DENY Permission not working for some of the filters in dispatcher.any file

Forum|Forum|6 years ago
May 7, 2019
10 replies
6642 views

I have a list of application urls/filters to provide the deny access in dispatcher.any file.

Below are the ways, I have set the rule in my dispatcher.any file its not working as expected and it is returning the json values all the time.

Similarly for the css, i have set the deny rule which is not working as expected.

We tried clearing the dispatcher cache multiple times which is of no effect.

/invalidate

{

/0003

{

/glob "*.json"

/type "allow"

}

/0082

{

/type "deny"

/path "/*"

/extension '(json)'

}

/0087 { /type "allow" /method "GET" /extension 'json' "*.json" }

Any solution on this problem will be helpful.

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.

Best answer by leoberliant

Dispatcher calculates rules from the top to the bottom. It's a best practice to set the first rule as deny all and then define an explicit allow only to specific URLs

U

user05162

Adobe Employee

If you are talking about filters, it is deny all and allow only specific URL. So, you need to deny everything and only allow the files required for your site.

That being said, change the dispatcher log level to DEBUG and try to make a request to those URL's. Logs will show you which filter is getting called and you can check on the changes required accordingly.

L

leoberliant

Accepted solution

Adobe Employee

Dispatcher calculates rules from the top to the bottom. It's a best practice to set the first rule as deny all and then define an explicit allow only to specific URLs