{"id":4139,"date":"2017-06-09T05:24:39","date_gmt":"2017-06-08T23:54:39","guid":{"rendered":"\/?p=4139"},"modified":"2020-08-17T11:46:09","modified_gmt":"2020-08-17T06:16:09","slug":"misconfigured-page-not-found-jeopardizing-website","status":"publish","type":"post","link":"https:\/\/www.argildx.us\/miscellaneous\/misconfigured-page-not-found-jeopardizing-website\/","title":{"rendered":"Is a Misconfigured \u201cPage Not Found\u201d Jeopardizing Your Website?"},"content":{"rendered":"

Since Zap Technology Solutions (now Argil DX) released its free Security Scanner<\/strong><\/a>\u00a0there have been a lot of folks scanning their websites. However, a few scans reported that sites were more vulnerable than they actually were. Something wrong with the security scanner? No. It is due to a simple misconfiguration of the website\u2019s AEM\/CQ5-based \u201cPage Not Found<\/strong>\u201d response. You see, the standard HTTP response code for a successfully served page is 200 (OK). However, typically a \u201cPage Not Found\u201d page has a response code of 404 (Page Not Found).<\/p>\n

<\/p>\n

Regardless of the response code, your customers will see the same content. However, there are things that happen behind the scenes that could impact the performance of your site and may endanger your site. If you\u2019re using Adobe Dispatcher to cache your AEM\/CQ5-served content, Dispatcher only caches content which has a 200 response code. If your content responds with a 404 (or other error code), Dispatcher doesn\u2019t cache it.<\/p>\n

Imagine a scenario in which a user typos a page name (hmoe.html rather than home.html)<\/strong> in the URL for your site. They receive a \u201cPage Not Found\u201d response and that page responds with a 200 code. Dispatcher will now cache that page (hmoe.html) on your web server. Since the page doesn\u2019t really exist on your site, there will never be a request to clear that page from your dispatcher cache. It will sit there until it is manually deleted or until its parent page is deactivated. It\u2019s probably not a very big page\u2026 Maybe 20 KB. However, imagine that 500 users per month make similar typos on URLs. That would be 500 errant pages in your Dispatcher cache per month (assuming none of the typos have already been cached). These pages will likely stay on your web servers\u2019 drives for a very long time. Eventually, it could cause your drives to fill up which, at the very least, would prevent new content from being cached and at the worst, could cause your web server to stop serving content.<\/p>\n

You might say that it\u2019s unlikely enough \u201cPage Not Found\u201d pages would be served to cause your drives to fill up. You might be right. However, imagine another scenario; a more nefarious scenario. A person (let\u2019s call them a hacker) could become aware of the fact that your site\u2019s \u201cPage Not Found,\u201d responds with a 200 code which could cause it to be cached (not only by your systems, but if your site uses a CDN, that would also cache it). It wouldn\u2019t take a very sophisticated hacker to repeatedly ping your site with random page names which continue to cache and fill up your web servers\u2019 drives.<\/p>\n

Here\u2019s how to check how your \u201cPage Not Found\u201d page responds\u2026 Determine the URL of a page which you know is served by AEM\/CQ5. Let\u2019s use the example http:\/\/www.abcd.com\/content\/home.html. Change the page name (home) to a name that you know doesn\u2019t exist on your site (example: blah). So your new URL will be http:\/\/www.abcd.com\/content\/blah.html. Browse to \/response-check.html and enter your new URL into the box provided and click \u201cCheck Response.\u201d It should provide you with the response code that the URL returns. If it\u2019s 200 (and you know the page should not exist), it will likely take a development effort to get AEM\/CQ5 to respond with the appropriate 404 response code.<\/p>\n

This is just one of the many hidden<\/em> issues, which are not readily apparent to your marketing team or to your customers, which might exist on your AEM\/CQ5 implementation. Nevertheless, if this type of issue was to be exploited, you can be sure that it would affect your customers and that marketing would take note. Take a few minutes to test your Page Not Found response and then sign up for the security scanner to scan your AEM\/CQ5-based website for other security issues.<\/p>\n

Looking for security experts<\/a> who can take care of your AEM-based website’s vulnerability issues? Feel free to contact us<\/a>.<\/em><\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"

