Your achievements

0% to

Tip / to gain points, level up, and earn exciting badges like the new

Adobe Experience Manager Sites & More

SOLVED

Allow few pages based on IPs

Hi Team,

We are trying to allow/restrict few page access based on IP adress. Requirement is if user is connected with VPN, can access resource /content/mysite/us/en/private/*, if not connected, it should give 403 to all.

What we tried as below but its not working. Although IP address is correct in our real filter.

/filter {

........................

......................
   /0110 {
       /type "deny"
       /path "/content/mysite/us/en/private/*"
       /ips {
           "0.0.0.0/0"
       }
   }
   /0111 {
       /type "allow"
       /glob "/content/mysite/us/en/private/*"
       /ips {
           "192.0.0.0/8"

       }
   }

}

740

7

1 Accepted Solution

Correct answer by

Checkout https://experienceleague.adobe.com/docs/experience-manager-cloud-service/content/implementing/using-... for AEM as Cloud.

For other AEM versions, checkout https://blogs.perficient.com/2022/02/15/ip-whitelisting-through-aem-dispatcher-in-5-easy-steps/

View solution in original post

661

1

Jump to reply

7 Replies

@arvind If you know the audience and can create a group for them then you can use the Closed User Groups(CUG) on the published site.

https://experienceleague.adobe.com/docs/experience-manager-65/administering/security/cug.html?lang=e...

Sorry thats not what you asked for, but i am throwing the idea since the IP changes needs to be maintained in dispatcher level.

736

1

Thanks @Saravanan_Dharmaraj .

Unfortunately CUG/audience is not known. we need to deny/allow based on IP only.

Making change at Dispatcher level is in our scope so Its not an issue

730

0

Can you configure two virtual host at the dispatcher level?

one for your intranet
one for your internet

Deny rule for the internet and an allow rule for the intranet.

Aanchal Sikka

727

0

Hi @arvind , Have you tried using 'allowedClients'.

/allowedClients {
/0 { /type "deny" /glob "0.0.0.0" }
/1 { /type "allow" /glob "192.0.0.0" }

}

717

0

Do you have CDN?
It will be better, safe and easy if you manage these kind of stuff at CDN level.

Hope this helps

Umesh Thakur

700

0

Correct answer by

Checkout https://experienceleague.adobe.com/docs/experience-manager-cloud-service/content/implementing/using-... for AEM as Cloud.

For other AEM versions, checkout https://blogs.perficient.com/2022/02/15/ip-whitelisting-through-aem-dispatcher-in-5-easy-steps/

662

1

Jump to reply

Thanks all for your kind reply. It helped.

We followed below link and able to get the same done.

https://experienceleague.adobe.com/docs/experience-cloud-kcs/kbarticles/KA-17455.html?lang=en#

650

0