Expand my Community achievements bar.

Don’t miss the AEM Skill Exchange in SF on Nov 14—hear from industry leaders, learn best practices, and enhance your AEM strategy with practical tips.
Read More & Register today!
SOLVED

Dispatcher returns 403 Error with port in Host-Header

Avatar

Level 1
Level 1
6/29/17 6:57:51 AM

Our AEM author instance is running behind a Apache webserver. The Apache webserver uses the dispatcher and the ssl module. If we send a POST request with the Host-Header "cms.domain.com:443/path/file.html" to the AEM author instance, the Apache returns a 403 Error. If we use the Host-Header "cms.domain.com/path/file.html" (widthout port) it works. We ar not able to change the configuration in the sending application, so the Apache must process the Host-Header with the port inside.

How should we configure the dispatcher.any?

Do we have to configure every domain/subdomain with and withour port (e.g. cms.domain.com:443 and cms.domain.com)? Or ist there an other, better solutiion?

We are using Apache 2.4 and the dispatcher module 4.2.2 together wirth AEM 6.2.

Thank you for aour assistance.

Regards

Thomas

Views

1.4K

Replies

5
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Employee Advisor
Employee Advisor
6/29/17 1:30:47 PM

Hi,

According to RFC 7231 the port information is allowed in the host headers, but it is not supposed to contain a path. Can you do a test and check what happens if you just send "cms.domain.com:443" as hostname?

To identify if the issue is on dispatcher side at all, you can set the loglevel to DEBUG for testing purpose. Please post then the logfile of a succesfull request and a failed request here.

regards,

Jörg

View solution in original post

Views

995

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
5 Replies

Avatar

Correct answer by
Employee Advisor
Employee Advisor
6/29/17 1:30:47 PM

Hi,

According to RFC 7231 the port information is allowed in the host headers, but it is not supposed to contain a path. Can you do a test and check what happens if you just send "cms.domain.com:443" as hostname?

To identify if the issue is on dispatcher side at all, you can set the loglevel to DEBUG for testing purpose. Please post then the logfile of a succesfull request and a failed request here.

regards,

Jörg

Views

996

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply

Avatar

Level 1
Level 1
6/30/17 5:09:30 AM

Hi Jörg

Thank you for your answer. We set the leglevel of the dispatcher to DEBUG. The we see that the reqests with the additional port behind the URL (in the Host-Header) goes to the last configured website in the dispatcher.any. So in our case these POST requests to the author instance would be served to the publish instance thrugh the dispatcher.

Now we made the following changes in the dispatcher.any:

/virtualhosts

  {

  "subdomain.domain.com"

  "subdomain.domain.com:443"

  }

We hope that this is the right way to configure the dispatcher for HTTPS/SSL?

Best regards

Thomas

Views

995

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Employee Advisor
Employee Advisor
6/30/17 7:13:25 AM

Hi,

yepp, that could work.

Views

996

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 1
Level 1
7/4/17 2:12:22 AM

HI Jörg

On our development system we have both instances (author and publish) on the same server. And at the beginning of our tests we didn't see any requests on the author instance. After we activated the dispatcher log (DEBUG) we see that the dispatcher sends the requests to the last farm in the configuration. This is vice versa to an apache configuration.

Can you confirm that the dispatcher is using the last configured farm as default?

Views

994

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Employee Advisor
Employee Advisor
7/5/17 10:37:55 AM

The dispatcher matches the hostnames given in the HTTP "Host" header to the entries listed in the "/virtualhosts" section of the dispatcher farm.

If the host name does not match any of these entries (of all configured farms), the last farm will be taken as default.

Jörg

Views

997

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Related Conversations
I am getting errors while building the code taken from wknd git clone

Views

13

Likes

0

Replies

0
Custom index in AEMaaCS environment appeared like it might be causing problem with OOTB query, but updating the index didn't fix it

Views

43

Likes

0

Replies

0
Could not create a technical account and got a 403 error

Views

111

Likes

0

Replies

4
Could not log in with my Adobe account after de-hibernating

Views

64

Likes

0

Replies

3
how to implement nonce for Content-Security-Policy script-src directive in dispatcher

Views

76

Likes

0

Replies

1