Adobe Experience Manager Sites & More

NehaCMS · 12/7/22

Hi Team,

We are looking for options for restricting path based servlets to be accessed from website self domain only and not to be accessed if used by any other domain so if domain B tries to access the servlet on domain A it should not allow and if use servlet from anywhere in domain A, it should allow.

Thanks,

Neha

arunpatidar · 12/8/22

Hi,

This kind of restriction can be done using CORS.

set cors header on those path from apache httpd configurations

or you can allow by default and allow only for your main site in the dispatcher filter.

Arun Patidar

View solution in original post

nitesh_kumar · 12/7/22

Hi @NehaCMS ,

Depending on your setup you can do this at the Apache level (dispatcher), you could write some rules in your Vhost file by applying path-based rules and checking the referrer in the request.

For more details about the directives, you can refer to Apache documentation

https://httpd.apache.org/docs/2.4/mod/core.html#locationmatch

https://httpd.apache.org/docs/2.4/mod/mod_rewrite.html

Hope this helps.

Regards,

Nitesh

arunpatidar · 12/8/22

Hi,

This kind of restriction can be done using CORS.

set cors header on those path from apache httpd configurations

or you can allow by default and allow only for your main site in the dispatcher filter.

Arun Patidar

Shashi_Mulugu · 12/11/22

@NehaCMS as suggested by others we can do this at apache/dispatcher config or aem by setting cors, but if you are using a CDN or any WAF in between CDN and origin servers try to set these restrictions/Security at that level itself instead of allowing them till origin servers and then rejecting.

Adobe Experience Manager Sites & More

Restricting path based servlets to be accessed only from main site domain in AEM

Arun Patidar

Arun Patidar

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe