From 9b4170b2ffd7ac32e14ce4ec5901e869a800fd38 Mon Sep 17 00:00:00 2001
From: nhirrle <46745410+nhirrle@users.noreply.github.com>
Date: Wed, 30 Oct 2024 16:21:51 +0100
Subject: [PATCH] Update default_filters.any to block suffixes

---
 .../src/conf.dispatcher.d/filters/default_filters.any           | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/archetype/dispatcher.cloud/src/conf.dispatcher.d/filters/default_filters.any b/src/main/archetype/dispatcher.cloud/src/conf.dispatcher.d/filters/default_filters.any
index e1aa7229c..27fd738ad 100644
--- a/src/main/archetype/dispatcher.cloud/src/conf.dispatcher.d/filters/default_filters.any
+++ b/src/main/archetype/dispatcher.cloud/src/conf.dispatcher.d/filters/default_filters.any
@@ -22,7 +22,7 @@
 /0010 { /type "allow" /extension '(css|eot|gif|ico|jpeg|jpg|js|gif|pdf|png|svg|swf|ttf|woff|woff2|html|mp4|mov|m4v)' /path "/content/*" }  # disable this rule to allow mapped content only
 
 # Enable specific mime types in non-public content directories
-/0011 { /type "allow" /method "GET" /extension '(css|eot|gif|ico|jpeg|jpg|js|gif|png|svg|swf|ttf|woff|woff2)' }
+/0011 { /type "allow" /method "GET" /extension '(css|eot|gif|ico|jpeg|jpg|js|gif|png|svg|swf|ttf|woff|woff2)' /suffix "" /method '(GET|HEAD)'}
 
 # Enable clientlibs proxy servlet
 /0012 { /type "allow" /method "GET" /url "/etc.clientlibs/*" }