Dispatcher config anatomy
Who this page is for
| Audience | Why it matters to you |
|---|---|
| All engineers | Every delivery bug tour ends here |
| Platform engineers | Config ownership |
dispatcher.any structure
/farms
/phi-farm
/virtualhosts which Host headers this farm serves
/renders backend publish instance(s) + timeouts
/filter ordered allow/deny request rules ← security-critical
/cache
/docroot where cached files live
/rules what MAY be cached (by glob)
/invalidate what a flush invalidates
/allowedClients who may send flush requests
/statfileslevel invalidation scoping depth
/ignoreUrlParams params that don't bust caching
/headers response headers to cache alongside files
/sessionmanagement, /auth_checker (authenticated-content setups)
Filters: deny by default
/0001 { /type "deny" /url "*" }
/0100 { /type "allow" /method "GET" /url "/content/phi/*" /extension '(html)' }
/0110 { /type "allow" /url "/etc.clientlibs/*" }
/0120 { /type "allow" /method "GET" /url "/content/dam/phi/*" /extension '(jpg|jpeg|png|webp|svg|pdf)' }
Rules evaluate in order, last match wins. Filter on method + path + extension + selectors together — the selector wildcard hole (.tarpit.selectors.html variants) is a classic cache-poisoning/DoS vector; pin allowed selectors explicitly. Full checklist: Dispatcher security.
Cache decision recap
Cacheable = GET + matches /rules + has extension + no query string (minus /ignoreUrlParams) + no Authorization (unless configured) + backend didn't send no-cache headers (Dispatcher: no-cache).
statfileslevel intuition
.stat files are freshness markers. Level N = markers maintained N directories deep; a flush touches the .stat nearest the invalidated path; cached files older than their nearest ancestor .stat are stale.
| statfileslevel | Behaviour |
|---|---|
| 0 | One global .stat — any publish flushes everything |
| 3 (e.g. /content/phi/plans) | Publishing a plan flushes only the plans subtree |
Higher = surgical invalidation but more .stat management; match it to your content tree depth.
gotchas
/invalidatetypically includes*.html— but JSON endpoints must be listed too or they serve stale data forever./headersmust include your cache-control/security headers or cached responses lose them.- Farm changes need a web-server reload; cache clear ≠ config reload.