Hi Team,
We have seen a security related issue in our environment.
Issue :
A POST request , which is coming from external site is able to access AEM , getting response from AEM "Content Modified "(Attached screenshot Response.png )
Reproducible :
1. Keep test3.html in your Tomcat / other servers.
a. test3.html contains a POST request to AEM page (test3.html)
2. Make sure to setup AEM Publish & Dispatcher.
3. Access test3.html
On Page load of test3.html , it will submit POST request to AEM/Dispatcher
Screenshots / Pages / Servers URL Info :
http://localhost:8081 ---- Tomcat Server (test3.html deployed here)
http://localhost:9080 --- Apatche httpd Server (Configured dispatcher with Publish environment)
http://localhost:4505 --- Local AEM Publish instance
AEM 5.6 & Dispatcher (Apache 2.2)
Team, Please let me know how can i block external POST requests to stop access AEM .
Thanks in advance
Ravindra Reddy
Solved! Go to Solution.
Views
Replies
Total Likes
Make sure to take care of [1] which is surely missing from your symptoms. Configure referrer filter.. and install the security related hotfix. If need further help reach out for official request.
[1] http://docs.adobe.com/docs/en/cq/5-6-1/deploying/security_checklist.html
Views
Replies
Total Likes
Make sure to take care of [1] which is surely missing from your symptoms. Configure referrer filter.. and install the security related hotfix. If need further help reach out for official request.
[1] http://docs.adobe.com/docs/en/cq/5-6-1/deploying/security_checklist.html
Views
Replies
Total Likes
"A POST request , which is coming from external site is able to access AEM , getting response from AEM "Content Modified "(Attached screenshot Response.png )"
Is your main concern here about an external server being able to send a POST request to AEM?
Views
Replies
Total Likes
HI smacdonald,
Thanks for reply , Yes main concern is stop POST request from external and allow AEM internal POST requests .
Thanks'
Ravindra Reddy
Views
Replies
Total Likes
Views
Likes
Replies