Expand my Community achievements bar.

Don’t miss the AEM Skill Exchange in SF on Nov 14—hear from industry leaders, learn best practices, and enhance your AEM strategy with practical tips.
SOLVED

Dispatcher rules to block secured paths

Avatar

Level 1

Hi,

 

We are using AMS 6.5 SP15. The following paths are being exposed and json responses are rendered from the dispatcher. 

 

content paths:

===========

/content/.2.json;%0Aa.png/.json

/content/projectfolder/.5.json;%0Aa.png/.json

/content/.2.json;%0Aa.png/.json

/content/proj/us/en/b-content/page-billing/jcr:content/root/container/container/authcontainer/testcomponent-copy-par-c/par_1.100.json;%0AXLA.ico/a.html

 

dam paths:

========

/content/dam/proj-assets/en-us/brandname/images.1.json;%0Aa.png/.png

/content/dam/test-library/en-us/fol1/folder2/.children.json;%0AXLA.ico/a.html

/content/dam/test-library/en-us/fol1/folder2/pdf/test1.pdf/.children.json

 

Can you suggest some generic filter rules to block these paths in the dispatcher filter rules?

 

Thanks in Advance.

 

Regards,

S

 

1 Accepted Solution

Avatar

Correct answer by
Community Advisor

Hi @srinivasanp3053 ,

you can use the following rules :

 

For blocking content paths:

/0001 { /type "deny" /glob "/content/*.json" }
/0002 { /type "deny" /glob "/content/**/*.json" }

 

For blocking DAM paths:

 

/0003 { /type "deny" /glob "/content/dam/*.json" }
/0004 { /type "deny" /glob "/content/dam/**/*.json" }

 

 

View solution in original post

3 Replies

Avatar

Correct answer by
Community Advisor

Hi @srinivasanp3053 ,

you can use the following rules :

 

For blocking content paths:

/0001 { /type "deny" /glob "/content/*.json" }
/0002 { /type "deny" /glob "/content/**/*.json" }

 

For blocking DAM paths:

 

/0003 { /type "deny" /glob "/content/dam/*.json" }
/0004 { /type "deny" /glob "/content/dam/**/*.json" }

 

 

Avatar

Community Advisor

@srinivasanp3053 

 

You might want to revisit the existing rules as well

Ideally, on publish instances you should start with Deny access to all content

/0001 { /type "deny"  /url "*" }

Next,  we should not enable the json paths that are required. Example

/0251 { /type "allow" /selectors "model" /extension "json" /path "/content/abc/*" }

 

It would help, if you could provide more details:

1. Are these json available across all content, and you want to avoid for all. If yes, please have a look at the configs shared above.

 

2. Is it only the secured content, where you want to avoid json. How are these restricted?


Aanchal Sikka

Avatar

Level 2

You can use advanced Dispatcher filter rules to block paths with the help of path, selectors, extensions etc.

Example 

/006 {
        /type "deny"
        /path "/content/*"
        /extension '(json|xml|feed))'
        }