Could you please take some time in the next few days to make changes to some terminology in your repos and content as much as is possible:

• Whitelist/blacklist to Allowed List and Blocked List (or Approve List/Deny List - some software uses this instead) respectively. Google and many developers are formalizing allowlist and blocklist. You might want to lobby for those terms to be used in the UI.
• Master/Slave to master and replica (or subordinate, if that makes more sense) respectively.

If you cannot remove the term because the writing for example reflects the UI or the code, please make a note and send me an email to [email protected] so we can bring it that team’s attention. Thanks for your efforts in this matter.

@raimanS , this is a test.

Issue in help/using/page-invalidate.md

Need to add another Step between 6-7 under the "Invalidating Dispatcher Cache from a Publishing Instance" as follows:

Login to the publish instance and validate the flush agent configuration. Also, make sure it's enabled.

Hi,
Please provide the information about which version of Apache is supported on dispatchers of AEM 6.1 , AEM 6.2 etc.
This information is highly required as security teams are raising vulnerability alerts on older version of Apache , example apache 2.2.X.
AEM dispatcher may stop working if we simply upgrade the apache version on dispatcher.
If a particular version of Apache is supported on some version of AEM, then we will inform client to go for upgrade of AEM version first and then upgrade of dispatcher so that latest version of Apache can be used for dispatcher.

Thanks

Issue in ./help/using/page-invalidate.md

Deleting cached files ins this manner is appropriate for web sites that are not likely to receive simultaneous requests for the same page.

The word ins should be in.

Issue in ./help/using/release-notes.md
The downloads included on this webpage have two outdated files within:
CHANGES
README
Neither were updated with 4.3.4 information. This needs to be fixed by whomever packaged and uploaded these.

Issue in help/using/dispatcher-ssl.md

There are several broken links on https://docs.adobe.com/content/help/en/experience-manager-dispatcher/using/configuring/dispatcher-ssl.html

List of Broken Links:

These just point to #main-pars-title-1, #main-pars-title-2, #main-pars-title-3, #main-pars-title-6 and #main-pars-title-4 respectively, all of which don't exist.

[Logged by AEM Support]

Issue in help/using/dispatcher-configuration.md

In the example for /clientheaders section there are the following headers:
"if-match"
"if-none-match"
"if-range"
"if-unmodified-since"

They should be removed due to dispatcher should never issue conditional requests if the response is not already cached.

Issue in ./help/using/release-notes.md

you mentioned "Release 4.3.5 (2022-Apr-29)", but it is 12 of April right now and release 4.3.5 is available.
Please, check date in your release notes document.

Thank you.

• Deny All rule: If I'm not wrong glob is deprecated and URL should be used instead

/0001 { /type "deny" /glob "*"} => /0001 { /type "deny" /url "*" }

• content grabbing rules: not secure enough (more selectors should be covered)
  /006 { /type "deny" /path "/content/*" /selectors '(feed|rss|pages|languages|blueprint|infinity|tidy)' /extension '(json|xml|html)' }
  =>
  /type "deny" /selectors '(feed|rss|pages|languages|blueprint|infinity|tidy|sysview|docview|query|jcr:content|_jcr_content|search|childrenlist|ext|assets|assetsearch|[0-9-]+)' /extension '(json|xml|html|feed)'

Would be good to verify rules before they are recommended with some popular tools like:

• https://github.com/escalate/aem-dispatcher-security-scan
• https://github.com/0ang3el/aem-hacker

and provide secure starting point configuration

I submitted PR #17 to fix a number of issues with the 'enableTTL' section of the document. These include:

1. enableTTL is part of the cache section of the file, but it was at the wrong heading level in the doc, making it misleading about where to include it in the dispatcher.any file
2. The XML sample is no longer needed, as it's not a new feature anymore and this is inconsistent with the other properties above
3. Typo in the note avaiable -> available
4. Note made it seem like enableTTL was only available in 4.1.11 but should clarify "or later"

Please merge, @raimanS

Issue in help/using/dispatcher-troubleshooting.md

Broken Links in https://docs.adobe.com/content/help/en/experience-manager-dispatcher/using/troubleshooting/dispatcher-troubleshooting.html#check-the-basic-configuration:

• Confirm Basic Operation
• logging
• Check your configuration

[Logged by AEM Support]

Issue in help/using/dispatcher-install.md

The doc[1] states that Dispatcher versions are independent of AEM. But it's actually not.
Experience Manager 6.5 requires Dispatcher version 4.3.2 or higher. [2]

Please add a note to get this information included in doc[1]'s note section.

[1] https://docs.adobe.com/content/help/en/experience-manager-dispatcher/using/getting-started/dispatcher-install.html
[2] https://docs.adobe.com/content/help/en/experience-manager-65/deploying/introduction/technical-requirements.html#dispatcher-platforms-web-servers

[Logged by AEM Support]

Issue in ./help/using/dispatcher-configuration.md

Issue: Customers are getting confused on [1], basically use of sessionmanagement, customers are presuming it will cache after authentication.

Request:

Please add a note to the following section [1], that if the sessionmanagement is configured, the pages are not cached. And make it clear the purpose of sessionmanaagement is to check auth header and enforce authentication on secured pages. And the those secured pages are not cached. If the customer needs caching, please point them to auth checker [2].

[1] Enabling Secure Sessions - /sessionmanagement
[2] https://experienceleague.adobe.com/docs/experience-manager-dispatcher/using/configuring/permissions-cache.html?lang=en

Issue in help/using/dispatcher-configuration.md

Links under "Each farm property can contain the following child properties:" section does not scroll to the specified section.

[Logged By Support]

Issue in help/using/dispatcher-configuration.md

Should be linked to here :
https://experience.adobe.com/#/downloads/content/software-distribution/en/aem.html?package=/content/software-distribution/en/details.html/content/dam/aem/public/adobe/packages/granite/vanityurls-components

And all reference to Package Share should be changed to Software Distribution (https://experience.adobe.com/#/downloads)

Please ignore this issue

Issue in help/using/dispatcher-configuration.md

Under section [1]

'Resolved virtual host' value shows "www.mycompany.com/products/;" instead of "www.mycompany.com/products/"

{Logged By Support}

[1] https://docs.adobe.com/content/help/en/experience-manager-dispatcher/using/configuring/dispatcher-configuration.html#example-virtual-host-resolution

Issue in ./help/using/dispatcher-configuration.md

In section Testing Dispatcher Security there is a statement:

Dispatcher filters should block access to the following pages and scripts on AEM publish instances. Use a web browser to attempt to open the following pages as a site visitor would and verify that a code 403 is returned. If any other result is obtained, adjust your filters

Is 403 status code correct? It seems dispatcher should return 404 status code in those cases.

Issue in ./help/using/security-checklist.md
information on clickjacking please see the OWASP site.

Hi,
All links for downloading package is returnign 404

Issue in ./help/using/dispatcher-configuration.md

Testing Dispatcher Security section states a 404 response should be received for confirmation. If all is correct the response is 403.

$ curl -H "CQ-Handle: /content" -H "CQ-Path: /content" https://myauthor/dispatcher/invalidate.cache

Forbidden

You don't have permission to access /dispatcher/invalidate.cache on this server.

[Logged by support]

Issue in ./help/using/page-invalidate.md

Page: https://experienceleague.adobe.com/docs/experience-manager-dispatcher/using/configuring/page-invalidate.html?lang=en
The below highlighted link is being redirected to the "Older versions of Adobe Experience Manager, CQ, and CRX" page.

The section on https://github.com/AdobeDocs/experience-manager-dispatcher.en/blob/master/help/using/dispatcher-install.md#apache-web-server---configure-selinux-properties-apache-web-server-configure-selinux-properties describing how to configure SELinux is not correct. The context that the documentation says to use, httpd_sys_content_t, is a read-only context, so the httpd process (thus the dispatcher module) cannot write into the directory. The correct context is either httpd_sys_rw_content_t or httpd_cache_t.

I tend to use the latter, because the dispatcher is logically, and technically a cache. The former is also a valid answer, though, since the httpd process needs to be able to write out the cache files.

Test

Issue in ./help/using/dispatcher-ssl.md

In section Configuring Dispatcher to Use SSL a sample code contains two farms definition, one to handle secure connections (https) and one to handle http connections.

In the sample code both virtualhosts sections has the same configuration

      /virtualhosts
      {
         # select this farm for all incoming HTTPS requestss
         "https://*"
      }

As far as I understand the non-secure farm should have value http://* instead of https://*

Issue in help/using/dispatcher-configuration.md

Bullet points on the dispatcher configuration pages are all misaligned.

Check under Dispatcher Configuration Files section Or Defining Farms just to quote few examples

[Logged By Support]

Issue in help/using/dispatcher-configuration.md

There is an incomplete example in the always-resolve section. The header should be the full parameter /renders not /rend

Current:

/rend {
  /0001 {
     /hostname "host-name-here"
     /port "4502"
     /ipv4 "1"
     /always-resolve "1"
  }
}

Correct:

/renders {
  /0001 {
     /hostname "host-name-here"
     /port "4502"
     /ipv4 "1"
     /always-resolve "1"
  }
}

Issue in ./help/using/dispatcher-configuration.md

In the Ignoring URL Parameters section it is not stated what is used to match the glob configuration. Is it the full request url? Or just the query parameters string? It would be great to clarify this in the documentation.

Thanks :)

Issue in ./help/using/release-notes.md

The documentation only links to the most recent release of the Dispatcher module. There are times which previous versions are necessary.

Test Issue

Issue in help/using/dispatcher-configuration.md

The link to Designing Patterns for glob Properties does not go anywhere.
https://docs.adobe.com/content/help/en/experience-manager-dispatcher/using/configuring/dispatcher-configuration.html#main-pars-title-25

Issue in ./help/using/dispatcher-configuration.md

Hi, I noticed that there is no example values that should be passed to /enableTTL directive, so it's unclear whether it should be just /enableTTL or /enableTTL "1" or /enableTTL "0"

Thanks,
Bartek

Issue in help/using/dispatcher-configuration.md

Can the individual parameters for directives be marked as Optional, for those that are optional?

