Hi All
I have few queries in filter sections in dispatcher ..Could you please anyone help on this ?
1. Why is it recommended to configure filter sections in the dispatcher to start with 'deny all' and then allow only what is desired?
2. What complications might arise if we do not follow the recommended practice of starting filter sections in the dispatcher with 'deny all' and then allowing only what is desired?
Thanks
Solved! Go to Solution.
Views
Replies
Total Likes
It's important to understand why it's recommended to configure filter sections starting with 'deny all' and then allow only what is desired.
1. Recommended Practice: 'Deny All' Approach:
2. Complications of Not Following Recommended Practice:If the recommended practice of starting filter sections with 'deny all' is not followed, several complications may arise:
In summary, configuring filter sections in the dispatcher to start with 'deny all' and then allow only what is desired is a best practice that helps enhance security, reduce risks, and maintain the integrity of the AEM application. Not following this practice can lead to various complications, including security vulnerabilities, resource exhaustion, data exposure, compliance risks, and maintenance challenges.
Deny all rule is recommended because it prevents access to sensitive areas of AEM repository.
This will prevent sensitive information leakage from AEM repository. This approach enhances security and minimizes vulnerabilities.
It's important to understand why it's recommended to configure filter sections starting with 'deny all' and then allow only what is desired.
1. Recommended Practice: 'Deny All' Approach:
2. Complications of Not Following Recommended Practice:If the recommended practice of starting filter sections with 'deny all' is not followed, several complications may arise:
In summary, configuring filter sections in the dispatcher to start with 'deny all' and then allow only what is desired is a best practice that helps enhance security, reduce risks, and maintain the integrity of the AEM application. Not following this practice can lead to various complications, including security vulnerabilities, resource exhaustion, data exposure, compliance risks, and maintenance challenges.
@KannanCh2
1) Question 1 - Deny all and allow only necessary is a standard whitelisting technique followed to enhance security and for better filter performance
2) Question 2 - If you don't follow the deny all and allow necessary approach then you will end up with this code smell https://github.com/adobe/aem-dispatcher-optimizer-tool/blob/main/docs/Rules.md#dot---the-dispatcher-...
Hi @KannanCh2
Did you find the suggestions from users helpful? Please let us know if more information is required. Otherwise, please mark the answer as correct for posterity. If you have found out solution yourself, please share it with the community.