Unable to Run Dispatcher Flush Invalidate.cache | Community
Skip to main content
M
Mayukh007
Level 4
March 31, 2021
Solved

Unable to Run Dispatcher Flush Invalidate.cache

  • March 31, 2021
  • 5 replies
  • 5992 views

HI,

I am trying to run a jenkins job to flush dispatcher cache and getting below error.

<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /dispatcher/invalidate.cache
on this server.</p>
<p>Additionally, a 403 Forbidden
error was encountered while trying to use an ErrorDocument to handle the request.</p>
</body></html>

Command I ran:

curl -H "CQ-Action: Delete" -H "CQ-Handle: /content/" -H "CQ-Path: /content/" -H "Content-Length: 0" -H "Content-Type: application/octet-stream" -H "Host:My_env_host_name" http://IP_OF_Dispatcher/dispatcher/invalidate.cache

 

When I login to that dispatcher machine as root user and try to execute that command (or using localhost), I get same error. I know the curl command is good as it works for other AEM Dispatchers.

 

Anybody have any suggestion what can be issue here..?

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by BrianKasingli

@mayukh007 have a look at this easy to follow the guide, https://sourcedcode.com/blog/aem/how-to-setup-the-aem-dispatcher-flush-agent

- How is the /dispatcher/invalidate.cache generated

- How do we securely allow only specific IP addresses to make a flush cache request?

- How to configure a basic dispatcher flush agent on the AEM publish?

 

As a quick test, please try:

 

# The allowedClients section restricts the client IP addresses that are # allowed to issue activation requests. /allowedClients { # deny all clients /0000 { /glob "*" /type "allow" } }

 

 

5 replies

M
Mayukh007Author
Level 4
March 31, 2021
Just a point to mention, the host "My_env_host_name" is not created yet, is it giving 403 due to that..?
Pawan-Gupta
Pawan-Gupta
Level 8
March 31, 2021

refer this - https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/invalidate-cache-with-one-curl-commnad/qaq-p/225153

    M
    Mayukh007Author
    Level 4
    April 1, 2021
    Hmm...this post does not talk about the issue I have having. i am using similar curl command for specific path which works in all other existing dispatchers, so command is good.
    Asutosh_Jena_
    Community Advisor
    Asutosh_Jena_Community Advisor
    Community Advisor
    April 1, 2021

    Hi @mayukh007 

     

    You will need to allow the Jenkins IP from your dispatcher allowedClients section in .any file where you have allowed the publish IP already.

     

    /allowedClients{
        /0000 {
            /glob "*.*.*.*"
            /type "deny"
        }
        /0001 {
            /glob "10.000.12.00" /* AEM PUBLISH IP */
            /type "allow"
        }
        /0002 {
            /glob "10.000.12.98" /* Jenkins IP */
            /type "allow"
        }
    }   

     Thanks!

      M
      Mayukh007Author
      Level 4
      April 1, 2021
      Hi Asutosh, This does not work even when I login to dispatcher machine and run curl command. I get same 403 error. So I think issue is actually in dispatcher permission. Also like I mentioned in my command, the domain does not exist, that might be a reason..
      U
      Adobe Employee
      user05162Adobe Employee
      Adobe Employee
      April 1, 2021

      The forbidden(403) error means the Publish IP is not allowed to make flush requests to the dispatcher. Basically, the dispatcher checks all the allowedclients and if publish IP is not there, It does not allow any requests from that IP to be run on the dispatcher.

       

      Although it seems like a user permissions issue but Its related to allowedlist of IP's

        M
        Mayukh007Author
        Level 4
        April 1, 2021

        Thank you for the suggestions jbrar and asutosh.

         

        Here is what I see/did:

        1. In my .any file under /allowedclients, I do have allowed PUBLISH_IP from /etc/sysconfig/httpd file and the value is correct in that file and set to my publisher ip. I have still added new rule to explicitly add published ip and restarted apache:

        /2
        {
        /glob "10.238.32.42"
        /type "allow"
        }

        still curl command does not work.

         

        2. Also when I check the dispatcher flush agents in Author and Publisher they are also not working and giving 403. One thing i noticed which I mentioned earlier, that I do not have the host name for this environment yet. So the Host name we need to mention in the Dispatcher FLush in Publisher is blank.

         

        3. I also tried to run curl command from publisher and did not work.

        BrianKasingli
        Community Advisor and Adobe Champion
        BrianKasingliCommunity Advisor and Adobe ChampionAccepted solution
        Community Advisor and Adobe Champion
        April 1, 2021

        @mayukh007 have a look at this easy to follow the guide, https://sourcedcode.com/blog/aem/how-to-setup-the-aem-dispatcher-flush-agent

        - How is the /dispatcher/invalidate.cache generated

        - How do we securely allow only specific IP addresses to make a flush cache request?

        - How to configure a basic dispatcher flush agent on the AEM publish?

         

        As a quick test, please try:

         

        # The allowedClients section restricts the client IP addresses that are # allowed to issue activation requests. /allowedClients { # deny all clients /0000 { /glob "*" /type "allow" } }

         

         

          Terms & ConditionsAccessibility statement

          Loading footer...