Here is our config file.
# only handle the requests in the following acl. default is 'none'
# the glob pattern is matched against the first request line
/filter
{
# deny everything and allow specific entries
/0001 { /type "deny" /glob "*" }
# open consoles
# /0012 { /type "allow" /glob "* /crx/*" } # allow content repository
# /0013 { /type "allow" /glob "* /system/*" } # allow OSGi console
# allow non-public content directories
# /0021 { /type "allow" /glob "* /apps/*" } # allow apps access
# /0022 { /type "allow" /glob "* /bin/*" }
/0023 { /type "allow" /glob "* /content*" } # disable this rule to allow mapped content only
/0024 { /type "deny" /glob "* /content/boost*" } #block boost on sprint.com
# /0024 { /type "allow" /glob "* /libs/*" }
# /0025 { /type "deny" /glob "* /libs/shindig/proxy*" } # if you enable /libs close access to proxy
# /0026 { /type "allow" /glob "* /home/*" }
# /0027 { /type "allow" /glob "* /tmp/*" }
# /0028 { /type "allow" /glob "* /var/*" }
# enable specific mime types in non-public content directories
/0041 { /type "allow" /glob "* *.css *" } # enable css
/0042 { /type "allow" /glob "* *.gif *" } # enable gifs
/0043 { /type "allow" /glob "* *.ico *" } # enable icos
/0044 { /type "allow" /glob "* *.js *" } # enable javascript
/0045 { /type "allow" /glob "* *.png *" } # enable png
/0046 { /type "allow" /glob "* *.swf *" } # enable flash
/0047 { /type "allow" /glob "* *.svg *" } # enable SVG
/0048 { /type "allow" /glob "* *.woff *" } # enable woff
/0049 { /type "allow" /glob "* *.ttf *" } # enable ttf
/0050 { /type "allow" /glob "* *.eot *" } # enable eot
/0051 { /type "allow" /glob "* *.jpg *" } # enable jpg
/0052 { /type "allow" /glob "* *.woff2 *" } # enable woff2
/0053 { /type "allow" /glob "* *.map *" } # enable source maps
# enable features
/0061 { /type "allow" /glob "POST /content/[.]*.form.html" } # allow POSTs to form selectors under content
/0062 { /type "allow" /glob "* /libs/cq/personalization/*" } # enable personalization
/0063 { /type "allow" /glob "POST /content/[.]*.commerce.cart.json" } # allow POSTs to update the shopping cart
