Expand my Community achievements bar.

SOLVED

One Dispatcher filtering all requests

Avatar

Level 2
Level 2
3/1/17 1:52:59 AM

I have configured two dispatchers in front of my publishers. Both of the dispatchers are configured the same, but one of the dispatchers is blocking all the requests. 

 

Filter rejects: POST /services/EmailServlet HTTP/1.1

[Wed Mar 01 03:09:44 2017] [I] [pid 6104 (tid 140100969940736)] "POST /services/EmailServlet" - - 0ms

[Wed Mar 01 03:09:44 2017] [D] [pid 6104 (tid 140100969940736)] Found farm publishfarm for abc-prod62.adobemsbasic.com

[Wed Mar 01 03:09:44 2017] [D] [pid 6104 (tid 140100969940736)] checking [/errors/404.html]

[Wed Mar 01 03:09:44 2017] [D] [pid 6104 (tid 140100969940736)] cache file is newer than lastflush -> use cache [/mnt/var/www/html/errors/404.html]

[Wed Mar 01 03:09:44 2017] [D] [pid 6104 (tid 140100969940736)] cache-action for [/errors/404.html]: DELIVER

[Wed Mar 01 03:09:44 2017] [D] [pid 6104 (tid 140100969940736)] request declined

[Wed Mar 01 03:09:44 2017] [I] [pid 6104 (tid 140100969940736)] "GET /errors/404.html" - - 0ms

[Wed Mar 01 03:09:45 2017] [D] [pid 6104 (tid 140100969940736)] Found farm publishfarm for abc-prod62.adobemsbasic.com

request URL not in cache rules: /abc-with-an-advisor/before-you-invest/who-we-serve.html

[Wed Mar 01 01:56:52 2017] [D] [pid 3874 (tid 139889811113728)] cache-action for [/working-with-an-abc/before-you-invest/who-we-serve.html]: NONE

[Wed Mar 01 01:56:52 2017] [D] [pid 3874 (tid 139889811113728)] refresh_vanity_urls: up-to-date (next check: 1488351530, current: 1488351412)

[Wed Mar 01 01:56:52 2017] [D] [pid 3874 (tid 139889811113728)] Filter rejects: GET /abc-with-an-advisor/before-you-invest/who-we-serve.html HTTP/1.1

[Wed Mar 01 01:56:52 2017] [I] [pid 3874 (tid 139889811113728)] "GET /abc-with-an-advisor/before-you-invest/who-we-serve.html" - - 0ms

[Wed Mar 01 01:56:52 2017] [D] [pid 3874 (tid 139889811113728)] Found farm publishfarm for abc-prod62.adobemsbasic.com

[Wed Mar 01 01:56:52 2017] [D] [pid 3874 (tid 139889811113728)] checking [/errors/404.html]

[Wed Mar 01 01:56:52 2017] [D] [pid 3874 (tid 139889811113728)] request URL not in cache rules: /errors/404.html

The filters 

     /filter

          {

          # deny everything and allow specific entries

          /0001 { /type "deny"  /glob "*" }

 

          # open consoles

        #    /0012 { /type "allow" /glob "* /crx/*"    }  # allow content repository

        #    /0013 { /type "allow" /glob "* /system/*" }  # allow OSGi console

 

          # allow non-public content directories

        #    /0021 { /type "allow" /glob "* /apps/*"   }  # allow apps access

        #    /0022 { /type "allow" /glob "* /bin/*"    }

          /0023 { /type "allow" /glob "* /content*" }  # disable this rule to allow mapped content only

  /0910 { /type "allow" /glob "* /home*" }

 /0911 { /type "allow" /glob "* /contact*" }

 /0912 { /type "allow" /glob "* working-with-an-abc*" }

 /0929 { /type "allow" /glob "* /errors*" }

Can anybody suggest what is the wrong with the filter or should i be looking at any other location like dispatcher_vhost.conf. would appreciate any help.

Views

1.1K

Replies

3
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Employee Advisor
Employee Advisor
3/1/17 1:13:03 PM

Hi,

it clearly says "[Wed Mar 01 01:56:52 2017] [D] [pid 3874 (tid 139889811113728)] Filter rejects: GET /abc-with-an-advisor/before-you-invest/who-we-serve.html HTTP/1.1", so it is a missing filter rule.

Because of "/0001 { /type "deny"  /glob "*" }" you are missing a statement like

/0913 { /type "allow" /glob "* /working-with-an-advisor*" }

Jörg

View solution in original post

Views

814

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
3 Replies

Avatar

Employee Advisor
Employee Advisor
3/1/17 12:45:18 PM

Hi,

your filters are organized in a whitelist approach; this means, that unless you explicitly allow access to a resource, it's forbidden. And as far as I can see, you have rules allowing to access paths matching the patterns:

  • /crx/*
  • /system/*
  • /apps/*
  • /bin/*
  • /home/*
  • /contact*
  • working-with-an-abc* (mind the missing slash in front!)
  • /errors*

This filter line is matched against the first line of the HTTP request. So your request for "GET /abc-with-an-advisor/before-you-invest/who-we-serve.html" does not match the rule "* abc-with-an-advisor" because of the missing slash.

If you build your rule like this:

/0912 { /type "allow" /glob "* /working-with-an-abc*" }

it's likely to work.

Jörg

Views

762

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 2
Level 2
3/1/17 1:05:21 PM

Hi Jorg,

I have the slash in front the url in the file, while trying to post the message, i tried to rename stuff for privacy and i missed it. Is there any other location other than the publish-farm.any any where filters can interfere?

Regards,

Bhavani 

Views

936

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Correct answer by
Employee Advisor
Employee Advisor
3/1/17 1:13:03 PM

Hi,

it clearly says "[Wed Mar 01 01:56:52 2017] [D] [pid 3874 (tid 139889811113728)] Filter rejects: GET /abc-with-an-advisor/before-you-invest/who-we-serve.html HTTP/1.1", so it is a missing filter rule.

Because of "/0001 { /type "deny"  /glob "*" }" you are missing a statement like

/0913 { /type "allow" /glob "* /working-with-an-advisor*" }

Jörg

Views

815

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply