Expand my Community achievements bar.

IP Whitelisting through AEM Dispatcher in 5 easy steps | AEM Community Blog Seeding

Avatar

Administrator
Administrator
3/8/22 10:37:55 PM

BlogImage.jpg

IP Whitelisting through AEM Dispatcher in 5 easy steps by Huzaifah Abdullah

Abstract

The dispatcher is used as a load balancing/caching tool by AEM. It can also be used to block anyone from accessing your AEM author instance. This is to ensure that no one outside the client’s network can access it. AEM Author and publisher should never be exposed directly. In most cases, clients may also require a block to be put on AEM pub dispatchers before going live. This is to ensure that no one can see the site except for the client so performance, penetration, and UAT testing can be performed before going live.

In this blog, I’m going to walk you through 5 easy steps to enable IP whitelisting in Apache so only the allowed list of IPs have access to AEM through the dispatcher.

1) In Apache to enable whitelisting, the Require directive is used which is provided by the mod_authz_host module. Make sure that you have the module enabled first in /dispatcher/src/conf.modules.do/00-base.conf

LoadModule authz_host_module modules/mod_authz_host.so

2) In the ams default variable file /dispatcher/src/conf.d.variables/ams_default.vars enable whitelisting either on author or publish by changing the value from 0 to 1. In the example below I want it enabled on the author dispatcher.

# Enable IP whitelisting by setting to 1. Then put your whitelist rules in /etc/httpd/conf.d/whitelists/*_whitelist.rules
Define AUTHOR_WHITELIST_ENABLED 1
Define PUBLISH_WHITELIST_ENABLED 0
Define LIVECYCLE_WHITELIST_ENABLED 0


3) Since src/conf.d/available_vhost/aem_author.vhost file is immutable we will create our own client_aem_author.vhost file by copying the original aem_author.vhost file according to https://helpx.adobe.com/experience-manager/kb/ams-dispatcher-manual/immutable-files.html. This is in case we want to enable disable any additional features. For now no need to make any additional changes to client_aem_author.vhost. The line Include in the line below will load all whitelist rules as long as they end with “_whitelist.rules” and exist under conf.d/whitelists/ path.

<If "${AUTHOR_WHITELIST_ENABLED} == 1">
Include conf.d/whitelists/*_whitelist.rules

Read Full Blog

IP Whitelisting through AEM Dispatcher in 5 easy steps

Q&A

Please use this thread to ask the related questions.



Kautuk Sahni

Views

793

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
0 Replies