DENY Permission not working for some of the filters in dispatcher.any file

Avatar

Avatar

ShyamSundar

Avatar

ShyamSundar

ShyamSundar

07-05-2019

I have a list of application urls/filters to provide the deny access in dispatcher.any file.

  1. https://dev62.adobecqms.net/.json
  2. https://dev62.adobecqms.net/crx/de/index.jsp;%0aa.css

Below are the ways, I have set the rule in my dispatcher.any file its not working as expected and it is returning the json values all the time.

Similarly for the css, i have set the deny rule which is not working as expected.

We tried clearing the dispatcher cache multiple times which is of no effect.

/invalidate

{

/0003

{

     /glob "*.json"

     /type "allow"

}

}

 

/0082

     {

          /type "deny"

          /path "/*"

          /extension '(json)'

     }

/0087 { /type "allow" /method "GET" /extension 'json' "*.json" }

Any solution on this problem will be helpful.

Accepted Solutions (1)

Accepted Solutions (1)

Avatar

Avatar

berliant

Employee

Avatar

berliant

Employee

berliant
Employee

07-05-2019

Dispatcher calculates rules from the top to the bottom. It's a best practice to set the first rule as deny all and then define an explicit allow only to specific URLs

Answers (9)

Answers (9)

Avatar

Avatar

berliant

Employee

Avatar

berliant

Employee

berliant
Employee

08-05-2019

If you are intending to deny json request you should edit /filter section of a dispatcher configuration file and not an /invalidate section.

You can try a rule similar to:

/filter

....

/0087 { /type "deny" /method "GET" /extension 'json' "*.1.json" }

Avatar

Avatar

jbrar

Employee

Avatar

jbrar

Employee

jbrar
Employee

07-05-2019

If you are talking about filters, it is deny all and allow only specific URL. So, you need to deny everything and only allow the files required for your site.

That being said, change the dispatcher log level to DEBUG and try to make a request to those URL's. Logs will show you which filter is getting called and you can check on the changes required accordingly.

Avatar

Avatar

ShyamSundar

Avatar

ShyamSundar

ShyamSundar

14-05-2019

After dispatcher cache clearing, all my rules are working fine.

Thanks all for your valuable suggestions.

Cheers

SHYAM SUNDAR

Avatar

Avatar

ShyamSundar

Avatar

ShyamSundar

ShyamSundar

08-05-2019

Hi JaideepBrar

This was the first way we tried in fact wherein we applied the deny on "/.json".

Its not working.

Thanks

SHYAM SUNDAR

Avatar

Avatar

ShyamSundar

Avatar

ShyamSundar

ShyamSundar

08-05-2019

yes multiple restarts where done with no luck

Avatar

Avatar

berliant

Employee

Avatar

berliant

Employee

berliant
Employee

08-05-2019

Did you restart an HTTP server after you mad a modification?

Avatar

Avatar

jbrar

Employee

Avatar

jbrar

Employee

jbrar
Employee

08-05-2019

Can you try a filter with deny on "/.json" ?

Avatar

Avatar

ShyamSundar

Avatar

ShyamSundar

ShyamSundar

08-05-2019

Tried the same but no luck.

I still could see the json being rendered when i hit the URL in the browser.

Avatar

Avatar

ShyamSundar

Avatar

ShyamSundar

ShyamSundar

08-05-2019

Please find the below logs where it is checking .json and I should be getting the 404 error page as per the rule I set.

But Instead, I receive the json file on the browser.

1748615_pastedImage_10.png

The JSON response i receive,

1748616_pastedImage_11.pngKindly help me as these are simple rules which are being set in dispatcher.any file but in turn its not working.