This presentation cover Adobe AEM Dispatcher security and CDN and browser caching.
This presentation is the second part of a webinar on AEM Dispatcher:
http://dev.day.com/content/ddc/en/gems/dispatcher-caching---new-features-and-optimizations.html
Visit url above to view the whole presentation. Domique Pfister the primary engineer developing AEM Dispatcher covers the first part on new features.
Sample code: https://github.com/cqsupport/webinar-dispatchercache
Webinar Recording: http://my.adobeconnect.com/p7th2gf8k43/
Optimizing dispatcher cache covering:
Best practices for using the dispatcher
Tips and tricks for improving performance
Common pitfalls to avoid
How to design your site so you get the most out of your Dispatcher
Last updated on Dec 12, 2014
The Sightly template language, shipped with Adobe Experience Manager 6.0, simplifies a lot the component development workflow by allowing front-end developers to edit components themselves directly.
Learn about the main features of that template language, and about the tools available to make project development work more efficient.
RichText Editor (RTE) is an integral component of AEM and it provides AEM authors a WYSIWYG text-editing experience on the web pages. RTE offers diverse configurations to developers.
This presentation provides an in-depth understanding of this component and shows various concepts, use-cases, modes, configurations, best practices, limitations and troubleshooting that surround it.
E-Seminar recording published here -
https://helpx.adobe.com/experience-manager/kt/eseminars/gems/AEM-Rich-Text-Editor-RTE-Deep-Dive1.html
Sample code: https://github.com/cqsupport/webinar-dispatchercache
Webinar Recording: http://my.adobeconnect.com/p7th2gf8k43/
Optimizing dispatcher cache covering:
Best practices for using the dispatcher
Tips and tricks for improving performance
Common pitfalls to avoid
How to design your site so you get the most out of your Dispatcher
Last updated on Dec 12, 2014
The Sightly template language, shipped with Adobe Experience Manager 6.0, simplifies a lot the component development workflow by allowing front-end developers to edit components themselves directly.
Learn about the main features of that template language, and about the tools available to make project development work more efficient.
RichText Editor (RTE) is an integral component of AEM and it provides AEM authors a WYSIWYG text-editing experience on the web pages. RTE offers diverse configurations to developers.
This presentation provides an in-depth understanding of this component and shows various concepts, use-cases, modes, configurations, best practices, limitations and troubleshooting that surround it.
E-Seminar recording published here -
https://helpx.adobe.com/experience-manager/kt/eseminars/gems/AEM-Rich-Text-Editor-RTE-Deep-Dive1.html
AEM Best Practices for Component DevelopmentGabriel Walt
This presentation describes how to easily get started with an efficient development workflow with Adobe Experience Manager 6.1.
The tools and technologies presented are:
* Project Archetype – https://github.com/Adobe-Marketing-Cloud/aem-project-archetype
* AEM Eclipse Extension – https://docs.adobe.com/docs/en/dev-tools/aem-eclipse.html
* AEM Brackets Extension – https://docs.adobe.com/docs/en/dev-tools/aem-brackets.html
* Sightly Template Language – http://www.slideshare.net/GabrielWalt/component-development
* Sightly REPL Tool – https://github.com/Adobe-Marketing-Cloud/aem-sightly-repl
* Sightly TodoMVC Example – https://github.com/Adobe-Marketing-Cloud/aem-sightly-sample-todomvc
Mikhail Egorov - Hunting for bugs in Adobe Experience Manager webappshacktivity
Adobe Experience Manager (AEM) is an enterprise-grade CMS. It’s used by high-profile companies like Linkedin, Apple, Mastercard, Western Union, Cisco, General Motors, and others. AEM is built on top of the Apache Sling, Apache Felix and Apache Jackrabbit Oak projects. In the talk, the author will share unique methodology on how to approach AEM weabpps in pentests or bug bounty programs. Misconfiguration issues, as well as product vulnerabilities, will be covered in the talk, including newly discovered vulnerabilities for which Adobe PSIRT assigned CVE ids. The author will share automation tool for discovering vulnerabilities and misconfigurations discussed in the talk.
