Expand my Community achievements bar.

SOLVED

Allow few pages based on IPs

Avatar

Level 6

Hi Team,

 

We are trying to allow/restrict few page access based on IP adress. Requirement is if user is connected with VPN, can access resource /content/mysite/us/en/private/*, if not connected, it should give 403 to all.

 

What we tried as below but its not working. Although IP address is correct in our real filter.

 

/filter {

........................

......................
   /0110 {
       /type "deny"
       /path "/content/mysite/us/en/private/*"
       /ips {
           "0.0.0.0/0"
       }
   }
   /0111 {
       /type "allow"
       /glob "/content/mysite/us/en/private/*"
       /ips {
           "192.0.0.0/8"
          
       }
   }
  
}

1 Accepted Solution

Avatar

Correct answer by
Community Advisor
7 Replies

Avatar

Community Advisor

@arvind If you know the audience and can create a group for them then you can use the Closed User Groups(CUG) on the published site.

https://experienceleague.adobe.com/docs/experience-manager-65/administering/security/cug.html?lang=e... 

Sorry thats not what you asked for, but i am throwing the idea since the IP changes needs to be maintained in dispatcher level.

Avatar

Level 6

Thanks @Saravanan_Dharmaraj . 

 

Unfortunately CUG/audience is not known. we need to deny/allow based on IP only.

 

Making change at Dispatcher level is in our scope so Its not an issue

Avatar

Community Advisor

Hello @arvind 

 

Can you configure two virtual host at the dispatcher level?

  • one for your intranet
  • one for your internet

 Deny rule for the internet and an allow rule for the intranet.


Aanchal Sikka

Avatar

Level 2

Hi @arvind , Have you tried using 'allowedClients'.

/allowedClients {
/0 { /type "deny" /glob "0.0.0.0" }
/1 { /type "allow" /glob "192.0.0.0" }

}

Avatar

Community Advisor

Do you have CDN?
It will be better, safe and easy if you manage these kind of stuff at CDN level.

Hope this helps

Umesh Thakur

Avatar

Correct answer by
Community Advisor