Introduction / FirstSpirit Server configuration / Configuration files (FirstSpirit Server) / FirstSpirit Server (fs-server.conf) / JumpToServlet and Webedit ForwardAction

Area: JumpToServlet and ContentCreator ForwardAction

Table of contents

Redirections in the client-server communication are restricted by the FirstSpirit server for security reasons.

Using the optional parameter allowedRedirectHosts URLs can be defined to which a redirect is to be allowed.

allowedRedirectHosts

At some points in FirstSpirit, redirect URLs are generated (e.g. links from remote projects in the preview or for the ContentCreator preview) that can potentially also refer to external URLs; for example:

http://localhost:5100/jump?url=http://www.example.de

or

http://localhost:5100/fs5webedit/Dispatcher?project=1183078&language=
DE&weAction=Forward&forward=http://www.example.de

URLs can be defined using the optional parameter allowedRedirectHosts to which a redirect is to be allowed. The following modes are possible:

allowedRedirectHosts=ALLOW_ALL               
Redirects to all URLs are allowed without limitations.

allowedRedirectHosts=fs.mywebsite.de,example.de,intranet.mywebsite.de
This allows for the creation of a white list of allowed targets. The allowed URLs are specified as comma-separated:

allowedRedirectHosts=FS_SERVER
A white list of allowed URLs is created from the following sources:                                

  1. fs-server.conf, parameters
  2. in the server properties configured web server (see Web server). This is the default setting.  

If an attempt is made to call an URL that is not allowed, the HTTP status code 403 (with the error cause “Forbidden request host:”) is output.

Using wildcards to configure redirect URLs

Wild-card characters can be used for configuration purposes. These wild-cards can be used for the top subdomain as well as within a subdomain.

Examples for possible wild-cards:

*.example.com 
first*.example.com 
*spirit.example.com 
f*spirit.example.com 
firstspirit.*xample.com 

Not allowed are:

  • Wild-cards in IP addresses
  • multiple wild-cards inside a single definition
  • replacing a whole domain with a wildcard

Examples for prohibited definitions:

*.168.1.1 
f*spir*.example.com 
firstspirit.*.com 
*.com 
*

© 2005 - 2024 Crownpeak Technology GmbH | All rights reserved. | FirstSpirit 2024.13 | Data privacy