DocumentationCampaignCampaign Classic v7 Documentation

[On-premise/hybrid only]{class="badge yellow" title="Applies to on-premise and hybrid deployments only"}

Configure URL permissions (on-premise) url-permissions

Last update: Fri Apr 12 2024 00:00:00 GMT+0000 (Coordinated Universal Time)

The default list of URLs that can be called by JavaScript codes (workflows, etc.) by your Campaign Classic instances is limited. These are URLs that allow your instances to function properly.

By default, instances are not allowed to connect to outside URLs. However, it is possible to add some outside URLs to the list of authorized URLs, so that your instance can connect to them. This allows you to connect your Campaign instances to outside systems like, for example, SFTP servers or websites in order to enable file and/or data transfer.

NOTE
This procedure is restricted to on-premise deployments.
As a hosted customer, if you can access Campaign Control Panel, you can use the URL permissions self service interface. Learn more
Other hybrid/hosted customers need to reach out to Adobe support team to add IP to the allowlist.

For Hybrid and On-premise deployments, the administrator needs to reference a new urlPermission in the serverConf.xml file.

Three connection protection modes are available:

  • Blocking: all URLs that do not belong to the allowlist are blocked, with an error message. This is the default mode after a postupgrade.
  • Permissive: all URLs that do not belong to the allowlist are allowed.
  • Warning: all URLs that do not belong to the allowlist are allowed, but the JS interpreter emits a warning, so that the administrator can collect them. This mode adds JST-310027 warning messages.
<urlPermission action="warn" debugTrace="true">
  <url dnsSuffix="abc.company1.com" urlRegEx=".*" />
  <url dnsSuffix="def.partnerA_company1.com" urlRegEx=".*" />
  <url dnsSuffix="xyz.partnerB_company1.com" urlRegEx=".*" />
</urlPermission>
IMPORTANT
By default, new implementations use the Blocking mode.
As an existing customer coming from a migration, you can temporary use the Warning mode. Analyze the outbound traffic before allowing the URLs. Once the list of allowed URLs defined, you can add the URLs to the allowlist and activate the Blocking mode.

For more information, refer to these sections:

recommendation-more-help
601d79c3-e613-4db3-889a-ae959cd9e3e1