Adobe Experience Manager Sites & More

Thomas-MCH · 6/29/17

Our AEM author instance is running behind a Apache webserver. The Apache webserver uses the dispatcher and the ssl module. If we send a POST request with the Host-Header "cms.domain.com:443/path/file.html" to the AEM author instance, the Apache returns a 403 Error. If we use the Host-Header "cms.domain.com/path/file.html" (widthout port) it works. We ar not able to change the configuration in the sending application, so the Apache must process the Host-Header with the port inside.

How should we configure the dispatcher.any?

Do we have to configure every domain/subdomain with and withour port (e.g. cms.domain.com:443 and cms.domain.com)? Or ist there an other, better solutiion?

We are using Apache 2.4 and the dispatcher module 4.2.2 together wirth AEM 6.2.

Thank you for aour assistance.

Regards

Thomas

Jörg_Hoh · 6/29/17

Hi,

According to RFC 7231 the port information is allowed in the host headers, but it is not supposed to contain a path. Can you do a test and check what happens if you just send "cms.domain.com:443" as hostname?

To identify if the issue is on dispatcher side at all, you can set the loglevel to DEBUG for testing purpose. Please post then the logfile of a succesfull request and a failed request here.

regards,

Jörg

View solution in original post

Jörg_Hoh · 6/29/17

Hi,

According to RFC 7231 the port information is allowed in the host headers, but it is not supposed to contain a path. Can you do a test and check what happens if you just send "cms.domain.com:443" as hostname?

To identify if the issue is on dispatcher side at all, you can set the loglevel to DEBUG for testing purpose. Please post then the logfile of a succesfull request and a failed request here.

regards,

Jörg

Thomas-MCH · 6/30/17

Hi Jörg

Thank you for your answer. We set the leglevel of the dispatcher to DEBUG. The we see that the reqests with the additional port behind the URL (in the Host-Header) goes to the last configured website in the dispatcher.any. So in our case these POST requests to the author instance would be served to the publish instance thrugh the dispatcher.

Now we made the following changes in the dispatcher.any:

/virtualhosts

{

"subdomain.domain.com"

"subdomain.domain.com:443"

}

We hope that this is the right way to configure the dispatcher for HTTPS/SSL?

Best regards

Thomas

Jörg_Hoh · 6/30/17

Hi,

yepp, that could work.

Thomas-MCH · 7/4/17

HI Jörg

On our development system we have both instances (author and publish) on the same server. And at the beginning of our tests we didn't see any requests on the author instance. After we activated the dispatcher log (DEBUG) we see that the dispatcher sends the requests to the last farm in the configuration. This is vice versa to an apache configuration.

Can you confirm that the dispatcher is using the last configured farm as default?

Jörg_Hoh · 7/5/17

The dispatcher matches the hostnames given in the HTTP "Host" header to the entries listed in the "/virtualhosts" section of the dispatcher farm.

If the host name does not match any of these entries (of all configured farms), the last farm will be taken as default.

Jörg

Adobe Experience Manager Sites & More

Dispatcher returns 403 Error with port in Host-Header

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe