Hi All,
http://mahesh.org/content/mahesh/en_US/news.html?x=true
If I navigate to this URL, the Dispatcher is skipped (because of the query string).
Below rule we have in dispatcher.any:-
# deny query
# This is only required if dispatching for CQ 5.5 or older
/0090 { /type "deny" /glob "* *.query*" }
We should only allow certain parameters for certain URLs to arrive in AEM. Others should be blocked (denied).
If we now request various pages with different querystrings, we can easily bring down the complete AEM instances.
How we will restrict Query strings any idea:-
we need to be expertise in this. or Maybe we should use the access logs from the last 30 days to see what parameters are used and restrict them as per the below link:-
https://helpx.adobe.com/experience-manager/kb/fine-grained-filters.html
Thanks,
Mahesh