Adobe Experience Manager Sites & More

kolluax · 1/15/25

Hi all,

I have recently setup dispatcher on our dev environment, i added few servlets to our filters file so they are not blocked. Everything works great over port 80 (HTTP), however today i configured SSL and added port 443 to the listener. I see some of the filters that are supposed to allow the requests are blocking them including the servlets, any idea on how the filter file needs to be modified to work with HTTPS ?

Thanks,

Abhishek

Rohan_Garg · 1/17/25

@kolluax -

Can you also check whether the vhost section to ensure the request is routed correctly?
Also can you ensure the cache is disabled as well?

/rules { /0001 { /glob "*" /type "allow" } }

The logs point to the CSRF token endpoint not being handled. Can you also add the below?

/filter { /0001 { /type "allow" /url "/libs/granite/csrf/token.json" } }

For bypassing cache - /rules { /0001 { /glob "/libs/granite/csrf/token.json" /type "deny" } }

Also, please share your SSL proxy configuration once along with the dispatcher logs.

View solution in original post

gkalyan · 1/15/25

Hi @kolluax

Did you check this user guide from Adobe regarding this?

https://experienceleague.adobe.com/en/docs/experience-manager-65/content/security/ssl-by-default

kolluax · 1/15/25

Thanks Kalyan but this article seems more of configuration on AEM than dispatcher. In my case, from Dispatcher access/request logs, i could see they are blocking the requests and returning 404. I haven't checked if these requests are making it to the AEM, i will check AEM logs to confirm this. I was hoping if there is anything to be configured on filters file of dispatcher.

Thanks,

Abhishek

gkalyan · 1/15/25

@kolluax

Here is the user guide for dispatcher

https://experienceleague.adobe.com/en/docs/experience-manager-dispatcher/using/configuring/dispatche...

this one should help your case.

upendarme1 · 1/15/25

hi ,

Can you share dispatcher logs.

Thanks

Rohan_Garg · 1/15/25

Hi @kolluax,

Can you please share the filter rules and the dispatcher logs? (Preferably set the Dispatcher log level to Debug or Trace)

Meanwhile, can you double check the SSL certificate setup?

You can also temporarily relax the filters to confirm the issue is related to specific filter rules.

/0001 { /type "allow" /url ".*" }

Also, you can try adding https Header to the filters. You can add a filter rule to allow requests based on this header.

/filter {

/0001 { /type "allow" /url "/path/to/servlet" /header "X-Forwarded-Proto: https" }

/0002 { /type "deny" /url ".*" }

}

Hope this helps!

Rohan Garg

kolluax · 1/16/25

I have temporarily relaxed my filters but still get 404 in the ssl_access logs. Seems like i am missing some configuration specific to HTTPS. I might have to create a new farm that has AEM listening on port 8443 to allow secure connection between dispatcher and AEM.

Thanks,

Abhishek

upendarme1 · 1/16/25

Hi ,

Can you share dispatcher.log and in that we can able to see what's happening while accessing page.

Thanks

Rohan_Garg · 1/17/25

@kolluax -

Can you also check whether the vhost section to ensure the request is routed correctly?
Also can you ensure the cache is disabled as well?

/rules { /0001 { /glob "*" /type "allow" } }

The logs point to the CSRF token endpoint not being handled. Can you also add the below?

/filter { /0001 { /type "allow" /url "/libs/granite/csrf/token.json" } }

For bypassing cache - /rules { /0001 { /glob "/libs/granite/csrf/token.json" /type "deny" } }

Also, please share your SSL proxy configuration once along with the dispatcher logs.

kolluax · 1/18/25

Hi @Rohan_Garg - Yes, the cache is disabled (attached screen shot). Also, the other rules are in place by default as i verified. The behavior i noticed,

When i access my site over HTTPS, certain pages are loading with all client libs broken.

Servlets return 404 over HTTPS, but work over HTTP port 80

I have configured specific logs for secure requests, SSL_access, SSL_error and SSL_request. Requests over HTTPS that return 404 does not show up in SSL_error, they only show up in SSL_access and SSL_request log.

I have attached by SSL_Conf file for your review.

I believe if dispatcher is running on a secure port, it can only do handshake over a secure port with AEM, so i configured port 8443 also as additonal farm, still no luck.

Thanks,

Abhishek

AmitVishwakarma · 1/19/25

To fix Dispatcher blocking HTTPS requests, modify the dispatcher.any file to ensure filters allow both HTTP and HTTPS traffic. Check that servlets and paths are correctly matched and allowed. Also, ensure the X-Forwarded-Proto header is set correctly for HTTPS requests, especially if using a reverse proxy. After changes, restart the Dispatcher and clear its cache.

kolluax · 1/23/25

Hi @AmitVishwakarma - I have checked that the dispatcher.any file is picking up all the available farms, I have created two separate farms one for secure and the other un-secure as per the article and then included relevant files, including vhosts that allow http://* and https://* . Configured two renderers 4503 and 8443 for publisher. After setting up, i get page cannot be reached and no traces of logs in request or access.

Do you want me to add "X-Forwarded-Proto" as a header ? if so, can i add it into a clientheaders.any file ? I have also attached DEBUG logs.

Thanks,

Abhishek

kautuk_sahni · 1/27/25

@kolluax Did you find the suggestions helpful? Please let us know if you require more information. Otherwise, please mark the answer as correct for posterity. If you've discovered a solution yourself, we would appreciate it if you could share it with the community. Thank you!

Kautuk Sahni

kolluax · 1/27/25

Hi @kautuk_sahni - I am still trying to resolve this, i have tried all the suggestions on this post but still faced with a 404. I am planning to create a separate filter for HTTPS farm today and try. Still could not figure out what is blocking the requests. In Adobe documentation, when defining filters, they say the requests are HTTP, does that mean we need to specifically call out HTTPS ones? I am also working with Adobe support on this one. Will update this post.

Thanks,

Abhishek

kolluax · 1/27/25

Thanks everyone for chiming in with suggestions. I was able to fix this issue.

I had a separate ssl.conf that had configurations to listen on 443 and paths to SSL certs. I did not create a separate .vhost since this conf was included in my dispatcher.any configuration.

I tried moving the listen 443 to my httpd.conf file and then create a separate vhost under available hosts, configured my ssl paths and removed the ssl.conf.

Regards,

Abhishek

Adobe Experience Manager Sites & More

Dispatcher Filter Blocking HTTPS requests

Kautuk Sahni

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe