adobe · SachinMali · Mar 6, 2023 · Feb 20, 2023
diff --git a/dispatcher/pom.xml b/dispatcher/pom.xml
@@ -53,25 +53,31 @@
                                 <!-- rules being inserted by archetype-pre-package.groovy -->
                                 <requireTextFileChecksum>
                                     <file>src/conf.d/available_vhosts/default.vhost</file>
-                                    <checksum>d54181c3025ee07b08bb94429a5ca723</checksum>
+                                    <checksum>d4bc425c3f0ce825450019ce2501e14e</checksum>
                                     <type>md5</type>
                                     <message>There have been changes detected in a file which is supposed to be immutable according to https://docs.adobe.com/content/help/en/experience-manager-cloud-service/implementing/content-delivery/disp-overview.html#file-structure: src/conf.d/available_vhosts/default.vhost</message>
                                 </requireTextFileChecksum>
                                 <requireTextFileChecksum>
                                     <file>src/conf.d/dispatcher_vhost.conf</file>
-                                    <checksum>9d004cbfab28db1489af7b29afb39c0a</checksum>
+                                    <checksum>b355146c776800f903f1bf8d164ad495</checksum>
                                     <type>md5</type>
                                     <message>There have been changes detected in a file which is supposed to be immutable according to https://docs.adobe.com/content/help/en/experience-manager-cloud-service/implementing/content-delivery/disp-overview.html#file-structure: src/conf.d/dispatcher_vhost.conf</message>
                                 </requireTextFileChecksum>
+                                <requireTextFileChecksum>
+                                    <file>src/conf.d/enabled_vhosts/vhosts.conf</file>
+                                    <checksum>8e9af819b868d93df01b16d3487f3401</checksum>
+                                    <type>md5</type>
+                                    <message>There have been changes detected in a file which is supposed to be immutable according to https://docs.adobe.com/content/help/en/experience-manager-cloud-service/implementing/content-delivery/disp-overview.html#file-structure: src/conf.d/enabled_vhosts/vhosts.conf</message>
+                                </requireTextFileChecksum>
                                 <requireTextFileChecksum>
                                     <file>src/conf.d/rewrites/default_rewrite.rules</file>
-                                    <checksum>8b866275685509537f6ab0397ddeda53</checksum>
+                                    <checksum>1571c99af0456da2186442a5a6a072f1</checksum>
                                     <type>md5</type>
                                     <message>There have been changes detected in a file which is supposed to be immutable according to https://docs.adobe.com/content/help/en/experience-manager-cloud-service/implementing/content-delivery/disp-overview.html#file-structure: src/conf.d/rewrites/default_rewrite.rules</message>
                                 </requireTextFileChecksum>
                                 <requireTextFileChecksum>
                                     <file>src/conf.dispatcher.d/available_farms/default.farm</file>
-                                    <checksum>5330de0cd702363027107ed257a80f67</checksum>
+                                    <checksum>3d8a01ff3465ac69b229bff6e90ecdeb</checksum>
                                     <type>md5</type>
                                     <message>There have been changes detected in a file which is supposed to be immutable according to https://docs.adobe.com/content/help/en/experience-manager-cloud-service/implementing/content-delivery/disp-overview.html#file-structure: src/conf.dispatcher.d/available_farms/default.farm</message>
                                 </requireTextFileChecksum>
@@ -99,9 +105,15 @@
                                     <type>md5</type>
                                     <message>There have been changes detected in a file which is supposed to be immutable according to https://docs.adobe.com/content/help/en/experience-manager-cloud-service/implementing/content-delivery/disp-overview.html#file-structure: src/conf.dispatcher.d/dispatcher.any</message>
                                 </requireTextFileChecksum>
+                                <requireTextFileChecksum>
+                                    <file>src/conf.dispatcher.d/enabled_farms/farms.any</file>
+                                    <checksum>64d45e6fa1c7525a9a34aa4a7ccf0852</checksum>
+                                    <type>md5</type>
+                                    <message>There have been changes detected in a file which is supposed to be immutable according to https://docs.adobe.com/content/help/en/experience-manager-cloud-service/implementing/content-delivery/disp-overview.html#file-structure: src/conf.dispatcher.d/enabled_farms/farms.any</message>
+                                </requireTextFileChecksum>
                                 <requireTextFileChecksum>
                                     <file>src/conf.dispatcher.d/filters/default_filters.any</file>
-                                    <checksum>93d6896c1b92829af8707ead21b7e62a</checksum>
+                                    <checksum>8a99566bdabbc11061a6cbaf0f14cecc</checksum>
                                     <type>md5</type>
                                     <message>There have been changes detected in a file which is supposed to be immutable according to https://docs.adobe.com/content/help/en/experience-manager-cloud-service/implementing/content-delivery/disp-overview.html#file-structure: src/conf.dispatcher.d/filters/default_filters.any</message>
                                 </requireTextFileChecksum>

diff --git a/dispatcher/src/conf.d/available_vhosts/default.vhost b/dispatcher/src/conf.d/available_vhosts/default.vhost
@@ -60,12 +60,6 @@ Include conf.d/variables/custom.vars
 
