Expand my Community achievements bar.

Dispatcher Filter Configuration - Deny .jcr:content.-1.json

Avatar

Level 3

Hi Everyone, I wanted to deny the .jcr:content.-1.json & /jcr:content.-1.json in the dispatcher . I tried the several ways(deny selector (.-1.json ) and deny GET method including the below URLs) but it is still allowing .-1.json . Below URLs for the reference to deny the dispatcher URL.

 

/content/dam/myproject/sample/images/hero-img.jpg/jcr:content.-1.json

/content/dam/myproject/sample/images/hero-img.jpg.jcr:content.-1.json

 

Thank You.

 

Topics

Topics help categorize Community content and increase your ability to discover relevant content.

10 Replies

Avatar

Level 4

hi @kchaura ,

Ideally, the best practice or the recommendation is to deny every thing and allow specific paths  (e.g. DAM, etc.clientlibs, content etc.) which are needed as mentioned in the below example

/0001 { /type "deny"  /url "*" }

## Allow extensions for dam
/0002 { /type "allow" /extension '(gif|jpeg|jpg|Jpg|pdf|png|svg|swf|JPEG|JPG|PDF|PNG)' /path "/content/dam/*" }

 

But if that involves lot of refactoring, try the below option. Ideally denying everything and enabling specific paths is always recommended

/0003 { /type "deny" /selectors '([0-9-]+| jcr:content)' /extension '(json|xml|html)' }

 

Thanks,

Anil

Avatar

Level 3

Thanks @Anil_Chennapragada  for the respond. I already had done same you said , deny every thing and allowed only specific paths , even then it is allowing the jcr:content.-1.json selector.

I have already tried the below one but no luck.

 

/0003 { /type "deny" /selectors '([0-9-]+| jcr:content | -1)' /extension '(json|xml|html)' }

Avatar

Community Advisor

@kchaura 

Can you check the order in which deny and allow are added? Did you add deny first and allow later?

 

Also there is an earlier question related to this which Arun answered.

https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/disable-jcr-content-json-f...

Avatar

Level 3

Thanks @gkalyan for the respond. I am trying deny first then allow and i have already gone through with the link you shared. Actually jcr:content  is working fine it is already denying but issue is with .-1. (second selector). second selector is not denying after adding in the dispatcher rule.

 

Thank you.

Avatar

Community Advisor

@kchaura 

Got it. For that I see an example for selector deny in this guide, can you check that. 

This might be similar to what Anil has provided using "/selectors" filter

Screenshot 2024-07-08 at 1.34.26 PM.png

 

https://experienceleague.adobe.com/en/docs/experience-manager-dispatcher/using/configuring/dispatche...

Avatar

Level 3

Hi @gkalyan Thanks for the quick respond. I tried the same that you suggested but still no luck and it is allowing 

 

This one already working fine , as blocking the below urls as it does not contain .-1

/content/dam/myproject/sample/images/hero-img.jpg/jcr:content.json

/content/dam/myproject/sample/images/hero-img.jpg.jcr:content.json

 

When i add .-1. as a second selector then it is allowing the request . I need to block this .

/content/dam/myproject/sample/images/hero-img.jpg/jcr:content.-1.json

/content/dam/myproject/sample/images/hero-img.jpg.jcr:content.-1.json

 

Thank you.

 

Avatar

Community Advisor

@kchaura 

 

/allow-clientlib-resources {
  /type "allow"
  /method "GET"
  /path '/etc/clientlibs/.*'
  /selectors ''
  /extension '(css|eot|gif|ico|jpeg|jpg|js|gif|png|svg|swf|ttf|woff|woff2)'
  /suffix ''
}

 

 

By defining empty selector like above, we can explicitly deny all selectors.

 

Do you really use "hero-img.jpg.jcr:content.json" or is it just an example?

 


Aanchal Sikka

Avatar

Level 3

Hi @aanchal-sikka  Thanks for the respond. Please find my comments inline.

 

By defining empty selector like above, we can explicitly deny all selectors - I tried but did not help.

 

Do you really use "hero-img.jpg.jcr:content.json" or is it just an example? We use the "hero-img.jpg" image and other DAM images and for the security reason we want to block jcr:content-1.json & other selectors for all the images, however dispatcher filter allowing all DAM images with selectors (-1 and 1,2,3 etc). Please check the reference URLs below. 

/content/dam/myproject/sample/images/hero-img.jpg/jcr:content.-1.json

/content/dam/myproject/sample/images/hero-img.jpg.jcr:content.-1.json

/content/dam/myproject/sample/images/hero-img.jpg/jcr:content.1.json

/content/dam/myproject/sample/images/hero-img.jpg.jcr:content.1.json

Thank you.

 

Avatar

Level 4

hi @kchaura ,

Can you try as per the below solution provided for DAM Paths. If needed explicitly allow specific paths on top of it

 

https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/dispatcher-rules-to-block-...

 

Avatar

Administrator

@kchaura Did you find the suggestion helpful? Please let us know if you require more information. Otherwise, please mark the answer as correct for posterity. If you've discovered a solution yourself, we would appreciate it if you could share it with the community. Thank you!



Kautuk Sahni