Dispatcher : Asset Path security issue | Community
Skip to main content
adivj95
adivj95
New Participant
October 16, 2023
Solved

Dispatcher : Asset Path security issue

  • October 16, 2023
  • 1 reply
  • 587 views

Hi community

 

I want to write a generic rule to deny this type of path

/content/dam/myproject/asset.jpg/.4.json

/content/dam/myproject/asset.xls/.4.json


I already have this rule in dispatcher and its not applying for this paths

/0081
{
/type "deny"
/selectors '((sys|doc)view|query|[0-9-]+)'
/extension '(json|xml|css|js|xls)'
}
# Deny content grabbing for /content
/0082
{
/type "deny"
/path "/content"
/selectors '(feed|rss|pages|languages|blueprint|infinity|tidy)'
/extension '(json|xml|html|css|js)'
}

Please help

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by Mahedi_Sabuj

Here "/.4.json" is considered a suffix, not a selector. You need to deny suffix from the dispatcher. You can check below example for a reference: 

# Block the use of all suffixes on any resource under /content /0160 { /type "deny" /url "/content*" /suffix "*" }

For more information about what part of the request line each of these elements references, see the Sling URL Decomposition wiki page.

 

 

1 reply

Mahedi_Sabuj
Mahedi_SabujAccepted solution
New Participant
October 16, 2023

Here "/.4.json" is considered a suffix, not a selector. You need to deny suffix from the dispatcher. You can check below example for a reference: 

# Block the use of all suffixes on any resource under /content /0160 { /type "deny" /url "/content*" /suffix "*" }

For more information about what part of the request line each of these elements references, see the Sling URL Decomposition wiki page.

 

 

Mahedi Sabuj
    Terms & ConditionsAccessibility statement

    Loading footer...