Since Zap Technology Solutions (now Argil DX) released its free Security Scanner\u00a0there have been a lot of folks scanning their websites. However, a few scans reported that sites were more vulnerable than they actually were. Something wrong with the security scanner? No. It is due to a simple misconfiguration of the website\u2019s AEM\/CQ5-based \u201cPage Not … Read more<\/a><\/p>\n","protected":false},"author":29,"featured_media":6942,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":"","content-type":"","footnotes":""},"categories":[317],"tags":[],"yst_prominent_words":[1137,1133,1128,864,1139,1134,2753,1142,1135,1132,1136,1130,1127,1053,1126,1131,1141,1138,1140,1129],"acf":[],"yoast_head":"\nIs a Misconfigured \u201cPage Not Found\u201d Jeopardizing Your Website?<\/title>\n<meta name=\"description\" content=\"Don't let a misconfigured "Page Not Found" repsonse or 404 page expose your site to security risks. Scan hidden site issues with our free security scanner.\" \/>\n<meta name=\"robots\" content=\"index, follow\" \/>\n<meta name=\"googlebot\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta name=\"bingbot\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.argildx.us\/miscellaneous\/misconfigured-page-not-found-jeopardizing-website\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Is a Misconfigured \u201cPage Not Found\u201d Jeopardizing Your Website?\" \/>\n<meta property=\"og:description\" content=\"Don't let a misconfigured "Page Not Found" repsonse or 404 page expose your site to security risks. Scan hidden site issues with our free security scanner.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.argildx.us\/miscellaneous\/misconfigured-page-not-found-jeopardizing-website\/\" \/>\n<meta property=\"og:site_name\" content=\"Argil DX\" \/>\n<meta property=\"article:published_time\" content=\"2017-06-08T23:54:39+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2020-08-17T06:16:09+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.argildx.us\/wp-content\/uploads\/2017\/06\/Is-a-Misconfigured-\u201cPage-Not-Found\u201d-Jeopardizing-Your-Website.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1440\" \/>\n\t<meta property=\"og:image:height\" content=\"542\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.argildx.us\/#website\",\"url\":\"https:\/\/www.argildx.us\/\",\"name\":\"Argil DX\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":\"https:\/\/www.argildx.us\/?s={search_term_string}\",\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.argildx.us\/miscellaneous\/misconfigured-page-not-found-jeopardizing-website\/#primaryimage\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/www.argildx.us\/wp-content\/uploads\/2017\/06\/Is-a-Misconfigured-\\u201cPage-Not-Found\\u201d-Jeopardizing-Your-Website.jpg\",\"width\":1440,\"height\":542,\"caption\":\"a man holding a broken cable to show a 404 page\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.argildx.us\/miscellaneous\/misconfigured-page-not-found-jeopardizing-website\/#webpage\",\"url\":\"https:\/\/www.argildx.us\/miscellaneous\/misconfigured-page-not-found-jeopardizing-website\/\",\"name\":\"Is a Misconfigured \\u201cPage Not Found\\u201d Jeopardizing Your Website?\",\"isPartOf\":{\"@id\":\"https:\/\/www.argildx.us\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.argildx.us\/miscellaneous\/misconfigured-page-not-found-jeopardizing-website\/#primaryimage\"},\"datePublished\":\"2017-06-08T23:54:39+00:00\",\"dateModified\":\"2020-08-17T06:16:09+00:00\",\"author\":{\"@id\":\"https:\/\/www.argildx.us\/#\/schema\/person\/1c5b6f3f2f7218d9acb851588b98551f\"},\"description\":\"Don't let a misconfigured \\\"Page Not Found\\\" repsonse or 404 page expose your site to security risks. Scan hidden site issues with our free security scanner.\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.argildx.us\/miscellaneous\/misconfigured-page-not-found-jeopardizing-website\/\"]}]},{\"@type\":[\"Person\"],\"@id\":\"https:\/\/www.argildx.us\/#\/schema\/person\/1c5b6f3f2f7218d9acb851588b98551f\",\"name\":\"Argil DX Media\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.argildx.us\/#personlogo\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/0ccbc04705942d1269cdf9f789e58484?s=96&d=mm&r=g\",\"caption\":\"Argil DX Media\"}}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","_links":{"self":[{"href":"https:\/\/www.argildx.us\/wp-json\/wp\/v2\/posts\/4139"}],"collection":[{"href":"https:\/\/www.argildx.us\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.argildx.us\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.argildx.us\/wp-json\/wp\/v2\/users\/29"}],"replies":[{"embeddable":true,"href":"https:\/\/www.argildx.us\/wp-json\/wp\/v2\/comments?post=4139"}],"version-history":[{"count":0,"href":"https:\/\/www.argildx.us\/wp-json\/wp\/v2\/posts\/4139\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.argildx.us\/wp-json\/wp\/v2\/media\/6942"}],"wp:attachment":[{"href":"https:\/\/www.argildx.us\/wp-json\/wp\/v2\/media?parent=4139"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.argildx.us\/wp-json\/wp\/v2\/categories?post=4139"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.argildx.us\/wp-json\/wp\/v2\/tags?post=4139"},{"taxonomy":"yst_prominent_words","embeddable":true,"href":"https:\/\/www.argildx.us\/wp-json\/wp\/v2\/yst_prominent_words?post=4139"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}