Expand my Community achievements bar.

Don’t miss the AEM Skill Exchange in SF on Nov 14—hear from industry leaders, learn best practices, and enhance your AEM strategy with practical tips.
Read More & Register today!
SOLVED

Stop POST request from external Server to AEM / Dispatcher

Avatar

Level 3
Level 3
10/15/15 7:28:38 PM

Hi Team,

We have seen a security related issue in our environment.

Issue :

A POST request , which is coming from external site is able to access AEM , getting response from AEM "Content Modified "(Attached screenshot Response.png )

Reproducible :

1. Keep test3.html in your Tomcat / other servers.
   a. test3.html contains a POST request to AEM page (test3.html)
2. Make sure to setup AEM Publish & Dispatcher.
3. Access test3.html

On Page load of test3.html , it will submit  POST request to AEM/Dispatcher

Screenshots / Pages / Servers URL Info :

http://localhost:8081 ---- Tomcat Server (test3.html deployed here)
http://localhost:9080 --- Apatche httpd Server (Configured dispatcher with Publish environment)
http://localhost:4505 --- Local AEM Publish instance

AEM 5.6 & Dispatcher (Apache 2.2)

Team, Please let me know how can i block external POST requests to stop access AEM .

Thanks in advance 

Ravindra Reddy

Views

2.7K

Replies

3
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Level 10
Level 10
10/15/15 7:28:38 PM

Make sure to take care of [1] which is surely missing from your symptoms. Configure referrer filter.. and install the security related hotfix.   If need further help reach out for official request.

 

[1]  http://docs.adobe.com/docs/en/cq/5-6-1/deploying/security_checklist.html

View solution in original post

Views

1.6K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
3 Replies

Avatar

Correct answer by
Level 10
Level 10
10/15/15 7:28:38 PM

Make sure to take care of [1] which is surely missing from your symptoms. Configure referrer filter.. and install the security related hotfix.   If need further help reach out for official request.

 

[1]  http://docs.adobe.com/docs/en/cq/5-6-1/deploying/security_checklist.html

Views

1.6K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply

Avatar

Level 10
Level 10
10/15/15 7:28:38 PM

"A POST request , which is coming from external site is able to access AEM , getting response from AEM "Content Modified "(Attached screenshot Response.png )"

Is your main concern here about an external server being able to send a POST request to AEM? 

Views

1.6K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 3
Level 3
10/15/15 7:28:38 PM

HI smacdonald,

Thanks for reply , Yes main concern is stop POST request from external and allow AEM internal POST requests .

 

Thanks'

Ravindra Reddy

Views

2.0K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Related Conversations
Optimizing Daily API Calls in AEM: A Better Solution? Solved

Views

154

Likes

0

Replies

5
Replication Event Listener stopped working on AEMaaCS Publisher

Views

97

Likes

0

Replies

4
Create Content Fragment with more than one variations from Excel File

Views

56

Likes

0

Replies

0
RTE full options not appearing in minimized view AEM 6.5 cloud

Views

73

Likes

0

Replies

2
Redirects do not work with x-aem-client-country header

Views

86

Likes

0

Replies

1