From: Philipp Dallig <philipp.dallig@pixelpark.com>
Date: Thu, 28 Jul 2016 14:30:07 +0000 (+0200)
Subject: sirona-aem - add dispatcher security rules
X-Git-Tag: v0.1.0~4417
X-Git-Url: https://git.uhu-banane.de/?a=commitdiff_plain;h=70421eb5803f237f767cfbc9563ea21682187679;p=pixelpark%2Fhiera.git

sirona-aem - add dispatcher security rules
---

diff --git a/customer/sirona-aem/prod.yaml b/customer/sirona-aem/prod.yaml
index e83520fa..b556fac1 100644
--- a/customer/sirona-aem/prod.yaml
+++ b/customer/sirona-aem/prod.yaml
@@ -219,6 +219,18 @@ aem::dispatcher::publish_farm:
       - { type: 'allow', url: '*.eot'  }  # enable eot
       # Enable features 
       - { type: 'allow', url: '/libs/cq/personalization/*' } # enable personalization
+      # Security Rules
+      - { type: 'deny', url: '/etc/'  }
+      - { type: 'deny', url: '/libs/'  }
+      - { type: 'allow', url: '/etc/designs/*'  }
+      - { type: 'allow', url: '/etc/clientlibs/*'  }
+      - { type: 'allow', url: '/etc/segmentation.segment.js'  }
+      - { type: 'allow', url: '/libs/cq/personalization/components/clickstreamcloud/content/config.json'  }
+      - { type: 'allow', url: '/libs/wcm/stats/tracker.js'  }
+      - { type: 'allow', url: '/libs/cq/personalization/*'  }  #  (JS, CSS and JSON)
+      - { type: 'allow', url: '/libs/cq/security/userinfo.json'  }  #  (CQ user information)
+      - { type: 'allow', url: '/libs/granite/security/currentuser.json'  }  #  (data must not be cached)
+      - { type: 'allow', url: '/libs/cq/i18n/*'  }  #  (Internalization)
       # Deny content grabbing
       - { type: 'deny', url: '*.infinity.json' }
       - { type: 'deny', url: '*.tidy.json'     }