /type "deny" /url "libs/cq/core/content/login.html"  }

to the dispatcher.any files on my two servers, rebooted the servers, deleted the old files from the cache on the servers and from my local browser cache and tried the url again - but it still allowed me access.  (The url on google is the bottom one, which is why I added that as well). 

Perhaps I should add them higher up in the list of rules? 

Thanks again,

Connie

Avatar

Employee Advisor

Yes, add all the deny rules first and then allow. If still not working, change the dispatcher log level to DEBUG and check the logs when you hit the URL. It should tell you which rule is being used to allow/deny the URL.

Avatar

Level 1

Thanks - I noticed that the other allows and denies started with / 

I changed the lines to

/0032 { /type "deny" /url "/libs/granite/core/content/login.html"  }

/0033 { /type "deny" /url "/libs/cq/core/content/login.html"  }

and that did the trick - the login page is giving a 404 now. 

Thanks for your help.