Expand my Community achievements bar.

Dive into Adobe Summit 2024! Explore curated list of AEM sessions & labs, register, connect with experts, ask questions, engage, and share insights. Don't miss the excitement.
SOLVED

Update to Apache sling simple webdav servlet, will there be any security issue?

Avatar

Level 4

the default configuration for the dav.root is /dav, so for a requirement we have recently changes it to /crx/repository, will there be any security issues because of this change in Apache sling simple webdav servlet?

 

dav.create-absolute-uri=B"true"
type.content="nt:resource"
type.noncollections="nt:file"
filter.prefixes=["rep","jcr"]
dav.realm="Sling\ WebDAV"
dav.root="/crx/repository"
filter.types=""
filter.uris=""
type.collections="sling:Folder"
collection.types=["nt:file","nt:resource"]

1 Accepted Solution

Avatar

Correct answer by
Employee Advisor

Besides the "usual" recommendation to shut it down in production, I don't see any immediate problem with it. The question remains why you have to change it at all

View solution in original post

4 Replies

Avatar

Correct answer by
Employee Advisor

Besides the "usual" recommendation to shut it down in production, I don't see any immediate problem with it. The question remains why you have to change it at all

Avatar

Level 4
We wanted to apply HTTP OPTIONS method to be blocked in AEM, so we are using Apache sling referrer filter to add OPTIONS method, so we had to update the dav root inorder for that configuration to work.

Avatar

Employee Advisor
If you want to block the OPTIONS method, I would do that on the dispatcher/webserver level.

Avatar

Level 4
if it is at dispatcher level, we have to apply it at multiple apache instances in our design, to make this a platform level fix, we want to implement it at AEM level.