Question posted in
Some documentation to get you started can be found here.

AEM Apache Dispatcher 2.4.6 client denied by server configuration

I have an AEM 6.3 instance running behind an Apache instance which version is 2.4.6, with Dispatcher module in it. All is good, but now I need to wipe out all query params for all URLs that end with “.html”.

This may sound simple to accomplish, but I came across an issue I can’t resolve. This is the rewrite rule I’m using to remove all the query params from URLs ending in .html:

RewriteRule ^/(.*).html$ /$1.html [QSD]

Technically, one could see this rewrite as not a rewrite actually, because it is sending the original request to the same URL, but the flag QSD is for dropping all query params.

The problem is, if I reload my Apache instance whit this rule included, I start getting errors like this:

[Wed Jun 10 14:53:35.698908 2020] [authz_core:error] [pid 31733] [client 54.209.162.6:61649] AH01630: client denied by server configuration: /etc/clientlibs, referer: https://my.domain.com/etc/clientlibs/mygroup/some/simple/page.html

I know some people had issues like this when migrating from Apache 2.2 to 2.4. This is not my case, and I have also checked my vhost configuration. I don’t have directives from Apache 2.2 like “Order deny,allow” or “Allow from all”. I’m using “Require all granted”.

One weird thing in AEM logs, is that when my Rewrite rule is not in place, I can see error.log logging that “/etc/clientlibs/mygroup/some/simple/page.html” is found. But if I put the rule and reload Apache, I see this from logs:

10.06.2020 10:16:40.085 *INFO* [54.209.162.6 [1591798600081] GET /etc/clientlibs/mygroup/some/simple/page/jcr:content.json HTTP/1.1] org.apache.sling.engine.impl.SlingRequestProcessorImpl service: Resource /etc/clientlibs/mygroup/some/simple/page/jcr:content.json not found

It is like the extension .html would be ripped off from URL, and since there is no extension, AEM or rather Sling is trying to use the default content resolver which is JSON.

Tags:

3

Answers


  1. Chosen as BEST ANSWER
    0

    I finally was able to fix my issue. Even though I still don't understand the full picture. This is my final condition and rule:

    RewriteCond %{QUERY_STRING} ^.
RewriteRule ^/(.*).html$ /$1.html [QSD,PT]

    Adding "PT" along with "QSD" makes Apache not return the "client denied" error. The condition around QUERY_STRING it is just to make sure Apache only manipulates those requests that really have query params in the URL, or technically at least one char


  2. 0

    What about adding a conditional to skip this rule to be applied for /etc/clientlibs just before the rewrite rule. RewriteCond %{REQUEST_URI} !^/etc/clientlibs.*

    Login or Signup to reply.
  3. 0

    why donÄt you just use

    RewriteRule ^ %{REQUEST_URI} [L,R,QSD]

    (maybe the redirect is not needed in your case… but it makes things clear to the browser).

    Or if you just want to make sure that your request is cached in the dispatcher and not passed throught to AEM each time, use:

    /filter {
 /0001 { /type "deny" /method "POST" /url "/etc/*" }
 /0002 { /type "allow" /method "GET" /url "/etc/*" /query "a=*" }
}

    in your dispatcher config (s. https://docs.adobe.com/content/help/en/experience-manager-dispatcher/using/configuring/dispatcher-configuration.html for details).

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search