Block asset metadata calls | Community
Skip to main content
A
Ajay_KR
Level 2
October 27, 2025
Question

Block asset metadata calls

  • October 27, 2025
  • 3 replies
  • 255 views

Hi All,

 

AEM as cloud dispatcher filter section has the below configuration to block any metadata calls on assets. Example path /content/dam/image/test.png.1.json

 

/0017 { /type "deny" /selectors '(feed|rss|pages|languages|blueprint|infinity|tidy|sysview|docview|query|[0-9-]+|jcr:content)' /extension '(json|xml|html|feed)' }

But this does not block the path /content/dam/image/test.png/.1.json(a '/' post the actual asset path and then the selector and extension), and returns the metadata information. This is leaking the metadata information of the asset.

 

How this path can be blocked?

 

3 replies

SantoshSai
Community Advisor
SantoshSaiCommunity Advisor
Community Advisor
October 27, 2025

Hi @ajay_kr,

You can deny any selector + JSON/XML/HTML request that follows a file-like name and a slash:

# Deny selector requests after asset filenames (e.g., test.png/.1.json)
{ /type "deny" 
  /path "/content/dam/*"
  /selectors "([0-9-]+|feed|rss|pages|languages|blueprint|infinity|tidy|sysview|docview|query|jcr:content)"
  /extension "(json|xml|html|feed)"
}

Or a more generic and strict version to block all selectors after an asset file:

{ /type "deny"
  /url "*/content/dam/*.*/*.*"
}

(Optional) You can also deny any .json under /jcr:content paths:

{ /type "deny" /glob "/content/dam/**/jcr:content/*.json" }

 

Santosh Sai
    muskaanchandwani
    Adobe Employee
    muskaanchandwaniAdobe Employee
    Adobe Employee
    October 27, 2025

    Hello @ajay_kr 

    Add a filter rule using /url to block metadata calls with an extra slash and selector :

    /filter { /type "deny" /url '/content/dam/.*/\.[^/]+\.(json|xml|html|feed)$' }
      ManviSharma
      Adobe Employee
      ManviSharmaAdobe Employee
      Adobe Employee
      October 27, 2025

       

      Hi @ajay_kr ,

      You can block this by adding an extra dispatcher filter to catch requests with the extra slash before the selector. Example:

       

      /0018 { 
  /type "deny" 
  /url "/content/dam/.*\\/\\.[0-9]+\\.(json|xml|html)" 
}

      This blocks any path like /content/dam/image/test.png/.1.json from returning metadata.

      Keep your existing filter as is , this one just handles the edge case.

      Hope this helps.


      Regards,
      Manvi Sharma

        Terms & ConditionsAccessibility statement

        Loading footer...