From 70421eb5803f237f767cfbc9563ea21682187679 Mon Sep 17 00:00:00 2001
From: Philipp Dallig <philipp.dallig@pixelpark.com>
Date: Thu, 28 Jul 2016 16:30:07 +0200
Subject: [PATCH] sirona-aem - add dispatcher security rules

---
 customer/sirona-aem/prod.yaml | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/customer/sirona-aem/prod.yaml b/customer/sirona-aem/prod.yaml
index e83520fa..b556fac1 100644
--- a/customer/sirona-aem/prod.yaml
+++ b/customer/sirona-aem/prod.yaml
@@ -219,6 +219,18 @@ aem::dispatcher::publish_farm:
       - { type: 'allow', url: '*.eot'  }  # enable eot
       # Enable features 
       - { type: 'allow', url: '/libs/cq/personalization/*' } # enable personalization
+      # Security Rules
+      - { type: 'deny', url: '/etc/'  }
+      - { type: 'deny', url: '/libs/'  }
+      - { type: 'allow', url: '/etc/designs/*'  }
+      - { type: 'allow', url: '/etc/clientlibs/*'  }
+      - { type: 'allow', url: '/etc/segmentation.segment.js'  }
+      - { type: 'allow', url: '/libs/cq/personalization/components/clickstreamcloud/content/config.json'  }
+      - { type: 'allow', url: '/libs/wcm/stats/tracker.js'  }
+      - { type: 'allow', url: '/libs/cq/personalization/*'  }  #  (JS, CSS and JSON)
+      - { type: 'allow', url: '/libs/cq/security/userinfo.json'  }  #  (CQ user information)
+      - { type: 'allow', url: '/libs/granite/security/currentuser.json'  }  #  (data must not be cached)
+      - { type: 'allow', url: '/libs/cq/i18n/*'  }  #  (Internalization)
       # Deny content grabbing
       - { type: 'deny', url: '*.infinity.json' }
       - { type: 'deny', url: '*.tidy.json'     }
-- 
2.39.5