Hi Team,
We are looking for options for restricting path based servlets to be accessed from website self domain only and not to be accessed if used by any other domain so if domain B tries to access the servlet on domain A it should not allow and if use servlet from anywhere in domain A, it should allow.
Thanks,
Neha
Solved! Go to Solution.
Views
Replies
Total Likes
Hi,
This kind of restriction can be done using CORS.
set cors header on those path from apache httpd configurations
or you can allow by default and allow only for your main site in the dispatcher filter.
Hi @NehaCMS ,
Depending on your setup you can do this at the Apache level (dispatcher), you could write some rules in your Vhost file by applying path-based rules and checking the referrer in the request.
For more details about the directives, you can refer to Apache documentation
https://httpd.apache.org/docs/2.4/mod/core.html#locationmatch
https://httpd.apache.org/docs/2.4/mod/mod_rewrite.html
Hope this helps.
Regards,
Nitesh
Hi,
This kind of restriction can be done using CORS.
set cors header on those path from apache httpd configurations
or you can allow by default and allow only for your main site in the dispatcher filter.
@NehaCMS as suggested by others we can do this at apache/dispatcher config or aem by setting cors, but if you are using a CDN or any WAF in between CDN and origin servers try to set these restrictions/Security at that level itself instead of allowing them till origin servers and then rejecting.
Views
Likes
Replies
Views
Likes
Replies
Views
Likes
Replies