Level 3

Solved

Dispatcher Filter Blocking HTTPS requests

Forum|Forum|1 year ago
January 15, 2025
4 replies
1763 views

Hi all,

I have recently setup dispatcher on our dev environment, i added few servlets to our filters file so they are not blocked. Everything works great over port 80 (HTTP), however today i configured SSL and added port 443 to the listener. I see some of the filters that are supposed to allow the requests are blocking them including the servlets, any idea on how the filter file needs to be modified to work with HTTPS ?

Thanks,

Abhishek

Best answer by Rohan_Garg

@kolluax -

Can you also check whether the vhost section to ensure the request is routed correctly?
Also can you ensure the cache is disabled as well?

/rules { /0001 { /glob "*" /type "allow" } }

The logs point to the CSRF token endpoint not being handled. Can you also add the below?

/filter { /0001 { /type "allow" /url "/libs/granite/csrf/token.json" } }

For bypassing cache - /rules { /0001 { /glob "/libs/granite/csrf/token.json" /type "deny" } }

Also, please share your SSL proxy configuration once along with the dispatcher logs.

gkalyan

Community Advisor and Adobe Champion

Hi @kolluax

Did you check this user guide from Adobe regarding this?

https://experienceleague.adobe.com/en/docs/experience-manager-65/content/security/ssl-by-default

K

kolluaxAuthor

Level 3

Thanks Kalyan but this article seems more of configuration on AEM than dispatcher. In my case, from Dispatcher access/request logs, i could see they are blocking the requests and returning 404. I haven't checked if these requests are making it to the AEM, i will check AEM logs to confirm this. I was hoping if there is anything to be configured on filters file of dispatcher.

Thanks,

Abhishek

gkalyan

Community Advisor and Adobe Champion

@kolluax

Here is the user guide for dispatcher

https://experienceleague.adobe.com/en/docs/experience-manager-dispatcher/using/configuring/dispatcher-ssl#configuring-dispatcher-to-use-ssl

this one should help your case.

Rohan_Garg

Community Advisor

Hi @kolluax,

Can you please share the filter rules and the dispatcher logs? (Preferably set the Dispatcher log level to Debug or Trace)

Meanwhile, can you double check the SSL certificate setup?

You can also temporarily relax the filters to confirm the issue is related to specific filter rules.

/0001 { /type "allow" /url ".*" }

Also, you can try adding https Header to the filters. You can add a filter rule to allow requests based on this header.

/filter {

/0001 { /type "allow" /url "/path/to/servlet" /header "X-Forwarded-Proto: https" }

/0002 { /type "deny" /url ".*" }

}

Hope this helps!

Rohan Garg

K

kolluaxAuthor

Level 3

I have temporarily relaxed my filters but still get 404 in the ssl_access logs. Seems like i am missing some configuration specific to HTTPS. I might have to create a new farm that has AEM listening on port 8443 to allow secure connection between dispatcher and AEM.

Thanks,

Abhishek

N

neo-silicon

Level 3

Hi ,

Can you share dispatcher.log and in that we can able to see what's happening while accessing page.

Thanks

AmitVishwakarma

Community Advisor

To fix Dispatcher blocking HTTPS requests, modify the dispatcher.any file to ensure filters allow both HTTP and HTTPS traffic. Check that servlets and paths are correctly matched and allowed. Also, ensure the X-Forwarded-Proto header is set correctly for HTTPS requests, especially if using a reverse proxy. After changes, restart the Dispatcher and clear its cache.

K

kolluaxAuthor

Level 3

Hi @amitvishwakarma - I have checked that the dispatcher.any file is picking up all the available farms, I have created two separate farms one for secure and the other un-secure as per the article and then included relevant files, including vhosts that allow http://* and https://* . Configured two renderers 4503 and 8443 for publisher. After setting up, i get page cannot be reached and no traces of logs in request or access.

Do you want me to add "X-Forwarded-Proto" as a header ? if so, can i add it into a clientheaders.any file ? I have also attached DEBUG logs.

Thanks,

Abhishek

ssl_error_log_external.zip

kautuk_sahni

Community Manager

@kolluax Did you find the suggestions helpful? Please let us know if you require more information. Otherwise, please mark the answer as correct for posterity. If you've discovered a solution yourself, we would appreciate it if you could share it with the community. Thank you!

Kautuk Sahni

K

kolluaxAuthor

Level 3

Hi @kautuk_sahni - I am still trying to resolve this, i have tried all the suggestions on this post but still faced with a 404. I am planning to create a separate filter for HTTPS farm today and try. Still could not figure out what is blocking the requests. In Adobe documentation, when defining filters, they say the requests are HTTP, does that mean we need to specifically call out HTTPS ones? I am also working with Adobe support on this one. Will update this post.

Thanks,

Abhishek

K

kolluaxAuthor

Level 3

Thanks everyone for chiming in with suggestions. I was able to fix this issue.

I had a separate ssl.conf that had configurations to listen on 443 and paths to SSL certs. I did not create a separate .vhost since this conf was included in my dispatcher.any configuration.

I tried moving the listen 443 to my httpd.conf file and then create a separate vhost under available hosts, configured my ssl paths and removed the ssl.conf.

Regards,

Abhishek

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded