[
http://jira.magnolia-cms.com/browse/DOCU-244?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Antti Hietala updated DOCU-244:
-------------------------------
Attachment: demo-project-site-definition.png
> Site-aware ACLs
> ---------------
>
> Key: DOCU-244
> URL: http://jira.magnolia-cms.com/browse/DOCU-244
> Project: Documentation
> Issue Type: New Feature
> Security Level: Public
> Components: content
> Reporter: Antti Hietala
> Assignee: Ruth Stocks
> Attachments: demo-project-site-definition.png
>
>
> MAGNOLIA-3915 introduced a new ACL parameter {{<site>}} that can be added at
> the beginning of a path or URL. The parameter applies the ACL rule when the
> current site definition matches its value.
> The purpose is to prevent a multisite scenario where content from one site
> can be accessed through all its sibling sites. Such a scenario hurts SEO
> efforts since crawlers interpret the sibling content as duplicate: it is the
> same content but visible through different URLs.
> For example, the {{demo-project}} site definition (screenshot) says that when
> the site is accessed via domain {{www.demo-project.com}}, content should be
> served from {{/demo-project}}, as defined in the {{handlePrefix}} property.
> However, it is also possible to access sibling site {{/demo-features}}
> content at the same domain using a URL such as
> {{www.demo-project.com/demo-features.html}}. The domain says content should
> be served from {{/demo-project}} but in fact it can come from
> {{/demo-features}}. This is the issue.
> To test locally:
> # In your [hosts file|http://en.wikipedia.org/wiki/Hosts_(file)], map
> {{www.demo-project.com}} to {{127.0.0.1}}.
> {code}
> 127.0.0.1 www.demo-features.com
> {code}
> # [Flush the DNS
> cache|http://www.techiecorner.com/35/how-to-flush-dns-cache-in-linux-windows-mac/].
> # Request content at
> {{http://www.demo-project.com:8080/magnoliaPublic/demo-features.html}}. You
> can see content from the sibling site {{/demo-features}}, which is not good.
> \\ \\
> To deny cross-site content access using the new {{<site>}} parameter:
> # Log into AdminCentral on the public instance and edit the {{anonymous}}
> role.
> # Add an ACL in the {{URL}} space. Deny access to
> {{<demo-project>/demo-features*}}. Angle brackets should be included. The
> first part in the brackets means "apply this ACL when the site definition
> {{demo-project}} is applied". The second part means "deny access to content
> at {{/demo-features}} and below".
> # Save the role.
> # Log out.
> # Request content at
> {{http://www.demo-project.com:8080/magnoliaPublic/demo-features.html}}. You
> should be denied access and presented a login screen instead.
> # Request content at
> {{http://www.demo-features.com:8080/magnoliaPublic/demo-features.html}}. Now
> content should be served since you are requesting it via a domain that is
> mapped to a different site definition {{demo-features}}. \\ \\
> Document the new parameter, its usage, purpose and the scenario in
> /administration/security/accesscontrollists.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.magnolia-cms.com/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
----------------------------------------------------------------
For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html
Alternatively, use our forums: http://forum.magnolia-cms.com/
To unsubscribe, E-mail to: <[email protected]>
----------------------------------------------------------------
