After doing a vulnerability scan we found the following vulnerability. How can I make the page not publicly accessible? It doesn't even mention what the page address is for this. I'm trying to find references to the servlet right now but am having a hard time.
Adobe Experience Manager QueryBuilderFeedServlet page is publicly accessible. Sensitive information might be exposed via AEM's QueryBuilderFeedServlet.
Solved! Go to Solution.
Views
Replies
Total Likes
@Kerryu1 Please check the below post which has the similar query
you can try like this in your dispatcher filter rules, "wknd" is sample site
##This rule must be the last rule to block content grabbing in all paths
/9997 { /type "deny" /url "/content/dam/*" /suffix "*/bin/querybuilder.json*"}
/9998 { /type "deny" /url "/content/wknd/*" /suffix "*/bin/querybuilder.json*"}
Update: I found the feed to be accessible via '/bin/querybuilder.feed' url. What would be the best approach to making this private? I don't know if it's a crucial endpoint for end users or not as well.
@Kerryu1 Please check the below post which has the similar query
you can try like this in your dispatcher filter rules, "wknd" is sample site
##This rule must be the last rule to block content grabbing in all paths
/9997 { /type "deny" /url "/content/dam/*" /suffix "*/bin/querybuilder.json*"}
/9998 { /type "deny" /url "/content/wknd/*" /suffix "*/bin/querybuilder.json*"}