 		# Rewrite index page internally, pass through (PT)
 		RewriteRule "^(/?)$" "/index.html" [PT]
-	</IfModule>
 
-    # Content Services/Sling Model Exporter: Cache for 5min with background refresh 1h on browser and 12h on CDN to avoid MISS
-    <LocationMatch "^/content/.*\.model\.json$">
-       Header set Cache-Control "max-age=300,stale-while-revalidate=3600" "expr=%{REQUEST_STATUS} < 400"
-       Header set Surrogate-Control "stale-while-revalidate=43200,stale-if-error=43200" "expr=%{REQUEST_STATUS} < 400"
-       Header set Age 0
-    </LocationMatch>
+	</IfModule>
 </VirtualHost>
diff --git a/dispatcher/src/conf.d/dispatcher_vhost.conf b/dispatcher/src/conf.d/dispatcher_vhost.conf
@@ -14,11 +14,11 @@ Include conf.d/variables/global.vars
 # WARNING!!! The probe paths below are INTERNAL and RESERVED - please DO NOT USE them in your virtual host configurations!
 
 # Liveness probe URL
-Alias "/system/probes/live" /etc/httpd/probes/live-status.json
+Alias "/system/probes/live" probes/live-status.json
 # Readiness probe URL
-Alias "/system/probes/ready" /etc/httpd/probes/ready-status.json
+Alias "/system/probes/ready" probes/ready-status.json
 # Startup probe URL
-Alias "/system/probes/start" /etc/httpd/probes/startup-status.json
+Alias "/system/probes/start" probes/startup-status.json
 
 # internal probes endpoint
 <LocationMatch "/system/probes">
@@ -54,24 +54,6 @@ Alias "/system/probes/start" /etc/httpd/probes/startup-status.json
     </LocationMatch>
 </IfDefine>
 
-# SITES-5185 - Ensure all GraphQL Queries to production publisher are using Persistent Queries and not direct query requests
-<IfDefine ENVIRONMENT_PROD>
-    SSLProxyEngine on
-    <LocationMatch "^/content/_cq_graphql/.*/endpoint.json$">
-        RewriteCond %{ENV:ENABLE_GRAPHQL_ENDPOINT} ^$ [OR]
-        RewriteCond %{ENV:ENABLE_GRAPHQL_ENDPOINT} ^false$
-        RewriteRule ^/(.*)$ - [R=404,L]
-    </LocationMatch>
-</IfDefine>
-<IfDefine ENVIRONMENT_STAGE>
-    SSLProxyEngine on
-    <LocationMatch "^/content/_cq_graphql/.*/endpoint.json$">
-        RewriteCond %{ENV:ENABLE_GRAPHQL_ENDPOINT} ^$ [OR]
-        RewriteCond %{ENV:ENABLE_GRAPHQL_ENDPOINT} ^false$
-        RewriteRule ^/(.*)$ - [R=404,L]
-    </LocationMatch>
-</IfDefine>
-
 # If the module loads correctly then apply base settings for the module
 <IfModule disp_apache2.c>
 	# location of the configuration file. eg: 'conf/dispatcher.any'
@@ -116,20 +98,23 @@ Alias "/system/probes/start" /etc/httpd/probes/startup-status.json
 	Header unset Age
 </IfDefine>
 
-# SITES-3659 Prevent re-encodes of URLs sent to GraphQL Persisted Queries API endpoint
-<LocationMatch "/graphql/execute.json/.*">
-    ProxyPassMatch http://${AEM_HOST}:${AEM_PORT} nocanon
-</LocationMatch>
+# SITES-11040 Do ProxyPassMatch, if caching for GraphQL Persisted Queries is not enabled
+<IfDefine !CACHE_GRAPHQL_PERSISTED_QUERIES>
+    # SITES-3659 Prevent re-encodes of URLs sent to GraphQL Persisted Queries API endpoint
+	<LocationMatch "/graphql/execute.json/.*">
+        ProxyPassMatch http://${AEM_HOST}:${AEM_PORT} nocanon
+	</LocationMatch>
+</IfDefine>
 
