Expand my Community achievements bar.

Don’t miss the AEM Skill Exchange in SF on Nov 14—hear from industry leaders, learn best practices, and enhance your AEM strategy with practical tips.
SOLVED

Allow few pages based on IPs

Avatar

Level 6

Hi Team,

 

We are trying to allow/restrict few page access based on IP adress. Requirement is if user is connected with VPN, can access resource /content/mysite/us/en/private/*, if not connected, it should give 403 to all.

 

What we tried as below but its not working. Although IP address is correct in our real filter.

 

/filter {

........................

......................
   /0110 {
       /type "deny"
       /path "/content/mysite/us/en/private/*"
       /ips {
           "0.0.0.0/0"
       }
   }
   /0111 {
       /type "allow"
       /glob "/content/mysite/us/en/private/*"
       /ips {
           "192.0.0.0/8"
          
       }
   }
  
}

1 Accepted Solution

Avatar

Correct answer by
Community Advisor
7 Replies

Avatar

Community Advisor

@arvind If you know the audience and can create a group for them then you can use the Closed User Groups(CUG) on the published site.

https://experienceleague.adobe.com/docs/experience-manager-65/administering/security/cug.html?lang=e... 

Sorry thats not what you asked for, but i am throwing the idea since the IP changes needs to be maintained in dispatcher level.

Avatar

Level 6

Thanks @Saravanan_Dharmaraj . 

 

Unfortunately CUG/audience is not known. we need to deny/allow based on IP only.

 

Making change at Dispatcher level is in our scope so Its not an issue

Avatar

Community Advisor

Hello @arvind 

 

Can you configure two virtual host at the dispatcher level?

  • one for your intranet
  • one for your internet

 Deny rule for the internet and an allow rule for the intranet.


Aanchal Sikka

Avatar

Level 2

Hi @arvind , Have you tried using 'allowedClients'.

/allowedClients {
/0 { /type "deny" /glob "0.0.0.0" }
/1 { /type "allow" /glob "192.0.0.0" }

}

Avatar

Community Advisor

Do you have CDN?
It will be better, safe and easy if you manage these kind of stuff at CDN level.

Hope this helps

Umesh Thakur

Avatar

Correct answer by
Community Advisor