Allow few pages based on IPs | Community
Skip to main content
A
arvind-1
Level 5
May 24, 2023
Solved

Allow few pages based on IPs

  • May 24, 2023
  • 5 replies
  • 1630 views

Hi Team,

 

We are trying to allow/restrict few page access based on IP adress. Requirement is if user is connected with VPN, can access resource /content/mysite/us/en/private/*, if not connected, it should give 403 to all.

 

What we tried as below but its not working. Although IP address is correct in our real filter.

 

/filter {

........................

......................
   /0110 {
       /type "deny"
       /path "/content/mysite/us/en/private/*"
       /ips {
           "0.0.0.0/0"
       }
   }
   /0111 {
       /type "allow"
       /glob "/content/mysite/us/en/private/*"
       /ips {
           "192.0.0.0/8"
          
       }
   }
  
}

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.

5 replies

Saravanan_Dharmaraj
Community Advisor
Saravanan_DharmarajCommunity Advisor
Community Advisor
May 24, 2023

@arvind-1 If you know the audience and can create a group for them then you can use the Closed User Groups(CUG) on the published site.

https://experienceleague.adobe.com/docs/experience-manager-65/administering/security/cug.html?lang=en 

Sorry thats not what you asked for, but i am throwing the idea since the IP changes needs to be maintained in dispatcher level.

    A
    arvind-1Author
    Level 5
    May 24, 2023

    Thanks @saravanan_dharmaraj . 

     

    Unfortunately CUG/audience is not known. we need to deny/allow based on IP only.

     

    Making change at Dispatcher level is in our scope so Its not an issue 🙂

      aanchal-sikka
      Community Advisor
      aanchal-sikkaCommunity Advisor
      Community Advisor
      May 24, 2023

      Hello @arvind-1 

       

      Can you configure two virtual host at the dispatcher level?

      • one for your intranet
      • one for your internet

       Deny rule for the internet and an allow rule for the intranet.

      Aanchal Sikka
        praveenk9057427
        praveenk9057427
        Level 2
        May 24, 2023

        Hi @arvind-1 , Have you tried using 'allowedClients'.

        /allowedClients {
        /0 { /type "deny" /glob "0.0.0.0" }
        /1 { /type "allow" /glob "192.0.0.0" }

        }

          Umesh_Thakur
          Community Advisor
          Umesh_ThakurCommunity Advisor
          Community Advisor
          May 25, 2023

          Do you have CDN?
          It will be better, safe and easy if you manage these kind of stuff at CDN level.

          Hope this helps

          Umesh Thakur

            rawvarun
            Community Advisor
            rawvarunCommunity AdvisorAccepted solution
            Community Advisor
            May 25, 2023

            Checkout https://experienceleague.adobe.com/docs/experience-manager-cloud-service/content/implementing/using-cloud-manager/ip-allow-lists/introduction.html?lang=en for AEM as Cloud.

            For other AEM versions, checkout https://blogs.perficient.com/2022/02/15/ip-whitelisting-through-aem-dispatcher-in-5-easy-steps/

              A
              arvind-1Author
              Level 5
              May 26, 2023

              Thanks all for your kind reply. It helped.

               

              We followed below link and able to get the same done.

               

              https://experienceleague.adobe.com/docs/experience-cloud-kcs/kbarticles/KA-17455.html?lang=en#

                Terms & ConditionsAccessibility statement

                Loading footer...