Yep, you are right, today I faced with issue that crxde doesn't show anything when nosamplecontent runmode used. I googled and found out that CRXde is not a sling app and if I'm not mistaken, WebDav protocol used to get jcr tree in CRXde.
Hi Jörg, the above solution holds good if there is a dispatcher infront of the author instance, also the admin will lose the access to crx if he moves out of the network for some reason (if the admin is on a travel for eg.), is it a good practice to consider IPs in this scenario?
Whats the alternative if there is no dispatcher in front of the author instance?
removing the links to https://hostname/crx/de/index.jsp doesn't help, if people are aware of it. Access to CRXDE Lite cannot be controlled using ACLs (in an AEM/Oak sense), but only by implementing network ACLs; for example by alloweding only IPs from the admin network acess to /crx by implementing such rules through apache httpd config.