-# (legacy) Allow ingressroute checks through on /systemready (regardless of dispatcher filters)
+# Legacy /systemready mapped to new Health probe URL /system/probes/health in AEM
 <Location "/systemready">
-	ProxyPass http://${AEM_HOST}:${AEM_PORT}/systemready
+	ProxyPass http://${AEM_HOST}:${AEM_PORT}/system/probes/health
 	RewriteEngine Off
 </Location>
 
-# new Health probe URL to legacy /systemready URL mapping
+# Allow ingressroute checks through on /system/probes/health (regardless of dispatcher filters)
 <Location "/system/probes/health">
-	ProxyPass http://${AEM_HOST}:${AEM_PORT}/systemready
+	ProxyPass http://${AEM_HOST}:${AEM_PORT}/system/probes/health
 	RewriteEngine Off
 </Location>
 
@@ -154,6 +139,9 @@ Alias "/system/probes/start" /etc/httpd/probes/startup-status.json
 		ProxyPassMatch   ${COMMERCE_ENDPOINT}$2
 		ProxyPassReverse ${COMMERCE_ENDPOINT}
 		RewriteEngine 	 Off
+		# CIF-2971: Experience Platform Connector cookie to header forwarding
+		SetEnvIfNoCase Cookie "(^| )aep-segments-membership=([^;]*)" AEP_SEGMENTS_MEMBERSHIP=$2
+		RequestHeader set aep-segments-membership "%{AEP_SEGMENTS_MEMBERSHIP}e" env=AEP_SEGMENTS_MEMBERSHIP
 	</LocationMatch>
 </IfDefine>
 <IfDefine COMMERCE_ENDPOINT_2>
@@ -165,6 +153,8 @@ Alias "/system/probes/start" /etc/httpd/probes/startup-status.json
 		ProxyPassMatch   ${AEM_COMMERCE_ENDPOINT_2}$2
 		ProxyPassReverse ${AEM_COMMERCE_ENDPOINT_2}
 		RewriteEngine 	 Off
+		SetEnvIfNoCase Cookie "(^| )aep-segments-membership=([^;]*)" AEP_SEGMENTS_MEMBERSHIP=$2
+		RequestHeader set aep-segments-membership "%{AEP_SEGMENTS_MEMBERSHIP}e" env=AEP_SEGMENTS_MEMBERSHIP
 	</LocationMatch>
 </IfDefine>
 <IfDefine COMMERCE_ENDPOINT_3>
@@ -176,6 +166,8 @@ Alias "/system/probes/start" /etc/httpd/probes/startup-status.json
 		ProxyPassMatch	 ${AEM_COMMERCE_ENDPOINT_3}$2
 		ProxyPassReverse ${AEM_COMMERCE_ENDPOINT_3}
 		RewriteEngine 	 Off
+		SetEnvIfNoCase Cookie "(^| )aep-segments-membership=([^;]*)" AEP_SEGMENTS_MEMBERSHIP=$2
+		RequestHeader set aep-segments-membership "%{AEP_SEGMENTS_MEMBERSHIP}e" env=AEP_SEGMENTS_MEMBERSHIP
 	</LocationMatch>
 </IfDefine>
 <IfDefine COMMERCE_ENDPOINT_4>
@@ -187,6 +179,8 @@ Alias "/system/probes/start" /etc/httpd/probes/startup-status.json
 		ProxyPassMatch	 ${AEM_COMMERCE_ENDPOINT_4}$2
 		ProxyPassReverse ${AEM_COMMERCE_ENDPOINT_4}
 		RewriteEngine 	 Off
+		SetEnvIfNoCase Cookie "(^| )aep-segments-membership=([^;]*)" AEP_SEGMENTS_MEMBERSHIP=$2
+		RequestHeader set aep-segments-membership "%{AEP_SEGMENTS_MEMBERSHIP}e" env=AEP_SEGMENTS_MEMBERSHIP
 	</LocationMatch>
 </IfDefine>
 <IfDefine COMMERCE_ENDPOINT_5>
@@ -198,6 +192,8 @@ Alias "/system/probes/start" /etc/httpd/probes/startup-status.json
 		ProxyPassMatch	 ${AEM_COMMERCE_ENDPOINT_5}$2
 		ProxyPassReverse ${AEM_COMMERCE_ENDPOINT_5}
 		RewriteEngine 	 Off
+		SetEnvIfNoCase Cookie "(^| )aep-segments-membership=([^;]*)" AEP_SEGMENTS_MEMBERSHIP=$2
+		RequestHeader set aep-segments-membership "%{AEP_SEGMENTS_MEMBERSHIP}e" env=AEP_SEGMENTS_MEMBERSHIP
 	</LocationMatch>
 </IfDefine>
 
@@ -215,7 +211,7 @@ Alias "/system/probes/start" /etc/httpd/probes/startup-status.json
 </Directory>
 
