Crxde access cannot be managed by ACL's as it is installed as a bundle and its not a node in repository where you can go and add deny/allow access.

You have two options:

- Completely disable the crxde for all users by stopping the crxde bundle(Check [1])

- Keep it enabled and users will be able to see nodes based on their access. Example, If a user does not have read access on /apps, that user will not see the "/apps" directory in crxde.

[1] https://www.aemquickstart.in/2015/11/how-to-disable-crxde-and-crxde-lite.html

My perspective the direct author IP or host name should not be exposed to content authors

Create a custom domain for authors e.g author-uat.test.com and enable the same in dispatcher with required rules to block the URL's.

Even it will be better to configure the URL with some SSO solutions so that user wont login directly with AEM users.

Regards

Albin I

arunpatidar26​ Thanks! this will help me.

JaideepBrar​ Thanks for the answer.

I would love to choose option one where I can stop the bundle. But for debugging or checking when there is an issue at least I need "Admin" user have access to crx/de which will be very useful and needed.

albinissac​ Thanks for the solution. But I am looking here if there is anyway to achieve this without custom domain. Just disable the crx/de or even if they login they should just see empty(I.e no nodes).

Thanks,
Adithya.