Limit access to PhantomJS

Abstract

How to limit access to PhantomJS and the screenshots it produces on Sitecore Core roles.

Applies to

All core roles

Sitecore Installation Framework

PhantomJS is not disabled by default on Content Delivery, xDB Processing, and xDB Reporting roles.

Azure Toolkit

PhantomJS is not disabled by default on Content Delivery, xDB Processing, and xDB Reporting roles.

PhantomJS is a third-party program that ships with Sitecore and is used to generate screenshots of web pages on the Content Management and EXM Dispatch roles. You can increase the security around PhantomJS by moving the program, limiting its permissions, and disabling it on roles where it is not needed.

PhantomJS is located in the <webroot>\$(dataFolder)\tools\phantomjs\ folder. The $(dataFolder) variable defaults to App_Data, which places PhantomJS in the <webroot>\App_Data\tools\phantomjs\ folder. This can potentially give outsiders access to the phantomjs.exe program file if Sitecore security settings are not configured properly.

Sitecore references PhantomJS through the ContentTesting.PhantomJS.ExecutablePath setting in the <webroot>\App_Config\Sitecore\ContentTesting\Sitecore.ContentTesting.config patch file.

Note

For more information on creating patch files, see Use a patch file to customize the Sitecore configuration.

To move the PhantomJS folder:

  1. Move the <webroot>\App_Data\tools\phantomjs\ folder to, for example, C:\phantomjs\.

  2. In the <webroot>\App_Config\Include\ folder, create a patch file named, for example, MovePhantomJSFolder.config.

  3. Insert the following configuration:

    <configuration xmlns:patch="http://www.sitecore.net/xmlconfig/" xmlns:role="http://www.sitecore.net/xmlconfig/role/" xmlns:security="http://www.sitecore.net/xmlconfig/security/">
        <sitecore>
            <setting name="ContentTesting.PhantomJS.ExecutablePath" value="C:\phantomjs\phantomjs.exe" />
        </sitecore>
    </configuration>
  4. Save the patch file.

  5. Move the contents from the App_Data folder to the new data folder (for example, D:\SC\Data).

    Important

    The App_Data folder is defined, by default, in the dataFolder variable in the Sitecore.config file.

    If you create a new location for the PhantomJS.exe (for example, C:\PhantomJs ), be sure to move only the files found by default inside the <webroot>\App_Data\tools\phantomjs folder to the new location.

Because PhantomJS is executed from within Sitecore, it runs with the same permissions as Sitecore. We recommend that you always run Sitecore with the fewest permissions possible and only allow Sitecore access to the necessary files and folders.

Limit access to the PhantomJS folder and program file

We recommend that you limit the Sitecore account to:

  • Read access to the PhantomJS folder

  • Execute permission on the PhantomJS program file

Limit access to the screenshots folder

Sitecore passes PhantomJS a script that is generated by the RenderScripts processor in the getScreenShotForURL pipeline. The script instructs PhantomJS to write screenshots to a specific folder and filename. The folder is specified in the getScreenShotForURL pipeline and defaults to <webroot>\temp\screenshots. The filename is generated by the GenerateFilename processor.

We recommend that you limit the Sitecore account to Read and Write access to the screenshots folder.

Limit access to the cache folder

PhantomJS is configured to cache web resources on disk, and the cache location can be any of the following depending on the Windows version:

  • C:\Ofi Labs\PhantomJS\cache

  • C:\Users\<user>\AppData\Local\Ofi Labs\PhantomJS\cache where <user> is the account under which Sitecore is running.

We recommend that you limit the Sitecore account to Read and Write access to the cache folder.

Alternatively, to disable the disk cache entirely:

  1. Open the \App_Config\Sitecore\ContentTesting\Sitecore.ContentTesting.config file.

  2. Change the ContentTesting.PhantomJS.EnableDiskCache setting to false.

Note

Be aware that disabling the cache makes screenshot generation take longer because all web resources must be retrieved for each screenshot every time.

PhantomJS is not needed on the Content Delivery, xDB Processing, and xDB Reporting roles, and you can disable it by patching the getScreenShotForURL pipeline that launches it and removing the program folder.

The getScreenShotForURL pipeline is located in the <webroot>\App_Config\Sitecore\ContentTesting\Sitecore.ContentTesting.config configuration file.

To disable the getScreenShotForURL pipeline and remove the PhantomJS folder:

  1. Go to the <webroot>\App_Config\Include\ folder.

  2. Create a patch file named, for example, DisableGetScreenShotForURLPipeline.config.

  3. Insert the following configuration:

    <configuration xmlns:patch="http://www.sitecore.net/xmlconfig/" xmlns:role="http://www.sitecore.net/xmlconfig/role/">
      <sitecore role:require="ContentDelivery or Reporting or Processing">
        <pipelines>
          <getScreenShotForURL>
            <patch:delete />
          </getScreenShotForURL>
        </pipelines>
      </sitecore>
    </configuration>
  4. Save the patch file.

  5. Go to the <webroot>\$(dataFolder)\tools\ folder.

  6. Remove the phantomjs\ folder including the phantomjs.exe executable file.