Level 2

Solved

Dispatcher Rule for Content Fragment Asset API

Forum|Forum|3 years ago
December 7, 2022
3 replies
1385 views

Hi All,

We are in process of implementing the Content fragment Asset API, hence want to know the rule to be applied in dispatcher to only allow /asset/api json.

At present we have set a rule as

{ /type "allow" /extension '(json)' /method "GET" /url "/asset/api/*.json" }

is this valid or any other rule need to be set.

Please suggest.

Thanks

Shikha

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.

Best answer by Avinash_Gupta_

You can restrict the other page content selectors like infinity, tidy using the below dispatcher filter rule:

# Deny content grabbing for greedy queries and prevent un-intended self DOS attacks
/0017 { /type "deny" /selectors '(feed|rss|pages|languages|blueprint|infinity|tidy|sysview|docview|query|[0-9-]+|jcr:content)' /extension '(json|xml|html|feed)' }

krati_garg

Adobe Employee

@shikhasharma-1 I believe you will have to configure Sling Referrer Filter

Please see the process below, this also has dispatcher rules defined:

https://experienceleague.adobe.com/docs/experience-manager-cloud-service/content/headless/deployment/referrer-filter.html?lang=en

and may be CORS Policy

https://experienceleague.adobe.com/docs/experience-manager-cloud-service/content/headless/deployment/cross-origin-resource-sharing.html?lang=en

Avinash_Gupta_

Community Advisor and Adobe Champion

Hi @shikhasharma-1

I think the above dispatcher rule should be /api/assets

{ /type "allow" /extension '(json)' /method "GET" /url "/api/assets*.json" }

Since you are only making the Get request to fetch the content fragment as json, don't think that you need to do any other additional configuration. Sling Referrer Filter & CORS would not be needed.

S

ShikhaSharma-1Author

Level 2

Thanks AvinashGupta01.

But in addition to this I want to restrict the other page content selectors like infinity, tidy , -1 etc json.

Can you please suggest a rule which can be applied to restricted other selector.

Avinash_Gupta_

Accepted solution

Community Advisor and Adobe Champion

You can restrict the other page content selectors like infinity, tidy using the below dispatcher filter rule:

# Deny content grabbing for greedy queries and prevent un-intended self DOS attacks
/0017 { /type "deny" /selectors '(feed|rss|pages|languages|blueprint|infinity|tidy|sysview|docview|query|[0-9-]+|jcr:content)' /extension '(json|xml|html|feed)' }

tushaar_srivastava

Level 6

Hi @shikhasharma-1

# Rule for Content Fragment Asset API

<VirtualHost *:80>

    ServerName dispatcher.example.com

    # Dispatcher Config
    DispatcherConfig conf/dispatcher.any

    # Dispatcher Logs
    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    CustomLog logs/dispatcher.log combined

    # Deny Access to Hidden Files
    <FilesMatch "\.(?!css$|js$|jpg$|gif$|png$|ico$|html$|htm$|txt$|json$|map$|svg$).*$">
        Require all denied
    </FilesMatch>

    # Content Fragment Asset API
    <Location /libs/dam/cf/asset>
        SetHandler dispatcher-handler
        SetEnvIf Request_URI ".*" no-gzip
    </Location>

    # Dispatcher Pass Through
    <Location />
        SetHandler dispatcher-handler
    </Location>

</VirtualHost>

Hope this will help

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded