The dispatcher is used as a load balancing/caching tool by AEM. It can also be used to block anyone from accessing your AEM author instance. This is to ensure that no one outside the client’s network can access it. AEM Author and publisher should never be exposed directly. In most cases, clients may also require a block to be put on AEM pub dispatchers before going live. This is to ensure that no one can see the site except for the client so performance, penetration, and UAT testing can be performed before going live.
In this article, we will see, 5 easy steps to enable IP whitelisting in Apache so only the allowed list of IPs have access to AEM through the dispatcher.
1) In Apache to enable whitelisting, the Require directive is used which is provided by the mod_authz_host module. Make sure that you have the module enabled first in
LoadModule authz_host_module modules/mod_authz_host.so
2) In the ams default variable file /dispatcher/src/conf.d.variables/ams_default.vars enable whitelisting either on author or publish by changing the value from 0 to 1. In the example below I want it enabled on the author dispatcher.
# Enable IP whitelisting by setting to 1. Then put your whitelist rules in
Then put your whitelist rules in /etc/httpd/conf.d/whitelists/*_whitelist.rules
Define AUTHOR_WHITELIST_ENABLED 1
Define PUBLISH_WHITELIST_ENABLED 0
Define LIVECYCLE_WHITELIST_ENABLED 0
3) Since src/conf.d/available_vhost/aem_author.vhost file is immutable we will create our own client_aem_author.vhost file by copying the original aem_author.vhost file according to https://helpx.adobe.com/experience-manager/kb/ams-dispatcher-manual/immutable-files.html. This is in case we want to enable disable any additional features. For now no need to make any additional changes to client_aem_author.vhost. The line Include in the line below will load all whitelist rules as long as they end with “_whitelist.rules” and exist under conf.d/whitelists/ path.