sirona-aem - add dispatcher security rules

diff --git a/customer/sirona-aem/prod.yaml b/customer/sirona-aem/prod.yaml
index e83520fab525931225a9f4432d840cdebe45172a..b556fac1a23e35aaa28e8b61f9e0528b64b9e3a3 100644 (file)
--- a/customer/sirona-aem/prod.yaml
+++ b/customer/sirona-aem/prod.yaml
@@ -219,6 +219,18 @@ aem::dispatcher::publish_farm:
       - { type: 'allow', url: '*.eot'  }  # enable eot
       # Enable features 
       - { type: 'allow', url: '/libs/cq/personalization/*' } # enable personalization
+      # Security Rules
+      - { type: 'deny', url: '/etc/'  }
+      - { type: 'deny', url: '/libs/'  }
+      - { type: 'allow', url: '/etc/designs/*'  }
+      - { type: 'allow', url: '/etc/clientlibs/*'  }
+      - { type: 'allow', url: '/etc/segmentation.segment.js'  }
+      - { type: 'allow', url: '/libs/cq/personalization/components/clickstreamcloud/content/config.json'  }
+      - { type: 'allow', url: '/libs/wcm/stats/tracker.js'  }
+      - { type: 'allow', url: '/libs/cq/personalization/*'  }  #  (JS, CSS and JSON)
+      - { type: 'allow', url: '/libs/cq/security/userinfo.json'  }  #  (CQ user information)
+      - { type: 'allow', url: '/libs/granite/security/currentuser.json'  }  #  (data must not be cached)
+      - { type: 'allow', url: '/libs/cq/i18n/*'  }  #  (Internalization)
       # Deny content grabbing
       - { type: 'deny', url: '*.infinity.json' }
       - { type: 'deny', url: '*.tidy.json'     }