Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
BedrockMission!

Learn More

View all

Sign in to view all badges

Allow access to AEM instances only for certain IPs from vHost configurations

Avatar

Avatar
Validate 1
Level 2
ReachPriyadarsh
Level 2

Likes

3 likes

Total Posts

11 posts

Correct Reply

0 solutions
Top badges earned
Validate 1
Boost 3
Boost 1
View profile

Avatar
Validate 1
Level 2
ReachPriyadarsh
Level 2

Likes

3 likes

Total Posts

11 posts

Correct Reply

0 solutions
Top badges earned
Validate 1
Boost 3
Boost 1
View profile
ReachPriyadarsh
Level 2

20-02-2019

Hi,

Currently, our AEM instances are public when accessed over the author domains. I am trying to use the below file on to allow access to AEM for certain IPs only

## Update /etc/httpd/conf.d/variables/ams_default.vars with setting the AUTHOR_WHITELIST_ENABLED from 0 or 1 to enable or disable ip restriction rules

<If "${AUTHOR_WHITELIST_ENABLED} == 1">

Include /etc/httpd/conf.d/whitelists/*_whitelist.rules

</If>

I am creating a new whitelist.rules file and expecting it to be picked by the vhost file. Is this the correct approach? The current file 000_base_whitelist.rules has the below default data.

## Include this in a directory context of the virtual host you want to restrict and apply a whitelist of IP's

## Here are some examples:

### Regular expressions are used for X-FORWARDED-FOR if your dispatcher is behind a load balancer

# SetEnvIf X-FORWARDED-FOR ^199\.83\.(12[8-9]|13[0-5])\.[0-9]{1,3}$ AllowIP

# SetEnvIf X-FORWARDED-FOR ^198\.143\.(3[2-9]|[4-5][0-9]|6[0-3])\.[0-9]{1,3}$ AllowIP

### Here are some rules for CIDR ip blocks and single addresses

# Allow from XXX.XXX.XX.X/XX

# Allow from XXX.XXX.XXX.XX

Order deny,allow

Deny from all

Allow from env=AllowIP

Can I get the syntax in which the filter needs to be written to allow only certain IPs to be accessible?

Replies

Avatar

Avatar
Establish
MVP
Gaurav-Behl
MVP

Likes

248 likes

Total Posts

1,147 posts

Correct Reply

283 solutions
Top badges earned
Establish
Give back 300
Give Back 50
Give Back 5
Give Back 3
View profile

Avatar
Establish
MVP
Gaurav-Behl
MVP

Likes

248 likes

Total Posts

1,147 posts

Correct Reply

283 solutions
Top badges earned
Establish
Give back 300
Give Back 50
Give Back 5
Give Back 3
View profile
Gaurav-Behl
MVP

21-02-2019

Did you get a chance to try exactly as mentioned in your example file -

SetEnvIf X-FORWARDED-FOR  <IP REGEX> AllowIP   # it assumes that your LB is setting X-FORWARDED-FOR header with incoming IP

or if its a single IP/CIDR block-

Allow from XXX.XXX.XX.X/XX

 

Order deny,allow
Deny from all
Allow from env=AllowIP

Avatar

Avatar
Validate 25
Level 10
smacdonald2008
Level 10

Likes

1,408 likes

Total Posts

12,671 posts

Correct Reply

2,278 solutions
Top badges earned
Validate 25
Validate 10
Validate 1
Give back 900
Give back 600
View profile

Avatar
Validate 25
Level 10
smacdonald2008
Level 10

Likes

1,408 likes

Total Posts

12,671 posts

Correct Reply

2,278 solutions
Top badges earned
Validate 25
Validate 10
Validate 1
Give back 900
Give back 600
View profile
smacdonald2008
Level 10

21-02-2019

This is more of Network/Apache issue then AEM. Confirmed with customer support as well.