uri-starts-with-sitename rules is mainly there to enable serving all sites when working in an admin instance (where access might indeed happen through one domain) – identified by the site prefix, e.g. http://www.demo-features.com/demo-project/about/subsection-articles/article.html where demo-project identifies the site-name but www.demo-features.com is mapped to the actual demo-features site.
- Would it make sense to only use this rule in the admin instance?
- Should we only generate link with this particual site prefix on an admin instance too
See related support issue for a thorough description.
We provide an AdminOnlyMatcher that only matches on the author-instance (checking the ServerConfiguration). With the matcher one can limit the evaluation of the problematic rule uri-starts-with-sitename to be active on admin only, preventing cross-site-access via <sitename> prefix on the public instance.
We do not install this by default as it might prevent the bundle from working on localhost – as our demo sites and domains might not be fully configured.