Restricting path based servlets to be accessed only from main site domain in AEM

Forum|Forum|3 years ago
December 8, 2022
3 replies
936 views

Hi Team,

We are looking for options for restricting path based servlets to be accessed from website self domain only and not to be accessed if used by any other domain so if domain B tries to access the servlet on domain A it should not allow and if use servlet from anywhere in domain A, it should allow.

Thanks,

Neha

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.

Best answer by arunpatidar

Hi,

This kind of restriction can be done using CORS.

set cors header on those path from apache httpd configurations

or you can allow by default and allow only for your main site in the dispatcher filter.

Shashi_Mulugu

New Participant

@nehama as suggested by others we can do this at apache/dispatcher config or aem by setting cors, but if you are using a CDN or any WAF in between CDN and origin servers try to set these restrictions/Security at that level itself instead of allowing them till origin servers and then rejecting.

arunpatidarAccepted solution

New Participant

Hi,

This kind of restriction can be done using CORS.

set cors header on those path from apache httpd configurations

or you can allow by default and allow only for your main site in the dispatcher filter.

Arun Patidar

nitesh_kumar-1

Employee

Hi @nehama ,

Depending on your setup you can do this at the Apache level (dispatcher), you could write some rules in your Vhost file by applying path-based rules and checking the referrer in the request.

For more details about the directives, you can refer to Apache documentation

https://httpd.apache.org/docs/2.4/mod/core.html#locationmatch

https://httpd.apache.org/docs/2.4/mod/mod_rewrite.html

Hope this helps.

Regards,

Nitesh

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded