Expand my Community achievements bar.

SOLVED

Restricting path based servlets to be accessed only from main site domain in AEM

Avatar

Level 5

Hi Team,

 

We are looking for options for restricting path based servlets to be accessed from website self domain only and not to be accessed if used by any other domain so if domain B tries to access the servlet on domain A it should not allow and if use servlet from anywhere in domain A, it should allow.

 

Thanks,

Neha

1 Accepted Solution

Avatar

Correct answer by
Community Advisor

Hi,

This kind of restriction can be done using CORS.

set cors header on those path from apache httpd configurations

 

or you can allow by default and allow only for your main site in the dispatcher filter.



Arun Patidar

View solution in original post

3 Replies

Avatar

Employee Advisor

Hi @NehaCMS ,

 

Depending on your setup you can do this at the Apache level (dispatcher), you could write some rules in your Vhost file by applying path-based rules and checking the referrer in the request.

 

For more details about the directives, you can refer to Apache documentation

https://httpd.apache.org/docs/2.4/mod/core.html#locationmatch 

https://httpd.apache.org/docs/2.4/mod/mod_rewrite.html

 

Hope this helps.

 

Regards,

Nitesh

 

Avatar

Correct answer by
Community Advisor

Hi,

This kind of restriction can be done using CORS.

set cors header on those path from apache httpd configurations

 

or you can allow by default and allow only for your main site in the dispatcher filter.



Arun Patidar

Avatar

Community Advisor

@NehaCMS as suggested by others we can do this at apache/dispatcher config or aem by setting cors, but if you are using a CDN or any WAF in between CDN and origin servers try to set these restrictions/Security at that level itself instead of allowing them till origin servers and then rejecting.