Expand my Community achievements bar.

SOLVED

Dispatcher Rule for Content Fragment Asset API

Avatar

Level 2
Level 2
12/7/22 4:32:58 AM

Hi All,

We are in process of implementing the Content fragment Asset API, hence want to know the rule to be applied in dispatcher to only allow /asset/api json.

At present we have set a rule as 

{ /type "allow" /extension '(json)' /method "GET" /url "/asset/api/*.json" }

is this valid or any other rule need to be set.

Please suggest.

 

Thanks

Shikha

 

 

 

 

Views

637

Replies

5
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Community Advisor
Community Advisor
12/8/22 7:16:48 AM
In response to sharms13

You can restrict the other page content selectors like infinity, tidy  using the below dispatcher filter rule:

 

# Deny content grabbing for greedy queries and prevent un-intended self DOS attacks
/0017 { /type "deny" /selectors '(feed|rss|pages|languages|blueprint|infinity|tidy|sysview|docview|query|[0-9-]+|jcr:content)' /extension '(json|xml|html|feed)' }

 

View solution in original post

Views

580

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
5 Replies

Avatar

Community Advisor
Community Advisor
12/7/22 8:28:51 AM

Hi @sharms13 

 

I think the above dispatcher rule should be  /api/assets

{ /type "allow" /extension '(json)' /method "GET" /url "/api/assets*.json" }

 

Since you are only making the Get request to fetch the content fragment as json, don't think that you need to do any other additional configuration. Sling Referrer Filter & CORS would not be needed.

Views

605

Replies

2
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 2
Level 2
12/8/22 5:25:58 AM
In response to Avinash_Gupta_

Thanks AvinashGupta01.

 

But in addition to this I want to restrict the other page content selectors like infinity, tidy , -1 etc json.

Can you please suggest a rule which can be applied to restricted other selector.

Views

588

Replies

1
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Correct answer by
Community Advisor
Community Advisor
12/8/22 7:16:48 AM
In response to sharms13

You can restrict the other page content selectors like infinity, tidy  using the below dispatcher filter rule:

 

# Deny content grabbing for greedy queries and prevent un-intended self DOS attacks
/0017 { /type "deny" /selectors '(feed|rss|pages|languages|blueprint|infinity|tidy|sysview|docview|query|[0-9-]+|jcr:content)' /extension '(json|xml|html|feed)' }

 

Views

581

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply

Avatar

Level 6
Level 6
12/11/22 1:27:43 AM

Hi @sharms13 

# Rule for Content Fragment Asset API

<VirtualHost *:80>

    ServerName dispatcher.example.com

    # Dispatcher Config
    DispatcherConfig conf/dispatcher.any

    # Dispatcher Logs
    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    CustomLog logs/dispatcher.log combined

    # Deny Access to Hidden Files
    <FilesMatch "\.(?!css$|js$|jpg$|gif$|png$|ico$|html$|htm$|txt$|json$|map$|svg$).*$">
        Require all denied
    </FilesMatch>

    # Content Fragment Asset API
    <Location /libs/dam/cf/asset>
        SetHandler dispatcher-handler
        SetEnvIf Request_URI ".*" no-gzip
    </Location>

    # Dispatcher Pass Through
    <Location />
        SetHandler dispatcher-handler
    </Location>

</VirtualHost>

Hope this will help 

Views

558

Replies

0
Sign in to like this content

Total Likes

Translate
Translate