 # internal metadata endpoint
-Alias "/gitinit-status" /etc/httpd/metadata/gitinit-status.json
+Alias "/gitinit-status" metadata/gitinit-status.json
 
 <LocationMatch "/gitinit-status">
     RewriteEngine Off
@@ -227,6 +223,50 @@ Alias "/gitinit-status" /etc/httpd/metadata/gitinit-status.json
     Require expr "%{HTTP_HOST} == '${POD_NAME}'"
 </Directory>
 
+# Dedicated vhost for EaaS:
+# (currently disabled, but customers can expect it to be enabled in future versions - CQ-4349728)
+#<VirtualHost *:80>
+#	ServerName	"test.eaas"
+#	# possibility to make overrides before directives in this vhost
+#	IncludeOptional conf.d/includes/first-listed-vhost.pre.includes
+#	# since this vhost is first-listed one, this setting influences other vhosts - see https://httpd.apache.org/docs/2.4/mod/core.html#limitrequestfieldsize
+#	LimitRequestFieldSize 32768
+#	DocumentRoot /var/www/localhost/htdocs
+#	AllowEncodedSlashes NoDecode
+#	<IfModule mod_headers.c>
+#		Header add X-Vhost "test.eaas"
+#	</IfModule>
+#	<Directory "/var/www/localhost/htdocs">
+#		Options Indexes FollowSymLinks
+#		AllowOverride None
+#		Require all granted
+#	</Directory>
+#
+#	# SKYOPS-49434: Allow EaaS to access publish instance directly for dev and stage environments when test.eaas vhost is requested
+#	<IfDefine ENVIRONMENT_DEV>
+#		<LocationMatch "/">
+#			ProxyPassMatch http://${AEM_HOST}:${AEM_PORT}
+#			RewriteEngine Off
+#		</LocationMatch>
+#	</IfDefine>
+#	<IfDefine ENVIRONMENT_STAGE>
+#		<LocationMatch "/">
+#			ProxyPassMatch http://${AEM_HOST}:${AEM_PORT}
+#			RewriteEngine Off
+#		</LocationMatch>
+#	</IfDefine>
+#	# 403 Forbidden on prod
+#	<IfDefine ENVIRONMENT_PROD>
+#		<IfModule mod_rewrite.c>
+#			RewriteEngine	on
+#			RewriteRule ^ - [F]
+#		</IfModule>
+#	</IfDefine>
+#	# possibility to make overrides after directives in this vhost
+#	IncludeOptional conf.d/includes/first-listed-vhost.post.includes
+#</VirtualHost>
+
+# Customer's vhosts:
 Include conf.d/enabled_vhosts/*.vhost
 
 # Create a catch-all vhost

diff --git a/dispatcher/src/conf.d/rewrites/default_rewrite.rules b/dispatcher/src/conf.d/rewrites/default_rewrite.rules
@@ -38,6 +38,6 @@ RewriteRule .* - [F]
 # Block wp-login
 RewriteRule ^.*wp-login - [F,NC,L]
 
-# Allow caching of persisted queries
+# Allow the dispatcher to be able to cache persisted queries - they need an extension for the cache file
 RewriteCond %{REQUEST_URI} ^/graphql/execute.json
-RewriteRule ^/(.*)$ /$1;.json [PT,L]
+RewriteRule ^/(.*)$ /$1;.json [PT]
diff --git a/dispatcher/src/conf.dispatcher.d/available_farms/default.farm b/dispatcher/src/conf.dispatcher.d/available_farms/default.farm
@@ -91,11 +91,11 @@
 		# well as general marketing related parameters such as e.g. utm_campaign.
 		# Marketing parameters can normally be ignored on most websites as they are tracked
 		# through different means. 
-		/ignoreUrlParams {
-			/0001 { /glob "*" /type "deny" }
+		# /ignoreUrlParams {
+		# 	/0001 { /glob "*" /type "deny" }
 		# 	/0002 { /glob "q" /type "allow" }
-		#	$include "../cache/marketing_query_parameters.any"
-		}
+		# 	$include "../cache/marketing_query_parameters.any"
+		# }
 
 		# Cache response headers next to a cached file. On the first request to
 		# an uncached resource, all headers matching one of the values found here

diff --git a/dispatcher/src/conf.dispatcher.d/filters/default_filters.any b/dispatcher/src/conf.dispatcher.d/filters/default_filters.any
@@ -97,4 +97,4 @@
 /0061 { /type "allow" /method '(GET|POST|OPTIONS)' /url "/graphql/execute.json*" }
 
 # Allow Forms Document Services requests
-/0062 { /type "allow" /method "POST" /url "/adobe/forms/*" }
+/0062 { /type "allow" /method '(GET|POST)' /url "/adobe/forms/*" }