Expand my Community achievements bar.

Block asset metadata calls

Avatar

Level 2
Level 2
10/27/25 12:27:16 AM

Hi All,

 

AEM as cloud dispatcher filter section has the below configuration to block any metadata calls on assets. Example path /content/dam/image/test.png.1.json

 

/0017 { /type "deny" /selectors '(feed|rss|pages|languages|blueprint|infinity|tidy|sysview|docview|query|[0-9-]+|jcr:content)' /extension '(json|xml|html|feed)' }

But this does not block the path /content/dam/image/test.png/.1.json(a '/' post the actual asset path and then the selector and extension), and returns the metadata information. This is leaking the metadata information of the asset.

 

How this path can be blocked?

 

Topics

Topics help categorize Community content and increase your ability to discover relevant content.

Dispatcher Experience Manager as a Cloud Service Experience Manager Assets

Views

245

Replies

3
Sign in to like this content

Total Likes

Translate
Translate
3 Replies

Avatar

Community Advisor
Community Advisor
10/27/25 7:23:53 AM

Hi @Ajay_KR,

You can deny any selector + JSON/XML/HTML request that follows a file-like name and a slash:

# Deny selector requests after asset filenames (e.g., test.png/.1.json)
{ /type "deny" 
  /path "/content/dam/*"
  /selectors "([0-9-]+|feed|rss|pages|languages|blueprint|infinity|tidy|sysview|docview|query|jcr:content)"
  /extension "(json|xml|html|feed)"
}

Or a more generic and strict version to block all selectors after an asset file:

{ /type "deny"
  /url "*/content/dam/*.*/*.*"
}

(Optional) You can also deny any .json under /jcr:content paths:

{ /type "deny" /glob "/content/dam/**/jcr:content/*.json" }

 


Santosh Sai

AEM BlogsLinkedIn


Views

220

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Employee
Employee
10/27/25 10:38:13 AM

Hello @Ajay_KR 

Add a filter rule using /url to block metadata calls with an extra slash and selector :

/filter {
  /type "deny"
  /url '/content/dam/.*/\.[^/]+\.(json|xml|html|feed)$'
}

Views

211

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Employee Advisor
Employee Advisor
10/27/25 12:20:21 PM

 

Hi @Ajay_KR ,

You can block this by adding an extra dispatcher filter to catch requests with the extra slash before the selector. Example:

 

/0018 { 
  /type "deny" 
  /url "/content/dam/.*\\/\\.[0-9]+\\.(json|xml|html)" 
}

This blocks any path like /content/dam/image/test.png/.1.json from returning metadata.

Keep your existing filter as is , this one just handles the edge case.

Hope this helps.


Regards,
Manvi Sharma

Views

204

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Related Conversations
Asset Visibility in AEM Assets and AEM Solved

Views

194

Likes

0

Replies

4
How to retrieve all metadata fields with specific prefix from all schemas using a single endpoint? Solved

Views

90

Likes

0

Replies

1
AEM DAM Asset usage Analytics, Insights and Reports Solved

Views

204

Likes

0

Replies

4
Repository not reducing even after deleting lot of dam assets AEM 6.4 Solved

Views

334

Likes

0

Replies

5
Hello, I have a question when updating an asset's metadata using the Assets API in AEM as a Cloud Service.

Views

113

Likes

0

Replies

2