Adobe Experience Manager Sites & More

kchaura · 7/8/24

Hi Everyone, I wanted to deny the .jcr:content.-1.json & /jcr:content.-1.json in the dispatcher . I tried the several ways(deny selector (.-1.json ) and deny GET method including the below URLs) but it is still allowing .-1.json . Below URLs for the reference to deny the dispatcher URL.

/content/dam/myproject/sample/images/hero-img.jpg/jcr:content.-1.json

/content/dam/myproject/sample/images/hero-img.jpg.jcr:content.-1.json

Thank You.

Anil_Chennapragada · 7/8/24

hi @kchaura ,

Ideally, the best practice or the recommendation is to deny every thing and allow specific paths (e.g. DAM, etc.clientlibs, content etc.) which are needed as mentioned in the below example

/0001 { /type "deny"  /url "*" }

## Allow extensions for dam
/0002 { /type "allow" /extension '(gif|jpeg|jpg|Jpg|pdf|png|svg|swf|JPEG|JPG|PDF|PNG)' /path "/content/dam/*" }

But if that involves lot of refactoring, try the below option. Ideally denying everything and enabling specific paths is always recommended

/0003 { /type "deny" /selectors '([0-9-]+| jcr:content)' /extension '(json|xml|html)' }

Thanks,

Anil

kchaura · 7/8/24

Thanks @Anil_Chennapragada for the respond. I already had done same you said , deny every thing and allowed only specific paths , even then it is allowing the jcr:content.-1.json selector.

I have already tried the below one but no luck.

/0003 { /type "deny" /selectors '([0-9-]+| jcr:content | -1)' /extension '(json|xml|html)' }

gkalyan · 7/8/24

@kchaura

Can you check the order in which deny and allow are added? Did you add deny first and allow later?

Also there is an earlier question related to this which Arun answered.

https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/disable-jcr-content-json-f...

kchaura · 7/8/24

Thanks @gkalyan for the respond. I am trying deny first then allow and i have already gone through with the link you shared. Actually jcr:content is working fine it is already denying but issue is with .-1. (second selector). second selector is not denying after adding in the dispatcher rule.

Thank you.

gkalyan · 7/8/24

@kchaura

Got it. For that I see an example for selector deny in this guide, can you check that.

This might be similar to what Anil has provided using "/selectors" filter

https://experienceleague.adobe.com/en/docs/experience-manager-dispatcher/using/configuring/dispatche...

kchaura · 7/8/24

Hi @gkalyan Thanks for the quick respond. I tried the same that you suggested but still no luck and it is allowing

This one already working fine , as blocking the below urls as it does not contain .-1

/content/dam/myproject/sample/images/hero-img.jpg/jcr:content.json

/content/dam/myproject/sample/images/hero-img.jpg.jcr:content.json

When i add .-1. as a second selector then it is allowing the request . I need to block this .

/content/dam/myproject/sample/images/hero-img.jpg/jcr:content.-1.json

/content/dam/myproject/sample/images/hero-img.jpg.jcr:content.-1.json

Thank you.

aanchal-sikka · 7/8/24

@kchaura

/allow-clientlib-resources {
  /type "allow"
  /method "GET"
  /path '/etc/clientlibs/.*'
  /selectors ''
  /extension '(css|eot|gif|ico|jpeg|jpg|js|gif|png|svg|swf|ttf|woff|woff2)'
  /suffix ''
}

By defining empty selector like above, we can explicitly deny all selectors.

Do you really use "hero-img.jpg.jcr:content.json" or is it just an example?

Aanchal Sikka

kchaura · 7/9/24

Hi @aanchal-sikka Thanks for the respond. Please find my comments inline.

By defining empty selector like above, we can explicitly deny all selectors - I tried but did not help.

Do you really use "hero-img.jpg.jcr:content.json" or is it just an example? We use the "hero-img.jpg" image and other DAM images and for the security reason we want to block jcr:content-1.json & other selectors for all the images, however dispatcher filter allowing all DAM images with selectors (-1 and 1,2,3 etc). Please check the reference URLs below.

/content/dam/myproject/sample/images/hero-img.jpg/jcr:content.-1.json

/content/dam/myproject/sample/images/hero-img.jpg.jcr:content.-1.json

/content/dam/myproject/sample/images/hero-img.jpg/jcr:content.1.json

/content/dam/myproject/sample/images/hero-img.jpg.jcr:content.1.json

Thank you.

Anil_Chennapragada · 7/9/24

hi @kchaura ,

Can you try as per the below solution provided for DAM Paths. If needed explicitly allow specific paths on top of it

https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/dispatcher-rules-to-block-...

kautuk_sahni · 7/16/24

@kchaura Did you find the suggestion helpful? Please let us know if you require more information. Otherwise, please mark the answer as correct for posterity. If you've discovered a solution yourself, we would appreciate it if you could share it with the community. Thank you!

Adobe Experience Manager Sites & More

Dispatcher Filter Configuration - Deny .jcr:content.-1.json

Kautuk Sahni

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe