Hi Everyone, I wanted to deny the .jcr:content.-1.json & /jcr:content.-1.json in the dispatcher . I tried the several ways(deny selector (.-1.json ) and deny GET method including the below URLs) but it is still allowing .-1.json . Below URLs for the reference to deny the dispatcher URL.
/content/dam/myproject/sample/images/hero-img.jpg/jcr:content.-1.json
/content/dam/myproject/sample/images/hero-img.jpg.jcr:content.-1.json
Thank You.
Topics help categorize Community content and increase your ability to discover relevant content.
Views
Replies
Total Likes
hi @kchaura ,
Ideally, the best practice or the recommendation is to deny every thing and allow specific paths (e.g. DAM, etc.clientlibs, content etc.) which are needed as mentioned in the below example
/0001 { /type "deny" /url "*" }
## Allow extensions for dam
/0002 { /type "allow" /extension '(gif|jpeg|jpg|Jpg|pdf|png|svg|swf|JPEG|JPG|PDF|PNG)' /path "/content/dam/*" }
But if that involves lot of refactoring, try the below option. Ideally denying everything and enabling specific paths is always recommended
/0003 { /type "deny" /selectors '([0-9-]+| jcr:content)' /extension '(json|xml|html)' }
Thanks,
Anil
Thanks @Anil_Chennapragada for the respond. I already had done same you said , deny every thing and allowed only specific paths , even then it is allowing the jcr:content.-1.json selector.
I have already tried the below one but no luck.
/0003 { /type "deny" /selectors '([0-9-]+| jcr:content | -1)' /extension '(json|xml|html)' }
Can you check the order in which deny and allow are added? Did you add deny first and allow later?
Also there is an earlier question related to this which Arun answered.
Thanks @gkalyan for the respond. I am trying deny first then allow and i have already gone through with the link you shared. Actually jcr:content is working fine it is already denying but issue is with .-1. (second selector). second selector is not denying after adding in the dispatcher rule.
Thank you.
Got it. For that I see an example for selector deny in this guide, can you check that.
This might be similar to what Anil has provided using "/selectors" filter
Hi @gkalyan Thanks for the quick respond. I tried the same that you suggested but still no luck and it is allowing
This one already working fine , as blocking the below urls as it does not contain .-1
/content/dam/myproject/sample/images/hero-img.jpg/jcr:content.json
/content/dam/myproject/sample/images/hero-img.jpg.jcr:content.json
When i add .-1. as a second selector then it is allowing the request . I need to block this .
/content/dam/myproject/sample/images/hero-img.jpg/jcr:content.-1.json
/content/dam/myproject/sample/images/hero-img.jpg.jcr:content.-1.json
Thank you.
/allow-clientlib-resources {
/type "allow"
/method "GET"
/path '/etc/clientlibs/.*'
/selectors ''
/extension '(css|eot|gif|ico|jpeg|jpg|js|gif|png|svg|swf|ttf|woff|woff2)'
/suffix ''
}
By defining empty selector like above, we can explicitly deny all selectors.
Do you really use "hero-img.jpg.jcr:content.json" or is it just an example?
Hi @aanchal-sikka Thanks for the respond. Please find my comments inline.
By defining empty selector like above, we can explicitly deny all selectors - I tried but did not help.
Do you really use "hero-img.jpg.jcr:content.json" or is it just an example? We use the "hero-img.jpg" image and other DAM images and for the security reason we want to block jcr:content-1.json & other selectors for all the images, however dispatcher filter allowing all DAM images with selectors (-1 and 1,2,3 etc). Please check the reference URLs below.
/content/dam/myproject/sample/images/hero-img.jpg/jcr:content.-1.json
/content/dam/myproject/sample/images/hero-img.jpg.jcr:content.-1.json
/content/dam/myproject/sample/images/hero-img.jpg/jcr:content.1.json
/content/dam/myproject/sample/images/hero-img.jpg.jcr:content.1.json
Thank you.
@kchaura Did you find the suggestion helpful? Please let us know if you require more information. Otherwise, please mark the answer as correct for posterity. If you've discovered a solution yourself, we would appreciate it if you could share it with the community. Thank you!
Views
Replies
Total Likes
Views
Likes
Replies
Views
Likes
Replies