For example headers is a an optional parameter in the /cache section, but it is not indicated on the docs.

Issue in help/using/dispatcher-configuration.md

The enableTTL parameter is not listed in the /cache directive section here

Issue in help/using/dispatcher-domains.md

When I click on (See AEM Rewrites Incoming URLs .) and/or on (See The Web Server Rewrites Incoming URLs .) under URL Mapping section, they don't redirect to the correct section on the page. The URL changes, however, it seems as if the divs with those ids don't exist.

[Logged By Support]

Issue in ./help/using/dispatcher-configuration.md

statfile anchor tag has Invalid/broken href value.
Href Value: /docs/experience-manager-dispatcher/using/configuring/dispatcher-configuration.html?lang=en#main-pars-title-28

When I click on that link, it changes the url in the browser, but doesn't take me anywhere.

[Logged by AEM Support]

Issue in help/using/dispatcher-configuration.md

The following note is present on the page, however, the relevant filters are not available anywhere in the page nor are they present in the sample dispatcher.any file available in the downloads section.

Filters 0030 and 0031 regarding Dynamic Media are applicable to AEM 6.0 and higher.

This is a test issue.

Issue in ./help/using/dispatcher-domains.md
In this section: Environment for the Provided Examples
The first figure labeled "repository", the word "content" is spelled wrong.(site b > conent nodes)

Issue in help/using/dispatcher-configuration.md

The list of all available directives doesn't include the auth_checker parameter. Even if there is another page describing the use of the directive, it should still be listed.

Directive Reference List

Detail page

Issue in ./help/using/dispatcher-domains.md

In the diagram for "Cache Invalidation" the steps are labeled as A, B, and C. But in the descriptions below, they are labeled 1, 2, and 3. It's unclear that A, B, and C are mapped to 1, 2, and 3. These should be consistent and clear that they are describing the steps in the diagram.

Hey there, Zach Jarrell from Adobe Managed Services. The filter rules on this page are known insecure and if AEM users were to put them in production risk serious exposure to crafted URLs and pivoting. Rule 22, 23, and 41, specifically. Allow crx access with a pivot, and 23 allows .tidy.json to load.

Issue in ./help/using/dispatcher-configuration.md

Hello,

I am working with Dispatcher and Microsoft IIS - most of the configuration is quire similar and works the same as on Apache but I had some issues with invalidateHandler section on windows (more details here)

Could you please extend the invalidateHandler section with some guides for Windows users? Is there any additional configuration required?

Thanks,
Bartek

Issue in help/using/dispatcher-configuration.md

The sticky connection documentation has a duplicate paragraph for the secure information. Here's the duplicated section:

httpOnly
When sticky connections are enabled, the dispatcher module sets the renderid cookie. This cookie doesn't have the httponly flag, which should be added in order to enhance security. You can do this by setting the httpOnly property in the /stickyConnections node of a dispatcher.any configuration file. The property's value (either 0 or 1) defines whether the renderid cookie has the HttpOnly attribute appended. The default value is 0, which means the attribute will not be added.
For additional information about the httponly flag, read this page .
secure
When sticky connections are enabled, the dispatcher module sets the renderid cookie. This cookie doesn't have the secure flag, which should be added in order to enhance security. You can do this by setting the secure property in the /stickyConnections node of a dispatcher.any configuration file. The property's value (either 0 or 1) defines whether the renderid cookie has the secure attribute appended. The default value is 0, which means the attribute will be added if* *the incoming request is secure. If the value is set to 1 then the secure flag will be added regardless of whether the incoming request is secure or not.

Issue in ./help/using/dispatcher-configuration.md

Hello,

I noticed an undocumented behaviour when dispatcher is used with TTL. All details documented here: https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/dispatcher-enable-ttl-removes-headers-from-response/m-p/446177#M127628

Could you please include that connection between enablettl and headers configuration in the documentation?

Cheers,
Bartek

Would like to ask if there is a public link for the EULA of the dispatcher module for Apache.

Issue in help/using/dispatcher-configuration.md

References to Package Share should be changed to Software Distribution.
The starting point URL is
https://experience.adobe.com/#/downloads/content/software-distribution/en/aem.html

I'm not sure what the specific path to "vanityurls" would be for this page.

Issue in ./help/using/dispatcher-configuration.md

https://experienceleague.adobe.com/docs/experience-manager-dispatcher/using/configuring/dispatcher-configuration.html?lang=en#ignoring-url-parameters

The documentation should follow the best practice to ignore all parameter by default and only ignore the parameters which are meaningful to publisher. The dispatcher optimization tool has a good example which can be used.

https://github.com/adobe/aem-dispatcher-optimizer-tool/blob/main/docs/Rules.md#dot---the-dispatcher-publish-farm-cache-should-have-its-ignoreurlparams-rules-configured-in-an-allow-list-manner