Expand my Community achievements bar.

SOLVED

How to stop user access to AEM instance directly?

Avatar

Level 4

Hi,

Is there a way to stop AEM instance directly using AEM server IP and the port on which the instance is started?

is there an AEM configuration which could help us stop user's access AEm directly on the server port?

Regards,

Ramgopal.

1 Accepted Solution

Avatar

Correct answer by
Employee

yes I see it’s single valued so you need to restrict that on the network layer to complete this task

In AWS hosted environment, you should be able to create policies to restrict this easily

View solution in original post

11 Replies

Avatar

Level 10

Strange request - an Admin should be in charge of who can and cannot access AEM.

Avatar

Level 4

Hi Donald,

It's not access to login into AEM.

For example if my hostname is asdfg01 and my server is started on port 4502, in general we can access the server by accessing asdfg01:4502.

We are trying to restrict people who know the server name/IP and the port, so is there a way at all to achieve this?

If so how can we achieve it?

Avatar

Level 10

This is not really an AEM issue but a network/server issue. You can setup your network to block people from accessing the server that is hosting AEM.

Avatar

Level 4

Hi Donald,

Have you heard of this requirement before and do you know if anyone has ever implemented this scenario?

We want to be more precise about this implementation because we fear that it might block any services in future.

Regards,

Ramgopal

Avatar

Level 10

AEM does not have a configuration settings that acts as a network whitelist/blacklist.

Avatar

Employee

You can set the Jetty config in Felix console which allows to accept connections from specific IP addresses only.

By default it is set to 0.0.0.0 which means accept all  and you can adjust the list per your need. I think it is a multivalued property

Hope this helps.

Avatar

Level 4

Hi Kunwar,

Thanks for your reply, in my previous project we had issues with monitoring tools accessing the server, so we had to revert to 0.0.0.0.

If we whitelist the monitoring server IP, will it fix the issue?

Regards,

Ramgopal.

Avatar

Employee

Yes should be fine given we whitelist the ip of monitoring tools in this config

Avatar

Level 4

Hi Kunwar,

I wanted to test the configurations suggested by you, I have updated it to an IP address which is not my system IP and once i changed the Ip address in the jetty configurations, the server went unavailable.

we use VM ware and i'm not sure how to find the IP address in the entire company to revert the change, is there a way we can revert this configuration with out logging into AEM. (something from crx-quick start)

Regards,

Ramgopal.

Avatar

Level 4

Hi Kunwar,

Jetty is not a multi field config, even if we whitelist the IP, we are still not able to access the server.

We had to revert it through launchpad configurations back to the hostname and then only we are able to retrieve the server.

please let us know if there is any other possibility.

Regards,

Ramgopal.

Avatar

Correct answer by
Employee

yes I see it’s single valued so you need to restrict that on the network layer to complete this task

In AWS hosted environment, you should be able to create policies to restrict this easily