Login Screen Visible to Web Crawlers (Google)

Avatar

Avatar

pipcat

Avatar

pipcat

pipcat

05-06-2019

Hi,

Our site has been working fine for years - all anonymous access.  On google someone was able to see our login screen and the managers would like it to be not visible from our website.  Is there a way to block its visibility? 

Thanks,

Accepted Solutions (1)

Accepted Solutions (1)

Avatar

Avatar

jbrar

Employee

Avatar

jbrar

Employee

jbrar
Employee

05-06-2019

You can block the login page at dispatcher level with a rule like below:

/0011 { /type "deny" /url "libs/granite/core/content/login.html"  }

Ideally, you should be blocking "*" and only allow the URL's that are required to load the site.

Answers (3)

Answers (3)

Avatar

Avatar

pipcat

Avatar

pipcat

pipcat

05-06-2019

Thanks - I noticed that the other allows and denies started with / 

I changed the lines to

/0032 { /type "deny" /url "/libs/granite/core/content/login.html"  }

/0033 { /type "deny" /url "/libs/cq/core/content/login.html"  }

and that did the trick - the login page is giving a 404 now. 

Thanks for your help. 

Avatar

Avatar

jbrar

Employee

Avatar

jbrar

Employee

jbrar
Employee

05-06-2019

Yes, add all the deny rules first and then allow. If still not working, change the dispatcher log level to DEBUG and check the logs when you hit the URL. It should tell you which rule is being used to allow/deny the URL.

Avatar

Avatar

pipcat

Avatar

pipcat

pipcat

05-06-2019

Thanks.  I tried adding

/0032 { /type "deny" /url "libs/granite/core/content/login.html"  }

/0033 { /type "deny" /url "libs/cq/core/content/login.html"  }

to the dispatcher.any files on my two servers, rebooted the servers, deleted the old files from the cache on the servers and from my local browser cache and tried the url again - but it still allowed me access.  (The url on google is the bottom one, which is why I added that as well). 

Perhaps I should add them higher up in the list of rules? 

Thanks again,

Connie