Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
BedrockMission!

Learn more

View all

Sign in to view all badges

SOLVED

Stop POST request from external Server to AEM / Dispatcher

ravindrareddydr
Level 3
Level 3

Hi Team,

We have seen a security related issue in our environment.

Issue :

A POST request , which is coming from external site is able to access AEM , getting response from AEM "Content Modified "(Attached screenshot Response.png )

Reproducible :

1. Keep test3.html in your Tomcat / other servers.
   a. test3.html contains a POST request to AEM page (test3.html)
2. Make sure to setup AEM Publish & Dispatcher.
3. Access test3.html

On Page load of test3.html , it will submit  POST request to AEM/Dispatcher

Screenshots / Pages / Servers URL Info :

http://localhost:8081 ---- Tomcat Server (test3.html deployed here)
http://localhost:9080 --- Apatche httpd Server (Configured dispatcher with Publish environment)
http://localhost:4505 --- Local AEM Publish instance

AEM 5.6 & Dispatcher (Apache 2.2)

Team, Please let me know how can i block external POST requests to stop access AEM .

Thanks in advance 

Ravindra Reddy

1 Accepted Solution
Sham_HC
Correct answer by
Level 10
Level 10

Make sure to take care of [1] which is surely missing from your symptoms. Configure referrer filter.. and install the security related hotfix.   If need further help reach out for official request.

 

[1]  http://docs.adobe.com/docs/en/cq/5-6-1/deploying/security_checklist.html

View solution in original post

3 Replies
Sham_HC
Correct answer by
Level 10
Level 10

Make sure to take care of [1] which is surely missing from your symptoms. Configure referrer filter.. and install the security related hotfix.   If need further help reach out for official request.

 

[1]  http://docs.adobe.com/docs/en/cq/5-6-1/deploying/security_checklist.html

View solution in original post

smacdonald2008
Level 10
Level 10

"A POST request , which is coming from external site is able to access AEM , getting response from AEM "Content Modified "(Attached screenshot Response.png )"

Is your main concern here about an external server being able to send a POST request to AEM? 

ravindrareddydr
Level 3
Level 3

HI smacdonald,

Thanks for reply , Yes main concern is stop POST request from external and allow AEM internal POST requests .

 

Thanks'

Ravindra Reddy