Dispatcher Filter Configuration - Deny .jcr:content.-1.json | Community
Skip to main content
K
kchaura
Level 2
July 8, 2024

Dispatcher Filter Configuration - Deny .jcr:content.-1.json

  • July 8, 2024
  • 5 replies
  • 2106 views

Hi Everyone, I wanted to deny the .jcr:content.-1.json & /jcr:content.-1.json in the dispatcher . I tried the several ways(deny selector (.-1.json ) and deny GET method including the below URLs) but it is still allowing .-1.json . Below URLs for the reference to deny the dispatcher URL.

 

/content/dam/myproject/sample/images/hero-img.jpg/jcr:content.-1.json

/content/dam/myproject/sample/images/hero-img.jpg.jcr:content.-1.json

 

Thank You.

 

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.

5 replies

A
Anil_Chennapragada
Level 4
July 8, 2024

hi @kchaura ,

Ideally, the best practice or the recommendation is to deny every thing and allow specific paths  (e.g. DAM, etc.clientlibs, content etc.) which are needed as mentioned in the below example

/0001 { /type "deny" /url "*" } ## Allow extensions for dam /0002 { /type "allow" /extension '(gif|jpeg|jpg|Jpg|pdf|png|svg|swf|JPEG|JPG|PDF|PNG)' /path "/content/dam/*" }

 

But if that involves lot of refactoring, try the below option. Ideally denying everything and enabling specific paths is always recommended

/0003 { /type "deny" /selectors '([0-9-]+| jcr:content)' /extension '(json|xml|html)' }

 

Thanks,

Anil

    K
    kchauraAuthor
    Level 2
    July 8, 2024

    Thanks @anil_chennapragada  for the respond. I already had done same you said , deny every thing and allowed only specific paths , even then it is allowing the jcr:content.-1.json selector.

    I have already tried the below one but no luck.

     

    /0003 { /type "deny" /selectors '([0-9-]+| jcr:content | -1)' /extension '(json|xml|html)' }

      gkalyan
      Community Advisor and Adobe Champion
      gkalyanCommunity Advisor and Adobe Champion
      Community Advisor and Adobe Champion
      July 8, 2024

      @kchaura 

      Can you check the order in which deny and allow are added? Did you add deny first and allow later?

       

      Also there is an earlier question related to this which Arun answered.

      https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/disable-jcr-content-json-from-url-on-publisher-instance-in-aem/m-p/352043

        K
        kchauraAuthor
        Level 2
        July 8, 2024

        Thanks @gkalyan for the respond. I am trying deny first then allow and i have already gone through with the link you shared. Actually jcr:content  is working fine it is already denying but issue is with .-1. (second selector). second selector is not denying after adding in the dispatcher rule.

         

        Thank you.

          gkalyan
          Community Advisor and Adobe Champion
          gkalyanCommunity Advisor and Adobe Champion
          Community Advisor and Adobe Champion
          July 8, 2024

          @kchaura 

          Got it. For that I see an example for selector deny in this guide, can you check that. 

          This might be similar to what Anil has provided using "/selectors" filter

           

          https://experienceleague.adobe.com/en/docs/experience-manager-dispatcher/using/configuring/dispatcher-configuration#example-filter-section

            aanchal-sikka
            Community Advisor
            aanchal-sikkaCommunity Advisor
            Community Advisor
            July 9, 2024

            @kchaura 

             

            /allow-clientlib-resources { /type "allow" /method "GET" /path '/etc/clientlibs/.*' /selectors '' /extension '(css|eot|gif|ico|jpeg|jpg|js|gif|png|svg|swf|ttf|woff|woff2)' /suffix '' }

             

             

            By defining empty selector like above, we can explicitly deny all selectors.

             

            Do you really use "hero-img.jpg.jcr:content.json" or is it just an example?

             

            Aanchal Sikka
              K
              kchauraAuthor
              Level 2
              July 9, 2024

              Hi @aanchal-sikka  Thanks for the respond. Please find my comments inline.

               

              By defining empty selector like above, we can explicitly deny all selectors - I tried but did not help.

               

              Do you really use "hero-img.jpg.jcr:content.json" or is it just an example? We use the "hero-img.jpg" image and other DAM images and for the security reason we want to block jcr:content-1.json & other selectors for all the images, however dispatcher filter allowing all DAM images with selectors (-1 and 1,2,3 etc). Please check the reference URLs below. 

              /content/dam/myproject/sample/images/hero-img.jpg/jcr:content.-1.json

              /content/dam/myproject/sample/images/hero-img.jpg.jcr:content.-1.json

              /content/dam/myproject/sample/images/hero-img.jpg/jcr:content.1.json

              /content/dam/myproject/sample/images/hero-img.jpg.jcr:content.1.json

              Thank you.

               

                A
                Anil_Chennapragada
                Level 4
                July 9, 2024

                hi @kchaura ,

                Can you try as per the below solution provided for DAM Paths. If needed explicitly allow specific paths on top of it

                 

                https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/dispatcher-rules-to-block-secured-paths/m-p/600008/highlight/true

                 

                  kautuk_sahni
                  Community Manager
                  kautuk_sahniCommunity Manager
                  Community Manager
                  July 16, 2024

                  @kchaura Did you find the suggestion helpful? Please let us know if you require more information. Otherwise, please mark the answer as correct for posterity. If you've discovered a solution yourself, we would appreciate it if you could share it with the community. Thank you!

                  Kautuk Sahni
                  Terms & ConditionsAccessibility statement

                  Loading footer...