alexsaar
commented
11 years ago I'm actually not a big fan of /bin/whatever paths. They seem to be used by many people which means path collisions are more likely. And the fact that there was no access control in older versions shows that nobody actually can expect that there is a servlet by just looking at the repository.
So my recommendation would be to change the servlet path to /apps/healthcheck/servlet/loadbalancer and introduce a /apps/healthcheck/servlet node with the app package. Then we allow anonymous access on /apps/healthcheck/servlet which makes it easy for people to integrate (no config required). If people decide that they want access control (in addition to the ability to block requests on dispatcher level) they can configure this in the repository.
The downside is that this proposal is not really backwards compatible. But I think it's worth to consider.
Access to /bin/loadbalancer on CQ Author requires authentication; this makes for more difficult integration by Network teams. Access to loadbalancer servlet by anonymous seems benign, and could be blocked from "normal internal traffic" by dispatcher.
Request to enable anonymous access to /bin/loadbalancer using Servlet @Property:
@Property(name = "sling.auth.requirements", value = "-/bin/loadbalancer", propertyPrivate=true)