Dispatcher config snippets
Purpose: The filter, cache and header blocks that answer most dispatcher config tickets.
Who this page is for
| Audience | Why it matters to you |
|---|---|
| Platform engineers | Config edits |
| All engineers | Reading them in reviews |
Filter block: deny default, precise allows, pinned selectors
/filter {
/0001 { /type "deny" /url "*" }
# site pages: only known selectors, html only
/0100 { /type "allow" /method "GET" /path "/content/phi" /selectors '(card|summary|model)?'
/extension '(html|json)' }
# clientlibs + site assets
/0110 { /type "allow" /method "GET" /url "/etc.clientlibs/*" }
/0120 { /type "allow" /method "GET" /path "/content/dam/phi"
/extension '(jpg|jpeg|png|webp|svg|gif|pdf)' }
# explicit re-denies (defence in depth against later allow mistakes)
/0900 { /type "deny" /url "*.infinity.json" }
/0901 { /type "deny" /url "/crx/*" }
/0902 { /type "deny" /url "/system/*" }
/0903 { /type "deny" /url "*.query.json" }
}
Cache block
/cache {
/docroot "/var/cache/dispatcher/phi"
/statfileslevel "3"
/allowAuthorized "0"
/rules { /0000 { /glob "*" /type "allow" } }
/invalidate {
/0000 { /glob "*" /type "deny" }
/0001 { /glob "*.html" /type "allow" }
/0002 { /glob "*.model.json" /type "allow" } # ← the line everyone forgets
}
/allowedClients {
/0000 { /glob "*" /type "deny" }
/0001 { /glob "10.0.1.*" /type "allow" } # publish IPs only
}
/ignoreUrlParams {
/0001 { /glob "*" /type "deny" }
/0002 { /glob "utm_*" /type "allow" }
/0003 { /glob "gclid" /type "allow" }
}
/headers { "Cache-Control" "Content-Type" "Content-Security-Policy"
"X-Content-Type-Options" "Last-Modified" }
}
Apache vhost essentials
<VirtualHost *:443>
ServerName phi.example.org
DocumentRoot /var/cache/dispatcher/phi
Header always set X-Content-Type-Options "nosniff"
Header always set Referrer-Policy "strict-origin-when-cross-origin"
# long cache for hashed clientlibs
<LocationMatch "^/etc\.clientlibs/.*\.(min\.)?[a-f0-9]+\.(js|css)$">
Header set Cache-Control "public, max-age=31536000, immutable"
</LocationMatch>
</VirtualHost>
Validate before shipping (dispatcher validator / httpd -t in CI — farm design); verify externally after (security probe).