Expand my Community achievements bar.

Guidelines for the Responsible Use of Generative AI in the Experience Cloud Community.
SOLVED

Dispatcher Rule for Content Fragment Asset API

Avatar

Level 2

Hi All,

We are in process of implementing the Content fragment Asset API, hence want to know the rule to be applied in dispatcher to only allow /asset/api json.

At present we have set a rule as 

{ /type "allow" /extension '(json)' /method "GET" /url "/asset/api/*.json" }

is this valid or any other rule need to be set.

Please suggest.

 

Thanks

Shikha

 

 

 

 

1 Accepted Solution

Avatar

Correct answer by
Community Advisor

You can restrict the other page content selectors like infinity, tidy  using the below dispatcher filter rule:

 

# Deny content grabbing for greedy queries and prevent un-intended self DOS attacks
/0017 { /type "deny" /selectors '(feed|rss|pages|languages|blueprint|infinity|tidy|sysview|docview|query|[0-9-]+|jcr:content)' /extension '(json|xml|html|feed)' }

 

View solution in original post

5 Replies

Avatar

Community Advisor

Hi @sharms13 

 

I think the above dispatcher rule should be  /api/assets

{ /type "allow" /extension '(json)' /method "GET" /url "/api/assets*.json" }

 

Since you are only making the Get request to fetch the content fragment as json, don't think that you need to do any other additional configuration. Sling Referrer Filter & CORS would not be needed.

Avatar

Level 2

Thanks AvinashGupta01.

 

But in addition to this I want to restrict the other page content selectors like infinity, tidy , -1 etc json.

Can you please suggest a rule which can be applied to restricted other selector.

Avatar

Correct answer by
Community Advisor

You can restrict the other page content selectors like infinity, tidy  using the below dispatcher filter rule:

 

# Deny content grabbing for greedy queries and prevent un-intended self DOS attacks
/0017 { /type "deny" /selectors '(feed|rss|pages|languages|blueprint|infinity|tidy|sysview|docview|query|[0-9-]+|jcr:content)' /extension '(json|xml|html|feed)' }

 

Avatar

Level 7

Hi @sharms13 

# Rule for Content Fragment Asset API

<VirtualHost *:80>

    ServerName dispatcher.example.com

    # Dispatcher Config
    DispatcherConfig conf/dispatcher.any

    # Dispatcher Logs
    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    CustomLog logs/dispatcher.log combined

    # Deny Access to Hidden Files
    <FilesMatch "\.(?!css$|js$|jpg$|gif$|png$|ico$|html$|htm$|txt$|json$|map$|svg$).*$">
        Require all denied
    </FilesMatch>

    # Content Fragment Asset API
    <Location /libs/dam/cf/asset>
        SetHandler dispatcher-handler
        SetEnvIf Request_URI ".*" no-gzip
    </Location>

    # Dispatcher Pass Through
    <Location />
        SetHandler dispatcher-handler
    </Location>

</VirtualHost>

Hope this will help