Expand my Community achievements bar.

Radically easy to access on brand approved content for distribution and omnichannel performant delivery. AEM Assets Content Hub and Dynamic Media with OpenAPI capabilities is now GA.
SOLVED

AEM - How can we prevent blind XPath injection in an AEM Page??

Avatar

Level 2
1 Accepted Solution

Avatar

Correct answer by
Community Advisor
3 Replies

Avatar

Correct answer by
Community Advisor

Avatar

Community Advisor

If it’s a publisher you can bock all the suffix from dispatcher by adding rule in filter section


# Block use of all suffixes on any resource in /content
/0160 { /type "deny" /url "/content*" /suffix "*" }

# Suffix patterns which are needed on the server side can be added in an allow list manner
/0161 { /type "allow" /url "/content/we-retail/us/en/equipment/*" /suffix "/content/we-retail/*" /method "GET" }

 Rule 0160 is for blocking the suffix request from by passing the dispatcher and hitting your aem publisher