Stop POST request from external Server to AEM / Dispatcher

Question

Hi Team,We have seen a security related issue in our environment.Issue :A POST request , which is coming from external site is able to access AEM , getting response from AEM "Content Modified "(Attached screenshot Response.png )Reproducible :1. Keep test3.html in your Tomcat / other servers.   a. test3.html contains a POST request to AEM page (test3.html)2. Make sure to setup AEM Publish & Dispatcher.3. Access test3.htmlOn Page load of test3.html , it will submit  POST request to AEM/DispatcherScreenshots / Pages / Servers URL Info :http://localhost:8081 ---- Tomcat Server (test3.html deployed here)http://localhost:9080 --- Apatche httpd Server (Configured dispatcher with Publish environment)http://localhost:4505 --- Local AEM Publish instanceAEM 5.6 & Dispatcher (Apache 2.2)Team, Please let me know how can i block external POST requests to stop access AEM .Thanks in advance Ravindra Reddy

Sham_HC · Accepted Answer

Make sure to take care of [1] which is surely missing from your symptoms. Configure referrer filter.. and install the security related hotfix. If need further help reach out for official request.

[1] http://docs.adobe.com/docs/en/cq/5-6-1/deploying/security_checklist.html

smacdonald2008 · Answer

"A POST request , which is coming from external site is able to access AEM , getting response from AEM "Content Modified "(Attached screenshot Response.png )"

Is your main concern here about an external server being able to send a POST request to AEM?

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded