Expand my Community achievements bar.

Guidelines for the Responsible Use of Generative AI in the Experience Cloud Community.
SOLVED

Dispatcher filter to allow only mapped post content

Avatar

Level 4

Hi All,

I would to like to deny all the post methods by adding below filter 

/0001 {type "deny" /method "POST" }

Then , I have 100+websites running in my AEM application,so how to allow the all configured mapped content paths(present in my application) by adding filter conditions.

Could you please suggest on this and let me know your thoughts .

 

Thanks  in Advance.

1 Accepted Solution

Avatar

Correct answer by
Employee

@Keerthi97 there is no magic bullet for this, since there are any number of ways the HTTP POST endpoints maybe have been defined in AEM.

 

In the best case, all your HTTP POST endpoints are bound with well-known Sling selectors -- so like, HTTP POST /content/site-1/page.my-custom-submisssion.json, where `my-custom-submission` is the identifying selector.

 

If you have a set of well-known selectors, you can allow POST whose URLs contain that Selector or Path pattern .. some examples are here  [1]

 

If you have a mix of POST endpoints (resource-type based servlets, path-based servlets, script-based servlets, or even OOTB) then you'll have to go through them and figure out the best set of filters are for what your 100+ sites are using. Hopefully, you'll be able to identify some patterns that let you define allow a single rule per logical endpoint. Definitely think about using the /path configuration that allows patterns (regex) or matching on selectors if you can.

 

[1] https://github.com/adobe/aem-project-archetype/blob/master/src/main/archetype/dispatcher.cloud/src/c...

View solution in original post

1 Reply

Avatar

Correct answer by
Employee

@Keerthi97 there is no magic bullet for this, since there are any number of ways the HTTP POST endpoints maybe have been defined in AEM.

 

In the best case, all your HTTP POST endpoints are bound with well-known Sling selectors -- so like, HTTP POST /content/site-1/page.my-custom-submisssion.json, where `my-custom-submission` is the identifying selector.

 

If you have a set of well-known selectors, you can allow POST whose URLs contain that Selector or Path pattern .. some examples are here  [1]

 

If you have a mix of POST endpoints (resource-type based servlets, path-based servlets, script-based servlets, or even OOTB) then you'll have to go through them and figure out the best set of filters are for what your 100+ sites are using. Hopefully, you'll be able to identify some patterns that let you define allow a single rule per logical endpoint. Definitely think about using the /path configuration that allows patterns (regex) or matching on selectors if you can.

 

[1] https://github.com/adobe/aem-project-archetype/blob/master/src/main/archetype/dispatcher.cloud/src/c...