Hi,
You should always do white listing not black listing of allowed pattern. That means deny everything first and allow whatever is needed e.g.
/0001 { /type "deny" /url "*" }
/0017 { /type "deny" /selectors '(feed|rss|pages|languages|blueprint|infinity|tidy|sysview|docview|query|[0-9-]+|jcr:content)' /extension '(json|xml|html|feed)' }
/0401 { /type "allow" /url "/libs/granite/dispatcher/content/vanityUrls.html"}
/0410 { /type "allow" /extension '(css|eot|gif|ico|jpeg|jpg|js|gif|pdf|png|svg|swf|ttf|woff|woff2|html)' /path "/content/myApp/*" }
.... other rules
In your case you can deny jcr:content by using one of the below rule
/0402 { /type "deny" /extension 'json' /path "*(jcr:content|_jcr_content)*" }
/0403 { /type "deny" /extension 'json' "*_jcr_content.json*" }
/0404 { /type "deny" /extension 'json' "*jcr:content.json*" }