Unable to Run Dispatcher Flush Invalidate.cache

Avatar

Avatar

Mayukh007

Avatar

Mayukh007

Mayukh007

31-03-2021

HI,

I am trying to run a jenkins job to flush dispatcher cache and getting below error.

<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /dispatcher/invalidate.cache
on this server.</p>
<p>Additionally, a 403 Forbidden
error was encountered while trying to use an ErrorDocument to handle the request.</p>
</body></html>

Command I ran:

curl -H "CQ-Action: Delete" -H "CQ-Handle: /content/" -H "CQ-Path: /content/" -H "Content-Length: 0" -H "Content-Type: application/octet-stream" -H "Host:My_env_host_name" http://IP_OF_Dispatcher/dispatcher/invalidate.cache

 

When I login to that dispatcher machine as root user and try to execute that command (or using localhost), I get same error. I know the curl command is good as it works for other AEM Dispatchers.

 

Anybody have any suggestion what can be issue here..?

Accepted Solutions (1)

Accepted Solutions (1)

Avatar

Avatar

BrianKasingli

MVP

Avatar

BrianKasingli

MVP

BrianKasingli
MVP

01-04-2021

@Mayukh007 have a look at this easy to follow the guide, https://sourcedcode.com/blog/aem/how-to-setup-the-aem-dispatcher-flush-agent

- How is the /dispatcher/invalidate.cache generated

- How do we securely allow only specific IP addresses to make a flush cache request?

- How to configure a basic dispatcher flush agent on the AEM publish?

 

As a quick test, please try:

 

# The allowedClients section restricts the client IP addresses that are
# allowed to issue activation requests.
/allowedClients
{
# deny all clients
/0000 { /glob "*" /type "allow" }
}

 

 

Answers (3)

Answers (3)

Avatar

Avatar

jbrar

Employee

Avatar

jbrar

Employee

jbrar
Employee

01-04-2021

The forbidden(403) error means the Publish IP is not allowed to make flush requests to the dispatcher. Basically, the dispatcher checks all the allowedclients and if publish IP is not there, It does not allow any requests from that IP to be run on the dispatcher.

 

Although it seems like a user permissions issue but Its related to allowedlist of IP's

Avatar

Avatar

asutosh_j3

Avatar

asutosh_j3

asutosh_j3

31-03-2021

Hi @Mayukh007 

 

You will need to allow the Jenkins IP from your dispatcher allowedClients section in .any file where you have allowed the publish IP already.

 

/allowedClients{
/0000 {
/glob "*.*.*.*"
/type "deny"
}
/0001 {
/glob "10.000.12.00" /* AEM PUBLISH IP */
/type "allow"
}
/0002 {
/glob "10.000.12.98" /* Jenkins IP */
/type "allow"
}
}   

 Thanks!

Avatar

Avatar

rush_pawan

Avatar

rush_pawan

rush_pawan

31-03-2021