Dispatcher Rule for Content Fragment Asset API | Community
Skip to main content
S
ShikhaSharma-1
New Participant
December 7, 2022
Solved

Dispatcher Rule for Content Fragment Asset API

  • December 7, 2022
  • 3 replies
  • 1385 views

Hi All,

We are in process of implementing the Content fragment Asset API, hence want to know the rule to be applied in dispatcher to only allow /asset/api json.

At present we have set a rule as 

{ /type "allow" /extension '(json)' /method "GET" /url "/asset/api/*.json" }

is this valid or any other rule need to be set.

Please suggest.

 

Thanks

Shikha

 

 

 

 

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by Avinash_Gupta_

You can restrict the other page content selectors like infinity, tidy  using the below dispatcher filter rule:

 

# Deny content grabbing for greedy queries and prevent un-intended self DOS attacks
/0017 { /type "deny" /selectors '(feed|rss|pages|languages|blueprint|infinity|tidy|sysview|docview|query|[0-9-]+|jcr:content)' /extension '(json|xml|html|feed)' }

 

3 replies

tushaar_srivastava
tushaar_srivastava
New Participant
December 11, 2022

Hi @shikhasharma-1 

# Rule for Content Fragment Asset API

<VirtualHost *:80>

    ServerName dispatcher.example.com

    # Dispatcher Config
    DispatcherConfig conf/dispatcher.any

    # Dispatcher Logs
    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    CustomLog logs/dispatcher.log combined

    # Deny Access to Hidden Files
    <FilesMatch "\.(?!css$|js$|jpg$|gif$|png$|ico$|html$|htm$|txt$|json$|map$|svg$).*$">
        Require all denied
    </FilesMatch>

    # Content Fragment Asset API
    <Location /libs/dam/cf/asset>
        SetHandler dispatcher-handler
        SetEnvIf Request_URI ".*" no-gzip
    </Location>

    # Dispatcher Pass Through
    <Location />
        SetHandler dispatcher-handler
    </Location>

</VirtualHost>

Hope this will help 

    Avinash_Gupta_
    Avinash_Gupta_
    New Participant
    December 7, 2022

    Hi @shikhasharma-1 

     

    I think the above dispatcher rule should be  /api/assets

    { /type "allow" /extension '(json)' /method "GET" /url "/api/assets*.json" }

     

    Since you are only making the Get request to fetch the content fragment as json, don't think that you need to do any other additional configuration. Sling Referrer Filter & CORS would not be needed.

      S
      ShikhaSharma-1Author
      New Participant
      December 8, 2022

      Thanks AvinashGupta01.

       

      But in addition to this I want to restrict the other page content selectors like infinity, tidy , -1 etc json.

      Can you please suggest a rule which can be applied to restricted other selector.

        Avinash_Gupta_
        Avinash_Gupta_Accepted solution
        New Participant
        December 8, 2022

        You can restrict the other page content selectors like infinity, tidy  using the below dispatcher filter rule:

         

        # Deny content grabbing for greedy queries and prevent un-intended self DOS attacks
        /0017 { /type "deny" /selectors '(feed|rss|pages|languages|blueprint|infinity|tidy|sysview|docview|query|[0-9-]+|jcr:content)' /extension '(json|xml|html|feed)' }

         

          krati_garg
          krati_garg
          Employee
          December 7, 2022

          @shikhasharma-1 I believe you will have to configure Sling Referrer Filter

           

          Please see the process below, this also has dispatcher rules defined:

          https://experienceleague.adobe.com/docs/experience-manager-cloud-service/content/headless/deployment/referrer-filter.html?lang=en

          and may be CORS Policy

          https://experienceleague.adobe.com/docs/experience-manager-cloud-service/content/headless/deployment/cross-origin-resource-sharing.html?lang=en

           

            Terms & ConditionsAccessibility statement

            Loading footer...