Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

How to WhiteList IP through AEM Dispatcher ? | AEM Community Blog Seeding

Avatar

Administrator

BlogImage.jpg

How to WhiteList IP through AEM Dispatcher ? by Anuj Gangwar

Abstract

The dispatcher is used as a load balancing/caching tool by AEM. It can also be used to block anyone from accessing your AEM author instance. This is to ensure that no one outside the client’s network can access it. AEM Author and publisher should never be exposed directly. In most cases, clients may also require a block to be put on AEM pub dispatchers before going live. This is to ensure that no one can see the site except for the client so performance, penetration, and UAT testing can be performed before going live.
In this article, we will see, 5 easy steps to enable IP whitelisting in Apache so only the allowed list of IPs have access to AEM through the dispatcher.



1) In Apache to enable whitelisting, the Require directive is used which is provided by the mod_authz_host module. Make sure that you have the module enabled first in

/dispatcher/src/conf.modules.do/00-base.conf

LoadModule authz_host_module modules/mod_authz_host.so



2) In the ams default variable file /dispatcher/src/conf.d.variables/ams_default.vars enable whitelisting either on author or publish by changing the value from 0 to 1. In the example below I want it enabled on the author dispatcher.

# Enable IP whitelisting by setting to 1. Then put your whitelist rules in

Then put your whitelist rules in /etc/httpd/conf.d/whitelists/*_whitelist.rules

Define AUTHOR_WHITELIST_ENABLED 1

Define PUBLISH_WHITELIST_ENABLED 0

Define LIVECYCLE_WHITELIST_ENABLED 0



3) Since src/conf.d/available_vhost/aem_author.vhost file is immutable we will create our own client_aem_author.vhost file by copying the original aem_author.vhost file according to https://helpx.adobe.com/experience-manager/kb/ams-dispatcher-manual/immutable-files.html. This is in case we want to enable disable any additional features. For now no need to make any additional changes to client_aem_author.vhost. The line Include in the line below will load all whitelist rules as long as they end with “_whitelist.rules” and exist under conf.d/whitelists/ path.

Read Full Blog

How to WhiteList IP through AEM Dispatcher ?

Q&A

Please use this thread to ask the related questions.

0 Replies