Solution:
Control the selectors in your application, so that
you only serve the explicit selectors needed
and return 404 for
all others.
Prevent the output of an unlimited number of content nodes.
§ Check the configuration
of the default renderers, which can be a problem area.
In particular the JSON renderer which can transverse the tree
structure over multiple levels.
For example, the request: http://localhost:4502/.json
could dump the whole repository in a JSON representation. This would cause significant server problems.
For example, the request: http://localhost:4502/.json
could dump the whole repository in a JSON representation. This would cause significant server problems.
For this reason Sling sets a limit on the number of maximum results.
To limit the depth of the JSON rendering you can set the value for:JSON
Max results (json.maximumresults)
in the configuration for the Apache Sling GET Servlet. When this limit is exceeded the rendering will be collapsed. The default value for Sling within CQ is 200.
in the configuration for the Apache Sling GET Servlet. When this limit is exceeded the rendering will be collapsed. The default value for Sling within CQ is 200.
§ As a preventive measure disable the
other default renderers (HTML, plain text, XML). Again by configuring the Apache
Sling GET Servlet
CAUTION
Do not
disable the JSON renderer, this is required for the normal operation of CQ.
No comments:
Post a Comment