Ask the AEM Community Expert : May Session. This session will cover in depth sling concepts such as Sling Selectors, Default Sling Post Servlet, Sling Models, and the Sling API.
A presentation given at the adaptTo() 2014 tech meetup on the topic of developing dynamic AEM components using concepts borrowed from the SPA philosophy.
Learn how to build RESTful API using Node JS with Express Js Framework. Database used is Mongo DB (Mongoose Library). Learn Step by step what is Node JS, Express, API and Mongo DB. Explain and sample code step to build RESTful API
HAProxy TCP 모드에서 클라이언트의 Source IP를 내부 서버로 전달하는 방법을 알아봅니다.
* 중간에 오타가 있어서 수정본을 다시 업로드 하고자 했으나... SlideShare 측의 답변으로는 "Re-Upload 기능을 제거했다."라고 합니다. 부디 오타 등 부자연스러운 부분에 대해 너그럽게 이해를 부탁 드립니다.
My slides from WordCamp Dhaka 2019 on WordPress Scaling. In this session I explained performance optimisation using HTTP/2, Caching and compressing resources.
I also explained how to Dockerize WordPress to make it easier to scale.
Scaleable PHP Applications in KubernetesRobert Lemke
Kubernetes is also called the "distributed Linux of the cloud" – which implies that it provides fundamental infrastructure, which can solve a lot of challenges. Let’s see how PHP applications fit into this picture. In this presentation, we are going to explore when Kubernetes is a good fit for operating your PHP application and how it can be done in practice. We’ll look at the whole lifecycle: how to build your application, create or choose the right Docker images, deploy and scale, and how to deal with performance and monitoring. At the end you will have a good understanding about all the different stages and building blocks for running a PHP application with Kubernetes in production.
AEM Best Practices for Component DevelopmentGabriel Walt
This presentation describes how to easily get started with an efficient development workflow with Adobe Experience Manager 6.1.
The tools and technologies presented are:
* Project Archetype – https://github.com/Adobe-Marketing-Cloud/aem-project-archetype
* AEM Eclipse Extension – https://docs.adobe.com/docs/en/dev-tools/aem-eclipse.html
* AEM Brackets Extension – https://docs.adobe.com/docs/en/dev-tools/aem-brackets.html
* Sightly Template Language – http://www.slideshare.net/GabrielWalt/component-development
* Sightly REPL Tool – https://github.com/Adobe-Marketing-Cloud/aem-sightly-repl
* Sightly TodoMVC Example – https://github.com/Adobe-Marketing-Cloud/aem-sightly-sample-todomvc
Mikhail Egorov - Hunting for bugs in Adobe Experience Manager webappshacktivity
Adobe Experience Manager (AEM) is an enterprise-grade CMS. It’s used by high-profile companies like Linkedin, Apple, Mastercard, Western Union, Cisco, General Motors, and others. AEM is built on top of the Apache Sling, Apache Felix and Apache Jackrabbit Oak projects. In the talk, the author will share unique methodology on how to approach AEM weabpps in pentests or bug bounty programs. Misconfiguration issues, as well as product vulnerabilities, will be covered in the talk, including newly discovered vulnerabilities for which Adobe PSIRT assigned CVE ids. The author will share automation tool for discovering vulnerabilities and misconfigurations discussed in the talk.
Ask the AEM Community Expert : May Session. This session will cover in depth sling concepts such as Sling Selectors, Default Sling Post Servlet, Sling Models, and the Sling API.
A presentation given at the adaptTo() 2014 tech meetup on the topic of developing dynamic AEM components using concepts borrowed from the SPA philosophy.
Learn how to build RESTful API using Node JS with Express Js Framework. Database used is Mongo DB (Mongoose Library). Learn Step by step what is Node JS, Express, API and Mongo DB. Explain and sample code step to build RESTful API
HAProxy TCP 모드에서 클라이언트의 Source IP를 내부 서버로 전달하는 방법을 알아봅니다.
* 중간에 오타가 있어서 수정본을 다시 업로드 하고자 했으나... SlideShare 측의 답변으로는 "Re-Upload 기능을 제거했다."라고 합니다. 부디 오타 등 부자연스러운 부분에 대해 너그럽게 이해를 부탁 드립니다.
My slides from WordCamp Dhaka 2019 on WordPress Scaling. In this session I explained performance optimisation using HTTP/2, Caching and compressing resources.
I also explained how to Dockerize WordPress to make it easier to scale.
Scaleable PHP Applications in KubernetesRobert Lemke
Kubernetes is also called the "distributed Linux of the cloud" – which implies that it provides fundamental infrastructure, which can solve a lot of challenges. Let’s see how PHP applications fit into this picture. In this presentation, we are going to explore when Kubernetes is a good fit for operating your PHP application and how it can be done in practice. We’ll look at the whole lifecycle: how to build your application, create or choose the right Docker images, deploy and scale, and how to deal with performance and monitoring. At the end you will have a good understanding about all the different stages and building blocks for running a PHP application with Kubernetes in production.
Cloud Community Engineering - Holiday readinessOleg Posyniak
In this presentation, B. Korablov, B. Batschelet, and O. Posyniak will provide an overview on how to prepare your Magento Cloud environment for Holidays
Site Speed = Success – Optimising WordPress from the Server Up - Presented by...WordCamp Harare
I’d like to talk on how to make WordPress fly on the various different levels available to you, from right down as simple as basic steps to take within WordPress or as advanced as server tweaks, will use my time hosting Techzim as a case study example
My talk on wordpress and website performance and quick tips + advanced on how to improve website performance
Video at http://wordpress.tv/2017/01/04/anthony-somerset-site-speed-success-optimising-wordpress-from-the-server-up/
High Performance Wordpress: “Faster, Cheaper, Easier : Pick Three”Valent Mustamin
High Performance Wordpress: “Faster, Cheaper, Easier : Pick Three”
, by Harry Sufehmi (http://twitter.com/sufehmi), for WORDCAMPID - WordCamp Indonesia 2010. Auditorium Gunadarma University, Depok, January 30, 2010
Reducing latency on the web with the Azure CDN - DevSum - SWAGMaarten Balliauw
Serving up content on the Internet is something our web sites do daily. But are we doing this in the fastest way possible? How are users in faraway countries experiencing our apps? Why do we have three webservers serving the same content over and over again? In this session, we’ll explore the Azure Content Delivery Network or CDN, a service which makes it easy to serve up blobs, videos and other content from servers close to our users. We’ll explore simple file serving as well as some more advanced, dynamic edge caching scenarios.
The need to scale is in high demand in an age where everything is moving to the cloud. Though the standard Apache configuration could handle a website with moderate traffic, the minute it gets slash dotted or twitted multiple times could spell an embarrassing crash landing! If you are the administrator of such a website then good luck finding another job! On the other hand you value high availability in the midst of popularity then read on. On this one day workshop, we will show you how to scale your website and webapps to scale to handle thousands of simultaneous sessions the right way. The topics covered will include:
- Setting up Apache and NGiNXM
- Setting up a sample LAMP web app
- Benchmarking Apache performance
- Fine tuning Apache to improve performance
- Fine tuning NGiNX to improve performance
- Discussion about code level improvements when developing custom webapps using PHP
Search and Society: Reimagining Information Access for Radical FuturesBhaskar Mitra
The field of Information retrieval (IR) is currently undergoing a transformative shift, at least partly due to the emerging applications of generative AI to information access. In this talk, we will deliberate on the sociotechnical implications of generative AI for information access. We will argue that there is both a critical necessity and an exciting opportunity for the IR community to re-center our research agendas on societal needs while dismantling the artificial separation between the work on fairness, accountability, transparency, and ethics in IR and the rest of IR research. Instead of adopting a reactionary strategy of trying to mitigate potential social harms from emerging technologies, the community should aim to proactively set the research agenda for the kinds of systems we should build inspired by diverse explicitly stated sociotechnical imaginaries. The sociotechnical imaginaries that underpin the design and development of information access technologies needs to be explicitly articulated, and we need to develop theories of change in context of these diverse perspectives. Our guiding future imaginaries must be informed by other academic fields, such as democratic theory and critical theory, and should be co-developed with social science scholars, legal scholars, civil rights and social justice activists, and artists, among others.
Let's dive deeper into the world of ODC! Ricardo Alves (OutSystems) will join us to tell all about the new Data Fabric. After that, Sezen de Bruijn (OutSystems) will get into the details on how to best design a sturdy architecture within ODC.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
NEWNTIDE, a leading brand in China's air energy industry, drives industry development with technological innovation, implementing national energy-saving and emission reduction policies. It pioneers an industry-focused multi-energy product line, adopting experiential marketing to meet diverse customer needs. The company has departments for R&D, marketing, operations, and sales, aiming to ultimately achieve "technological innovation, environmental friendliness, standardized management, and high-quality" as a high-tech enterprise integrating business and technical R&D, production, sales, and service.
NEWNTIDE boasts the most comprehensive support service network in the industry. Its earliest products cover 25 series, including split, integrated, wall-mounted, cabinet, and upright types, with over 100 diverse products. Commercial products include floor heating, air heaters, air conditioners for heating and cooling, oxidation and nitrogen air conditioners, and high-temperature heating. The products feature comprehensive intelligent technology management, cloud control technology, rapid heating technology, basic protection technology, remote control technology, DC inverter technology, and remote WIFI smart control, achieving a leading position in the industry with SMART interactive technology.
For over a decade, the company has adhered to a "people-oriented" business philosophy, strictly implementing industry 7S management, ISO9001/ISO14001 quality and environmental systems, and industry standards to ensure stable product quality and meet customers' dual requirements for product safety and environmental protection.
Leading the development of intelligence with technological innovation, NEWNTIDE has become a national demonstration base for the transformation of scientific and technological achievements, awarded the "China Energy Saving Technology Contribution Award" and "China Energy Science and Technology Progress Award". The company adopts a strategy of high standards, high quality, and high-tech for key products, holding core technologies and competitive advantages. It also organizes multiple strategic support projects known as the "18 Key Operational Projects" and "18 Key Operational Strategies," driving technology project approvals with multidimensional strategic product quality modules and comprehensive practical operations to enhance the quality of all products.
Since its establishment, NEWNTIDE has always committed to providing high-quality and high-end intelligent heat pump products, serving billions of global families with the goal of creating a sustainable and prosperous environment. The development of NEWNTIDE has been supported by various levels of government and widely recognized and cooperated with by internationally renowned institutions, taking on a social responsibility of providing tranquility and happiness while enjoying the environment.
Let safe heat pumps be a necessity for a beautiful human life.
Thanks Dominique, Hi my name is Andrew Khoury and today I’ll be covering
some basic tips on how to secure your dispatcher
and how to leverage a CDN and client-side browser caches to improve your site beyond what dispatcher provides.
Before watching this presentation, you should already have a basic understanding of
the HTTP protocol,
Apache HTTP Server configurations
and an understanding of what the AEM dispatcher is and how to use it.
Before securing dispatcher, here are some things you can do to make apache http server a little more secure:
First of all, keep your Apache server binaries up to date as security patches are released all the time.
be aware of the latest apache security reports
limit the files and directories that the apache user has access to.
if you are not using htaccess files then disable them,
If you are using SSI then use IncludesNOEXEC instead of Includes to make it so SSI calls cannot execute commands on the Operating system shell.
Disable user directories as this sometimes can expose information that we don’t intend to share.
Block directory listing in apache to prevent users from exploring the server
Disable any apache modules
Use mod_security or some other intrusion detection and prevention system.
This diagram shows a basic AEM architecture.
You can use this diagram as a reference for how you would configure your firewalls.
The idea here is to only allow traffic to flow in the direction it needs to and over the ports it needs to.
When configuring your firewalls, keep in mind that
if you are not disabling the link checker then you will need to allow all
outbound tcp/ip connections from author and publish instances.
If you plan on disabling the link checker, but need to integrate with Adobe’s
Cloud services then you can refer to the Adobe knowledge base for a list of ip
addresses to allow outbound connections to.
If you are familiar with basic AEM architecture
then you know that your web server and dispatcher
are your last line of defense before a request can
reach the publish instances.
Due to this, it is important to lock down your dispatcher and block as much unwanted traffic as possible before it reaches the publish instances.
As a first step in locking down your dispatcher’s security you should always keep the dispatcher binary up to date with the latest security fixes.
The next important thing is to
Create a strong set of filter rules in your dispatcher.any file. Filter rules will help
You keep bad traffic from reaching your publish instances.
When implementing the filter rules, it is best to use a whitelist.
This means that you deny all first, then
Only allow the requests you need for your site to function properly.
When creating allow rules, be specific as to request methods and URL patterns you want to allow.
For deny rules, be as general as possible to block all variations of bad requests.
Also, If you use the vanity URL feature in AEM then in order to implement a white list you will need to leverage the new dispatcher feature that Dominique covered earlier.
(Show dispatcher.any file) Now I’ll quickly show you my dispatcher.any filter rules.
After configuring filter rules, the next thing to consider is authentication.
If your site doesn’t allow users to log in then block users from authenticating against experience manager.
To do this, Block HTTP basic auth by listing all request headers in the /clientheaders and omit the authorization header.
Then block AEM token auth by filtering out all requests for j_security_check
For additional security, you could also block any request methods that are not supported by the site at the apache level in your httpd.conf using the LimitExcept directive.
Even with the best Filter rules you cannot filter out all invalid request patterns.
So to protect the dispatcher further there are a few things that can help.
Make sure that your error responses such as 404 not found return the correct error codes and don’t return status 200.
Cache your custom error pages in the dispatcher cache by configuring the DispatcherPassError feature.
Return 403 or 404 for bad querystring or selectors in URLs
This can be done by using the open source cq-urlfilter tool or by implementing your own javax.servlet.Filter that blocks the unwanted traffic.
One other setting that can help protect your publish instances is to set the serveStaleOnError flag. This flag tells the dispatcher to serve whatever cached files it has in case all publish instances are inaccessible.
Additionally, to protect against false dispatcher flushes we should always set /allowedClients with IP addresses of the publish instances to restrict which servers can perform dispatcher flushes.
If your site has any expensive requests such as RSS feeds or large site maps then it might make sense to exclude those requests from the dispatcher cache rules and use a periodic script to cache those files instead.
To do this, you would block the url in the /filter section of dispatcher.any and use a script like the one on this slide to handle re-requesting and re-caching the file.
If you don’t use querystrings in your site then set/ignoreUrlParams to allow requests with querystrings to get cached. This feature basically lets you specify rules for which querystrings you want to remove from the url before forwarding the request to the publish instance.
Finally, one thing you can do to prevent running out of apache threads is to set the connection /timeout in the /renders section of dispatcher.any in case requests are hanging, waiting on the publish instances.
The next step in keeping your site running smoothly is to leverage other upstream caches such as browser caches and CDNs.
First I’ll start with CDNs.
If you are not familiar with CDNs, they are large distributed networks of cache servers that optimize content delivery using geographical proximity.
To manage your cached content within a CDN, most of the time people rely on Cache-Control headers or manually configured TTLs to control the freshness of the cache.
Some CDN providers such as Akamai support on demand flush requests.
A CDN in our case is yet another way of reducing the amount of traffic that reaches the back-end.
When integrating a CDN with AEM and dispatcher there are multiple options.
We can…
(read numbers)
Here are the pros and cons
One issue that can come up when integrating a CDN into your AEM architecture is that non-cacheable requests respond with the headers set by AEM, not apache. This presents an issue when the response is served without a Cache-Control header set as some CDNs cache these responses.
The solution is to set cache-control headers at the AEM level so that if a file is non-cacheable it will still have the correct headers.
When integrating a CDN with your AEM instances it is nice to be able to
Cache js, css and other static files for a very long time by using a unique URL per version.
And to be able to implement domain sharding
It’s basically where you use multiple subdomains pointing to your CDN to serve resources such as images, js and css. By using multiple domains the browser is able to download files in parallel and the page will load faster.
To do this, the Adobe consulting team has implemented two tools
The first is called versioned clientlibs which adds a unique identifier to clientlib urls
The second is called Static reference rewriter which rewrites certain urls to point to a different domain. It also supports domain sharding.