uri-starts-with-sitename rules is mainly there to enable serving all sites when working in an admin instance (where access might indeed happen through one domain) – identified by the site prefix, e.g. http://www.demo-features.com/demo-project/about/subsection-articles/article.html where demo-project identifies the site-name but www.demo-features.com is mapped to the actual demo-features site.

To evaluate:

• Would it make sense to only use this rule in the admin instance?
• Should we only generate link with this particual site prefix on an admin instance too

See related support issue for a thorough description.

Suggested solution

We provide an AdminOnlyMatcher that only matches on the author-instance (checking the ServerConfiguration). With the matcher one can limit the evaluation of the problematic rule uri-starts-with-sitename to be active on admin only, preventing cross-site-access via <sitename> prefix on the public instance.

Notes

We do not install this by default as it might prevent the bundle from working on localhost – as our demo sites and domains might not be fully configured.

To use this matcher it simply has to be set on the rule uri-starts-with-sitename as an additional matcher. See