Adobe Experience Manager Sites & More

ramgopalm545617 · 5/28/20

the default configuration for the dav.root is /dav, so for a requirement we have recently changes it to /crx/repository, will there be any security issues because of this change in Apache sling simple webdav servlet?

dav.create-absolute-uri=B"true"
type.content="nt:resource"
type.noncollections="nt:file"
filter.prefixes=["rep","jcr"]
dav.realm="Sling\ WebDAV"
dav.root="/crx/repository"
filter.types=""
filter.uris=""
type.collections="sling:Folder"
collection.types=["nt:file","nt:resource"]

Jörg_Hoh · 5/28/20

Besides the "usual" recommendation to shut it down in production, I don't see any immediate problem with it. The question remains why you have to change it at all

View solution in original post

Jörg_Hoh · 5/28/20

Besides the "usual" recommendation to shut it down in production, I don't see any immediate problem with it. The question remains why you have to change it at all

ramgopalm545617 · 5/28/20

We wanted to apply HTTP OPTIONS method to be blocked in AEM, so we are using Apache sling referrer filter to add OPTIONS method, so we had to update the dav root inorder for that configuration to work.

Jörg_Hoh · 6/1/20

If you want to block the OPTIONS method, I would do that on the dispatcher/webserver level.

ramgopalm545617 · 6/5/20

if it is at dispatcher level, we have to apply it at multiple apache instances in our design, to make this a platform level fix, we want to implement it at AEM level.

Adobe Experience Manager Sites & More

Update to Apache sling simple webdav servlet, will there be any security issue?

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe