Hi All,
We are in process of implementing the Content fragment Asset API, hence want to know the rule to be applied in dispatcher to only allow /asset/api json.
At present we have set a rule as
{ /type "allow" /extension '(json)' /method "GET" /url "/asset/api/*.json" }
is this valid or any other rule need to be set.
Please suggest.
Thanks
Shikha
Solved! Go to Solution.
Views
Replies
Total Likes
You can restrict the other page content selectors like infinity, tidy using the below dispatcher filter rule:
# Deny content grabbing for greedy queries and prevent un-intended self DOS attacks
/0017 { /type "deny" /selectors '(feed|rss|pages|languages|blueprint|infinity|tidy|sysview|docview|query|[0-9-]+|jcr:content)' /extension '(json|xml|html|feed)' }
Hi @sharms13
I think the above dispatcher rule should be /api/assets
{ /type "allow" /extension '(json)' /method "GET" /url "/api/assets*.json" }
Since you are only making the Get request to fetch the content fragment as json, don't think that you need to do any other additional configuration. Sling Referrer Filter & CORS would not be needed.
Thanks AvinashGupta01.
But in addition to this I want to restrict the other page content selectors like infinity, tidy , -1 etc json.
Can you please suggest a rule which can be applied to restricted other selector.
You can restrict the other page content selectors like infinity, tidy using the below dispatcher filter rule:
# Deny content grabbing for greedy queries and prevent un-intended self DOS attacks
/0017 { /type "deny" /selectors '(feed|rss|pages|languages|blueprint|infinity|tidy|sysview|docview|query|[0-9-]+|jcr:content)' /extension '(json|xml|html|feed)' }
Hi @sharms13
# Rule for Content Fragment Asset API <VirtualHost *:80> ServerName dispatcher.example.com # Dispatcher Config DispatcherConfig conf/dispatcher.any # Dispatcher Logs LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined CustomLog logs/dispatcher.log combined # Deny Access to Hidden Files <FilesMatch "\.(?!css$|js$|jpg$|gif$|png$|ico$|html$|htm$|txt$|json$|map$|svg$).*$"> Require all denied </FilesMatch> # Content Fragment Asset API <Location /libs/dam/cf/asset> SetHandler dispatcher-handler SetEnvIf Request_URI ".*" no-gzip </Location> # Dispatcher Pass Through <Location /> SetHandler dispatcher-handler </Location> </VirtualHost>
Hope this will help
Views
Likes
Replies