Expand my Community achievements bar.

Guidelines for the Responsible Use of Generative AI in the Experience Cloud Community.
SOLVED

AEM - How can we prevent blind XPath injection in an AEM Page??

Avatar

Level 2
1 Accepted Solution

Avatar

Correct answer by
Community Advisor
3 Replies

Avatar

Correct answer by
Community Advisor

Avatar

Community Advisor

If it’s a publisher you can bock all the suffix from dispatcher by adding rule in filter section


# Block use of all suffixes on any resource in /content
/0160 { /type "deny" /url "/content*" /suffix "*" }

# Suffix patterns which are needed on the server side can be added in an allow list manner
/0161 { /type "allow" /url "/content/we-retail/us/en/equipment/*" /suffix "/content/we-retail/*" /method "GET" }

 Rule 0160 is for blocking the suffix request from by passing the dispatcher and hitting your aem publisher