We have a requirement where we want to allow the Post Servlets only from certain domains. Our site is public so no user does not need to be authenticated, hence we are not able to control through CUG or using csrf-token. Is it possible to do something with Akamai or dispatcher where we block requests from other domain for a specific path. Also please keep in mind the the requests should not be hacked through Post man.
Asked
Active
Viewed 354 times
1
-
1Yes, this is something you can do on Apache, using `mod_rewrite` and/or `mod_dispatcher`. The right `RewriteRule` could do the trick based on the Vhost/domain. How exactly you'd achieve this largely depends on your setup. What worries me, however, is that a POST servlet implies saving content in AEM. That's not something I'd allow anonymous users to do. It could be misused quite easily to crash your entire instance. Being able to use a servlet in a limited number of domains doesn't exactly secure that. – toniedzwiedz Aug 26 '20 at 14:02