Adobe Experience Manager Sites & More

Denunciar · 14/03/2019

As part of our environment Scan from AMSSEC suggested this to be fixed. "should NOT respond to GET /bin/querybuilder.feed.css with 200" In the scan it turned out to be Green, which AMS prefers it to be Red. How do I get this fixed?

Gaurav-Behl · 14/03/2019

Block this specific url or "feed*" in dispatcher.any based on your requirements

/0090 { /type "deny" /url"/bin/querybuilder.feed.css" } or

/0090 { /type "deny" /glob "* *.feed.css*" } or

/0090 { /type "deny" /glob "* *.feed.*" } or

/006 {

/type "deny"

/path "/bin/*"

/extension '(css)'

}

Ver solução na publicação original

Gaurav-Behl · 14/03/2019

Block this specific url or "feed*" in dispatcher.any based on your requirements

/0090 { /type "deny" /url"/bin/querybuilder.feed.css" } or

/0090 { /type "deny" /glob "* *.feed.css*" } or

/0090 { /type "deny" /glob "* *.feed.*" } or

/006 {

/type "deny"

/path "/bin/*"

/extension '(css)'

}

Denunciar · 14/03/2019

I am trying to block these:

should NOT respond to GET /bin/querybuilder.feed.css with 200

should NOT respond to GET /bin/querybuilder.json.servlet;%0aa.css with 200

should NOT respond to GET /crx/de/index.jsp;%0aa.css with 200

should NOT respond to GET /crx/explorer/index.jsp;%0aa.css with 200

so does this work?

{ /type "deny" /url"/bin/querybuilder.feed.css" }
{ /type "deny" /url"/bin/querybuilder.json.servlet;%0aa.css" }
{ /type "deny" /url"/crx/de/index.jsp;%0aa.css" }
{ /type "deny" /url"/crx/explorer/index.jsp;%0aa.css" }

Gaurav-Behl · 14/03/2019

for #3 and #4, /crx/de and /crx/explorer can be blocked at AEM itself otherwise for dispatcher you should deny all and allow only relevant paths.

You should have /0001 { /type "deny" /glob "*" } to take care of "/crx" and other paths

for #1 and #2, use "selectors" and "extension"

/006 {

/type "deny"

/path "/bin/*" or /path "/bin/querybuilder*"

/selectors '(feed|servlet|json)'

/extension '(css)'

}

refer - Dispatcher- publisher System/console is giving 500 error.

Denunciar · 14/03/2019

Do you mean that this doesn't work for CRX?

{ /type "deny" /url"/crx/de/index.jsp;%0aa.css" }
{ /type "deny" /url"/crx/explorer/index.jsp;%0aa.css" }

Gaurav-Behl · 14/03/2019

It would work fine but in ideal scenario (per best practices), you are supposed to deny all paths and allow only specific paths. When you deny all paths, /crx is covered under that.

HTH

IPinchuk · 09/09/2019

How can I do that in AEM itself?

How it can be done using /path, /selectors, /extension?

Thanks

Gaurav-Behl · 09/09/2019

check Security Checklist

Check if the CRX development bundles are present

These development OSGi bundles should be uninstalled on both author and publish productive systems before making them accessible.

Adobe CRXDE Support (com.adobe.granite.crxde-support)
Adobe Granite CRX Explorer (com.adobe.granite.crx-explorer)
Adobe Granite CRXDE Lite (com.adobe.granite.crxde-lite)

Adobe Experience Manager Sites & More

should NOT respond to GET /bin/querybuilder.feed.css with 200

Aprender

Documentação

Eventos

Comunidade

Suporte

Recursos

Conta de Adobe

Adobe