From a7e77d1b7cc4defb0540fbe0d1f0d0101965f04e Mon Sep 17 00:00:00 2001
From: Philipp Dallig <philipp.dallig@pixelpark.com>
Date: Tue, 23 May 2017 10:21:38 +0200
Subject: [PATCH] mobile-aem - add dispatcher config

---
 customer/mobile-aem/production.yaml | 105 ++++++++++++++++++++++++++++
 1 file changed, 105 insertions(+)

diff --git a/customer/mobile-aem/production.yaml b/customer/mobile-aem/production.yaml
index 4e6acb2b..3096e9d7 100644
--- a/customer/mobile-aem/production.yaml
+++ b/customer/mobile-aem/production.yaml
@@ -58,3 +58,108 @@ infra::profile::aem::publish::pp_vhosts:
         sethandler: dispatcher-handler
         options:
           - FollowSymLinks
+
+# Use Alias function if updated to Puppet 4
+aem::dispatcher::publish_farm:
+## Flusher
+  z_invalidation_only:
+    virtualhosts:
+      - 'invalidation_only'
+    renders:
+      - { hostname: "127.0.0.1", port: '4503' }
+    filter:
+      - { type: 'deny', glob: '*' }
+      - { type: 'allow', glob: '*/content*' }
+    cache_docroot: '/opt/adobe/www/cache'
+    cache_rules:
+      - { type: 'allow', glob: '*' }
+    cache_invalidate:
+      - { type: 'deny', glob: '*' }
+      - { type: 'allow', glob: '*.html' }
+      - { type: 'allow', glob: '/etc/segmentation.segment.js' }
+      - { type: 'allow', glob: '*/analytics.sitecatalyst.js' }
+    cache_allowed_clients:
+      - { type: 'deny', glob: '*' }
+      - { type: 'allow', glob: '127.0.0.1' }
+    cache_statfileslevel: 3
+  mobile:
+    virtualhosts:
+      - 'prod-mobile-publish.pixelpark.net'
+    clientheaders:
+      - '*'
+    renders:
+      - { hostname: "127.0.0.1", port: '4503' }
+    filter:
+      - { type: 'deny', glob: '*' }
+      - { type: 'allow', url: '/' }
+      - { type: 'allow', url: '*.html' }
+      - { type: 'allow', url: '*.css'   }  # enable css
+      - { type: 'allow', url: '*.gif'   }  # enable gifs
+      - { type: 'allow', url: '*.ico'   }  # enable icos
+      - { type: 'allow', url: '*.js'    }  # enable javascript
+      - { type: 'allow', url: '*.png'   }  # enable png
+      - { type: 'allow', url: '*.swf'   }  # enable flash
+      - { type: 'allow', url: '*.jpg'   }  # enable jpg
+      - { type: 'allow', url: '*.jpeg'  }  # enable jpeg
+      - { type: 'allow', url: '*.svg'  }  # enable svg
+      - { type: 'allow', url: '*.ttf'  }  # enable ttf
+      - { type: 'allow', url: '*.woff'  }  # enable woff
+      - { type: 'allow', url: '*.woff2'  }  # enable woff2
+      - { type: 'allow', url: '*.eot'  }  # enable eot
+      - { type: 'allow', url: '*.pdf'  }  # enable pdf
+      - { type: 'allow', url: '*.wmv'  }  # enable wmv
+      - { type: 'allow', url: '*.psd'  }  # enable psd (Adobe Photoshop Dokument)
+      - { type: 'allow', url: '*.tif'  }  # enable tif
+      - { type: 'allow', url: '*.zip'  }  # enable zip
+      - { type: 'allow', url: '*.exe'  }  # enable exe
+      - { type: 'allow', url: '*.msi'  }  # enable msi
+      - { type: 'allow', url: '*.indd'  }  # enable indd (Adobe Indesign Dokument)
+      # Enable features
+      - { type: 'allow', url: '/libs/cq/personalization/*' } # enable personalization
+      - { type: 'allow', url: '/content/dam/api.json' } # enable generic asset JSON API
+      - { type: 'allow', url: '*.assetlibrary.json' } # enable asset library JSON API
+      - { type: 'allow', url: '*.articlelibrary.json' } # enable article library JSON API
+      - { type: 'allow', url: '*.assetdata.json' } # enable download basket JSON API
+      - { type: 'allow', method: 'post', url: '*.forms.html' } # enable forms
+      # Security Rules
+      - { type: 'deny', url: '/etc/'  }
+      - { type: 'deny', url: '/libs/'  }
+      - { type: 'allow', url: '/etc/designs/*'  }
+      - { type: 'allow', url: '/etc/clientlibs/*'  }
+      - { type: 'allow', url: '/etc/segmentation.segment.js'  }
+      - { type: 'allow', url: '/libs/cq/personalization/components/clickstreamcloud/content/config.json'  }
+      - { type: 'allow', url: '/libs/wcm/stats/tracker.js'  }
+      - { type: 'allow', url: '/libs/cq/personalization/*'  }  #  (JS, CSS and JSON)
+      - { type: 'allow', url: '/libs/cq/security/userinfo.json'  }  #  (CQ user information)
+      - { type: 'allow', url: '/libs/granite/security/currentuser.json'  }  #  (data must not be cached)
+      - { type: 'allow', url: '/libs/cq/i18n/*'  }  #  (Internalization)
+      # CSRF
+      - { type: 'allow', url: '/libs/granite/csrf/token.json' } # enable CSRF token
+      # Deny content grabbing
+      - { type: 'deny', url: '*.infinity.json' }
+      - { type: 'deny', url: '*.tidy.json'     }
+      - { type: 'deny', url: '*.sysview.xml'   }
+      - { type: 'deny', url: '*.docview.json'  }
+      - { type: 'deny', url: '*.docview.xml'   }
+      - { type: 'deny', url: '*.*[0-9].json'   }
+      # Deny query
+      - { type: 'deny', url: '*.query.json' }
+    cache_docroot: '/opt/adobe/www/cache/content/mobile'
+    cache_rules:
+      - { type: 'allow', glob: '*' }
+    cache_invalidate:
+      - { type: 'deny', glob: '*' }
+      - { type: 'allow', glob: '*.html' }
+      - { type: 'allow', glob: '/etc/segmentation.segment.js' }
+      - { type: 'allow', glob: '*/analytics.sitecatalyst.js' }
+    cache_allowed_clients:
+      - { type: 'deny', glob: '*' }
+      - { type: 'allow', glob: '127.0.0.1' }
+    cache_headers:
+      - 'X-Content-Type-Options'
+      - 'X-Frame-Options'
+      - 'X-XSS-Protection'
+      - 'Last-Modified'
+      - 'Expires'
+      - 'Content-Type'
+      - 'Access-Control-Allow-Origin'
-- 
2.39.5