# deny content grabbing
/0081 { /type "deny" /glob "GET *.infinity.json*" }
/0082 { /type "deny" /glob "GET *.tidy.json*" }
/0083 { /type "deny" /glob "GET *.sysview.xml*" }
/0084 { /type "deny" /glob "GET *.docview.json*" }
/0085 { /type "deny" /glob "GET *.docview.xml*" }
/0086 { /type "deny" /glob "GET *.*[0-9].json*" }
/0087 { /type "deny" /glob "GET *.feed.xml*" }
# /0088 { /type "allow" /glob "GET *.1.json*" } # allow one-level json requests
# deny query
/0090 { /type "deny" /glob "* *.query.json*" }
#Elham's changes
/0091 { /type "deny" /glob "GET /content.pages.json*" }
/0092 { /type "deny" /glob "GET /content.languages.json*" }
/0093 { /type "deny" /glob "GET /content.blueprint.json*" }
/0094 { /type "deny" /glob "GET /content.feed.html*" }
# allow new data servlet - must appear after the deny content grabbing rule, as selectors may end with a digit.
/0100 { /type "allow" /glob "GET /etc/devices.*.json*" }
/0101 { /type "allow" /glob "GET /etc/accessories.*.json*" }
/0102 { /type "allow" /glob "GET /etc/services.*.json*" }
/0103 { /type "allow" /glob "GET /etc/plans.*.json*" }
/0104 { /type "allow" /glob "GET /etc/tagexplorer.*.json*" }
/0105 { /type "allow" /glob "GET /etc/promos.*.json*" }
/0106 { /type "allow" /glob "GET /etc/support.*.json*" }
/0107 { /type "allow" /glob "GET /etc/knowledge.*.json*" }
/0108 { /type "allow" /glob "GET /etc/appcontent.*.json*" }
/0109 { /type "allow" /glob "GET /etc/appcontent.*.strings*" }
/0110 { /type "allow" /glob "GET /etc/appcontent.*.xml*" }
/0111 { /type "allow" /glob "GET /etc/appcontent.*.jsonp*" }
/0112 { /type "allow" /glob "GET /etc/appcontent.*.txt*" }
/0113 { /type "allow" /glob "GET /etc/adminpage.*.json*" }
/0114 { /type "allow" /glob "GET /etc/devices.*.shtml*" }
# Implementing the below rules as per the AMSSEC recommendations
/0120 { /type "deny" /path "/bin/querybuilder*" /selectors '(feed|servlet|json)' /extension '(css)'}
/0121 { /type "deny" /url "/crx/de/index.jsp" /extension '(css)'}
/0122 { /type "deny" /url "/crx/explorer/index.jsp" /extension '(css)'}
# allow rsrc under /rsrc/
/0130 { /type "allow" /glob "* /rsrc/*" }
}
# allow propagation of replication posts (should seldomly be used)
/propagateSyndPost "0"
# the cache is used to store requests from the renders for faster delivery
# for a second time.
/cache
{
# the cacheroot must be equal to the document root of the webserver
/docroot "/mnt/var/www/html"
# sets the level upto which files named ".stat" will be created in the
# document root of the webserver. when an activation request for some
# handle is received, only files within the same subtree are affected
# by the invalidation.
/statfileslevel "2"
# caches also authorized data
/allowAuthorized "0"
# the rules define, which pages should be cached. please note that
# - only GET requests are cached
# - only requests with an extension are cached
# - only requests without query parameters ( ? ) are cached
# - only unauthorized pages are cached unless allowUnauthorized is set to 1
/rules
{
/0000
{
# the globbing pattern to be compared against the url
# example: * -> everything
# : /foo/bar.* -> only the /foo/bar documents
# : /foo/bar/* -> all pages below /foo/bar
# : /foo/bar[./]* -> all pages below and /foo/bar itself
# : *.html -> all .html files
/glob "*"
/type "allow"
}
#Prevent dispatcher caching of servlet output
/0001 { /type deny /glob "/etc/plans*.json*" }
/0002 { /type deny /glob "/etc/devices*.json*" }
/0003 { /type deny /glob "/etc/accessories*.json*" }
/0004 { /type deny /glob "/etc/tagexplorer*.json*" }
/0005 { /type deny /glob "/etc/services*.json*" }
/0006 { /type deny /glob "/etc/promos*.json*" }
/0007 { /type deny /glob "/etc/support*.json*" }
/0008 { /type deny /glob "/etc/knowledge*.json*" }
/0009 { /type deny /glob "/etc/appcontent.*.json" }
/0010 { /type deny /glob "/etc/appcontent.*.strings" }
/0011 { /type deny /glob "/etc/appcontent.*.xml" }
/0012 { /type deny /glob "/etc/appcontent.*.jsonp" }
/0013 { /type deny /glob "/etc/appcontent.*.txt" }
/0014 { /type deny /glob "/etc/adminpage.*.json" }
/0025 { /type deny /glob "/etc/devices.productSupport.*" }
/0026 { /type deny /glob "/rsrc/sprint/sellabledevices/*" }
}
/ignoreUrlParams
{
/0001 { /type allow /glob "*" }
}
# the invalidate section defines those pages which are 'invalidated' after
# any activation. please note that, the activated page itself and all
# related documents are flushed on an modification. for example: if the
# page /foo/bar is activated, all /foo/bar.* files are removed from the
# cache.
/invalidate
{
/0000
{
/glob "*"
/type "deny"
}
/0001
{
/glob "*.html"
/type "allow"
}
}
/allowedClients
{
/0000
{
/glob "*.*.*.*"
/type "deny"
}
$include "publish-invalidate-allowed.any"
}
# A grace period defines the number of seconds a stale, auto-invalidated
# resource may still be served from the cache after the last activation
# occurring. Auto-invalidated resources are invalidated by any activation,
# when their path matches the /invalidate section above. This setting
# can be used in a setup, where a batch of activations would otherwise
# repeatedly invalidate the entire cache.
#
/gracePeriod "2"
}
# the statistics define, how the load should be balanced among the renders
# according to the media-type.
/statistics
{
/categories
{
/html
{
/glob "*.html"
}
/others
{
/glob "*"
}
}
}
}
