Hi,
We are using AMS 6.5 SP15. The following paths are being exposed and json responses are rendered from the dispatcher.
content paths:
===========
/content/.2.json;%0Aa.png/.json
/content/projectfolder/.5.json;%0Aa.png/.json
/content/.2.json;%0Aa.png/.json
/content/proj/us/en/b-content/page-billing/jcr:content/root/container/container/authcontainer/testcomponent-copy-par-c/par_1.100.json;%0AXLA.ico/a.html
dam paths:
========
/content/dam/proj-assets/en-us/brandname/images.1.json;%0Aa.png/.png
/content/dam/test-library/en-us/fol1/folder2/.children.json;%0AXLA.ico/a.html
/content/dam/test-library/en-us/fol1/folder2/pdf/test1.pdf/.children.json
Can you suggest some generic filter rules to block these paths in the dispatcher filter rules?
Thanks in Advance.
Regards,
S
Solved! Go to Solution.
Views
Replies
Total Likes
Hi @srinivasanp3053 ,
you can use the following rules :
For blocking content paths:
/0001 { /type "deny" /glob "/content/*.json" }
/0002 { /type "deny" /glob "/content/**/*.json" }
For blocking DAM paths:
/0003 { /type "deny" /glob "/content/dam/*.json" }
/0004 { /type "deny" /glob "/content/dam/**/*.json" }
Hi @srinivasanp3053 ,
you can use the following rules :
For blocking content paths:
/0001 { /type "deny" /glob "/content/*.json" }
/0002 { /type "deny" /glob "/content/**/*.json" }
For blocking DAM paths:
/0003 { /type "deny" /glob "/content/dam/*.json" }
/0004 { /type "deny" /glob "/content/dam/**/*.json" }
You might want to revisit the existing rules as well
Ideally, on publish instances you should start with Deny access to all content
/0001 { /type "deny" /url "*" }
Next, we should not enable the json paths that are required. Example
/0251 { /type "allow" /selectors "model" /extension "json" /path "/content/abc/*" }
It would help, if you could provide more details:
1. Are these json available across all content, and you want to avoid for all. If yes, please have a look at the configs shared above.
2. Is it only the secured content, where you want to avoid json. How are these restricted?
You can use advanced Dispatcher filter rules to block paths with the help of path, selectors, extensions etc.
Example
/006 {
/type "deny"
/path "/content/*"
/extension '(json|xml|feed))'
}