Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
BedrockMission!

Learn more

View all

Sign in to view all badges

SOLVED

Update to Apache sling simple webdav servlet, will there be any security issue?

ramgopalm545617
Level 4
Level 4

the default configuration for the dav.root is /dav, so for a requirement we have recently changes it to /crx/repository, will there be any security issues because of this change in Apache sling simple webdav servlet?

 

dav.create-absolute-uri=B"true"
type.content="nt:resource"
type.noncollections="nt:file"
filter.prefixes=["rep","jcr"]
dav.realm="Sling\ WebDAV"
dav.root="/crx/repository"
filter.types=""
filter.uris=""
type.collections="sling:Folder"
collection.types=["nt:file","nt:resource"]

1 Accepted Solution
Jörg_Hoh
Correct answer by
Employee
Employee

Besides the "usual" recommendation to shut it down in production, I don't see any immediate problem with it. The question remains why you have to change it at all 🙂

View solution in original post

4 Replies
Jörg_Hoh
Correct answer by
Employee
Employee

Besides the "usual" recommendation to shut it down in production, I don't see any immediate problem with it. The question remains why you have to change it at all 🙂

View solution in original post

ramgopalm545617
Level 4
Level 4
We wanted to apply HTTP OPTIONS method to be blocked in AEM, so we are using Apache sling referrer filter to add OPTIONS method, so we had to update the dav root inorder for that configuration to work.
Jörg_Hoh
Employee
Employee
If you want to block the OPTIONS method, I would do that on the dispatcher/webserver level.
ramgopalm545617
Level 4
Level 4
if it is at dispatcher level, we have to apply it at multiple apache instances in our design, to make this a platform level fix, we want to implement it at AEM level.