Expand my Community achievements bar.

Submissions are now open for the 2026 Adobe Experience Maker Awards.
Apply Now
SOLVED

Automted CDN Cache Purge request failing

Avatar

Level 1
Level 1
4/29/25 3:40:10 AM

Hi All,

 

To automate CDN cache purge on publish, we implemented a EventHandler which listens to replication request and initiate HTTP Purge request from Author to Publish to clear out CDN cache for published page. However, this Purge request is failing and we are getting 403 response - 

Complete Error Response =

<!DOCTYPE html>
<html>
<head>
<title>403 Not allowed.</title>
</head>
<body>
<h1>Error 403 Not allowed.</h1>
<p>Not allowed.</p>
<p>Trace-id: 25477b2d-8605-4fdc-b2e4-a7890b18b998</p>
</body>
</html>

 

The same EventHandler works in local AEM instance and gives 200 response for Purge request. Implementation is similar like how it is given in this blog - https://experience-aem.blogspot.com/2023/01/aem-cloud-service-invalidate-dispatcher-purge-fastly-cdn....

 

JDK Version - 8

AEM cloud

We are passing correct Purge key

Note: Currently, Cloud Program network infrastructure is set to dedicated egress IP.

 

Any inputs or steps to resolve this issue will be appreciated. Thank you

Topics

Topics help categorize Community content and increase your ability to discover relevant content.

Experience Manager as a Cloud Service

Views

378

Replies

2
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Community Advisor
Community Advisor
4/29/25 9:24:52 AM

Hi @prananshupa1,

I think, it's working in your local AEM, because, your machine sends the HTTP request directly to the dispatcher/CDN and is not behind Adobe's egress-controlled IP ranges.

In Cloud, Adobe's infrastructure enforces strict egress controls, and CDN vendors like Fastly or Akamai may block requests if:

  • The source IP is not explicitly allowed

  • Required headers (like Fastly-Key, or Host) are missing

  • The CDN is configured to only allow purges from specific endpoints (eg. via Adobe I/O or Fastly/Akamai API)


Can you confirm if the dedicated egress IP assigned to your program is allowed to perform purge requests. Also, you may need to whitelist the IP on the Fastly side.

Also, worth checking, if your request includes all required headers (for Fastly):

- Fastly-Key: YOUR_FASTLY_API_KEY
- Host: your.site.domain

Hope that helps!


Santosh Sai

AEM BlogsLinkedIn


View solution in original post

Views

346

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
2 Replies

Avatar

Correct answer by
Community Advisor
Community Advisor
4/29/25 9:24:52 AM

Hi @prananshupa1,

I think, it's working in your local AEM, because, your machine sends the HTTP request directly to the dispatcher/CDN and is not behind Adobe's egress-controlled IP ranges.

In Cloud, Adobe's infrastructure enforces strict egress controls, and CDN vendors like Fastly or Akamai may block requests if:

  • The source IP is not explicitly allowed

  • Required headers (like Fastly-Key, or Host) are missing

  • The CDN is configured to only allow purges from specific endpoints (eg. via Adobe I/O or Fastly/Akamai API)


Can you confirm if the dedicated egress IP assigned to your program is allowed to perform purge requests. Also, you may need to whitelist the IP on the Fastly side.

Also, worth checking, if your request includes all required headers (for Fastly):

- Fastly-Key: YOUR_FASTLY_API_KEY
- Host: your.site.domain

Hope that helps!


Santosh Sai

AEM BlogsLinkedIn


Views

347

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply

Avatar

Community Advisor
Community Advisor
4/30/25 3:29:32 AM

Hi @prananshupa1 ,

Root Cause:
In AEM as a Cloud Service, Adobe uses dedicated egress IPs with strict outbound rules. Direct HTTP PURGE requests to CDNs like Fastly or Akamai will be blocked unless:
   - The egress IP is whitelisted in the CDN configuration:
   - The request includes all required headers (e.g., Fastly-Key, Host)
   - The CDN is configured to accept purges only via their official APIs (not from random IPs)
Solution
Step 1: Avoid Raw PURGE Requests – Use Fastly or Akamai API Instead
Direct PURGE requests from AEM Cloud will almost always fail. Instead, use the CDN's API for cache invalidation.

Fastly API Endpoint: POST https://api.fastly.com/service/<SERVICE_ID>/purge/<ENCODED_URL>

Required Headers:

Fastly-Key: YOUR_FASTLY_API_KEY
Accept: application/json

Step 2: Sample Java Code (Using Fastly API)

URL url = new URL("https://api.fastly.com/service/<SERVICE_ID>/purge/<ENCODED_URL>");
HttpURLConnection conn = (HttpURLConnection) url.openConnection();
conn.setRequestMethod("POST");
conn.setRequestProperty("Fastly-Key", "<your_api_key>");
conn.setRequestProperty("Accept", "application/json");
conn.setDoOutput(true);

int responseCode = conn.getResponseCode();
if (responseCode == 200) {
    // Successfully purged
} else {
    // Handle error
}

Step 3: Whitelist Adobe's Egress IPs

If your AEM Cloud program uses dedicated egress IPs, make sure those IPs are whitelisted in your CDN (e.g., in Fastly's dashboard under Access Control > IP Whitelisting). If not done, the API call may still be blocked.

Step 4: (Optional but Recommended) Use Adobe I/O Runtime or Adobe App Builder

For even more control and scalability, consider triggering Fastly/Akamai cache invalidation via Adobe I/O Runtime using secure, serverless functions.


Regards,
Amit

Views

304

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Related Conversations
servlet request + javax Filters: how do I redirect users to another page? Solved

Views

44

Likes

0

Replies

1
Bypass cache for logged-in users Solved

Views

75

Likes

0

Replies

2
Impact on Dispatcher cache when 10k pages are deleted Solved

Views

517

Likes

0

Replies

5
AEMaaCS - How to remove default Cache-Control on HTML responses? Solved

Views

542

Likes

0

Replies

4
help understand the effects of an Apache RewriteRule to the request object Solved

Views

136

Likes

0

Replies

2