Hello Everyone,
While working with AEM, There are many security concerns which we need to take care at Apache level to stop the attacker by attacking the website.
There are few security Headers which are required to provide security in the Apache level.
1. X-XSS Protection: X-XSS-Protection header can prevent some level of XSS (cross-site-scripting) attacks.
There are four possible ways you can configure this header.
0: XSS filter disabled 1: XSS filter enabled and sanitized the page if attack detected 1;mode=block XSS filter enabled and prevented rendering the page if attack detected 1;report=http://example.com/report_URI XSS filter enabled and reported the violation if attack detected
Note:We will use 1:mode=block to implement this security.This need to be put in publish.vhost files for every domain.
Note: AMS Users can just uncomment it base_rewrite_rules file.Enable it only if the server is on HTTPS.
3. X-Frame-Options: Use the X-Frame-Options header to prevent Clickjacking vulnerability on your website. By implementing this header, you instruct the browser not to embed your web page in frame/iframe.
4. Content Security Policy: Prevent XSS, clickjacking, code injection attacks by implementing the Content Security Policy (CSP) header in your web page HTTP response.The idea of this is that you can define all the third party domains from where you want to load anything on your website. So if attacker inject anything from www.attacker.com and this domain is not in the list of content security policy, then those requests will not load on a page and you can see exceptions in the console.
In the below example, you need to use your website domain in place of we-retail.com.
Note: To implement this security, if anytime you want to load and use any third party libraries, you always need to add the domain in this configuration.
Hope it will help you guys !!
Thanks and Happy Learning.
Awesome tricks, veryuseful.. Thanks For sharing
ReplyDeleteHi, can you plz write event handler and event listeners topics in aem
ReplyDelete