Regexp is not working in Apache Sling Referrer filter

Question

I need to allow some of the external domains to access the application which is built on AEM. For that I have given the full domain url (<protocol>://<server>:<port>) in Allowed Hosts under Apache Sling Referrer filter in OSGI console. It works fine and its able to make the POST requests. Now I want to change that to a regex so that it will allow a series of external application domains. So I have added the below regex on the Apache Sling Referrer filter:

/^(https?):\/\/([A-Z\d\.-]{2,})\.([A-Z]{2,})(:\d{2,4})?/i

But its not working. Its throwing Forbidden error - 403 for POST requests.

So my question is can we include regexp in Allowed Hosts under Apache Sling Referrer filter in OSGI console ?

kautuk_sahni · Accepted Answer

HiPlease have a look at this community article, this might will help you.Link:-https://aem6solutions.wordpress.com/2015/06/19/apache-sling-referrer-filter///Go to the Felix Console – http://localhost:4502/system/console/configMgrSearch for “Apache Sling Referrer Filter”Select “Allow Empty”  This will disable the referrer security check in CQ5 for your developer instance.Also make sure, regular expression is correct.Just FYI...Regex if you want to ensure URL starts with HTTPShttps?:\/\/(www\.)?[-a-zA-Z0-9@:%._\+~#=]{2,256}\.[a-z]{2,6}\b([-a-zA-Z0-9@:%_\+.~#?&//=]*)I hope this will help you.Thanks and RegardsKautuk Sahni

nalla0109 · Answer

Thanks for the reply. The problem was with the regexp. I changed it and it worked.

I need to implement these changes in production so I cant select “Allow Empty” as this will disable the referrer security check and it allows all the domains.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded