Vulnerability in EPiServer.Forms
When I login through our authentication service and navigate my site pages and access documents for e.g https://www.sitename.com/globalassets/docs/Information/somedocument.pdf it works fine.
But, If I access directly url https://www.sitename.com/globalassets/docs/Information/somedocument.pdf after session timeout or fresh request in browser It redirects to static/401.html page and shows error message The page cannot be displayed because an internal server error has occurred.
And if I delete globalassets/docs/Information/somedocument.pdf from url and make a request by site url https://www.sitename.com only, site page gets load and then again I make request to url https://www.sitename.com/globalassets/docs/Information/somedocument.pdf document gets open.
We are using Epi Find for Indexing and DXC for hosting.
Please suggest what can be the issue?
Are the pdf document actually published when uploaded?There can be two reasons why the document are not published.
Hi Tomas Hensrud Gulla,
Thanks for your reply.
But, unfortunately that is not the case option is true for Media set to automatically publish when upload. PDFs are published.
Can you please help or suggest further approach.
I guess this is something related to "Access Rights". Please make sure that the media items have "Everyone" access right assign to them.
I faced a similar issue in past for .html files but not sure whether it will work for your scenario or not. Give it a try-
Otherwise please reach out to Episerver support about this.