Adobe Experience Manager Sites & More

adivj95 · 10/16/23

Hi community

I want to write a generic rule to deny this type of path

/content/dam/myproject/asset.jpg/.4.json

/content/dam/myproject/asset.xls/.4.json

I already have this rule in dispatcher and its not applying for this paths

/0081
{
/type "deny"
/selectors '((sys|doc)view|query|[0-9-]+)'
/extension '(json|xml|css|js|xls)'
}
# Deny content grabbing for /content
/0082
{
/type "deny"
/path "/content"
/selectors '(feed|rss|pages|languages|blueprint|infinity|tidy)'
/extension '(json|xml|html|css|js)'
}

Please help

Mahedi_Sabuj · 10/16/23

Here "/.4.json" is considered a suffix, not a selector. You need to deny suffix from the dispatcher. You can check below example for a reference:

# Block the use of all suffixes on any resource under /content
/0160 {
  /type "deny" /url "/content*" /suffix "*"
}

For more information about what part of the request line each of these elements references, see the Sling URL Decomposition wiki page.

View solution in original post

Mahedi_Sabuj · 10/16/23

Here "/.4.json" is considered a suffix, not a selector. You need to deny suffix from the dispatcher. You can check below example for a reference:

# Block the use of all suffixes on any resource under /content
/0160 {
  /type "deny" /url "/content*" /suffix "*"
}

For more information about what part of the request line each of these elements references, see the Sling URL Decomposition wiki page.

Adobe Experience Manager Sites & More

Dispatcher : Asset Path security issue

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe