1. Home
  2. Development
  3. RE: RE: Getting Redirected to Login portlet when accessing /image

RE: RE: Getting Redirected to Login portlet when accessing /image

Gaurav Pandey, modified 4 Years ago.
Getting Redirected to Login portlet when accessing /image
New Member Posts: 6 Join Date: 2/1/21 Recent Posts

Hi,

We recently received a Vulnerability that is as below (Liferay 6.2 EE)

When we manupulate custom login portlet URL. https://www.mycustomlogin/login to https://www.mycustomlogin/image I get redirected to the Liferay Login portlet which exposes the full URL (https://www.mycustomlogin/inicio?p_p_state=maximized&p_p_mode=view&saveLastPath=false&_58_struts_action=%2Flogin%2Flogin&p_p_id=58&p_p_lifecycle=0&_58_redirect=%2Fimage)

and after this URL can be modified to get access to search portlet(p_p_id=3). can you help us with the way to change this behavious as we do not want to expose our control panel login and search portlet.

I am new to liferay but i tried introducing a custom filter but it looks request is getting intercepted before request is received by my filter.

Thanks in Advance.

Gaurav Pandey, modified 4 Years ago.
RE: Getting Redirected to Login portlet when accessing /image (Answer)
New Member Post: 1 Join Date: 2/3/21 Recent Posts

You may restrict url at web server level. (httpd.conf ) 

Gaurav Pandey, modified 4 Years ago.
RE: RE: Getting Redirected to Login portlet when accessing /image
New Member Posts: 6 Join Date: 2/1/21 Recent Posts

Thanks Manish, this is what we did to get the work done.

Gaurav Pandey, modified 4 Years ago.
RE: Getting Redirected to Login portlet when accessing /image
New Member Posts: 6 Join Date: 2/1/21 Recent Posts

Thanks for the help, this is what we did and got it blocked from web server.

thumbnail
Vilmos Papp, modified 4 Years ago.
RE: Getting Redirected to Login portlet when accessing /image
Liferay Master Posts: 529 Join Date: 10/21/10 Recent Posts

If it's an EE version, you can open a support ticket ask whether a security fix is avaliable for your problem.