Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
BedrockMission!

Learn More

View all

Sign in to view all badges

Unable to Run Dispatcher Flush Invalidate.cache

Avatar

Avatar
Contributor
Level 3
Mayukh007
Level 3

Likes

15 likes

Total Posts

88 posts

Correct Reply

2 solutions
Top badges earned
Contributor
Validate 1
Shape 1
Ignite 1
Give Back 5
View profile

Avatar
Contributor
Level 3
Mayukh007
Level 3

Likes

15 likes

Total Posts

88 posts

Correct Reply

2 solutions
Top badges earned
Contributor
Validate 1
Shape 1
Ignite 1
Give Back 5
View profile
Mayukh007
Level 3

31-03-2021

HI,

I am trying to run a jenkins job to flush dispatcher cache and getting below error.

<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /dispatcher/invalidate.cache
on this server.</p>
<p>Additionally, a 403 Forbidden
error was encountered while trying to use an ErrorDocument to handle the request.</p>
</body></html>

Command I ran:

curl -H "CQ-Action: Delete" -H "CQ-Handle: /content/" -H "CQ-Path: /content/" -H "Content-Length: 0" -H "Content-Type: application/octet-stream" -H "Host:My_env_host_name" http://IP_OF_Dispatcher/dispatcher/invalidate.cache

 

When I login to that dispatcher machine as root user and try to execute that command (or using localhost), I get same error. I know the curl command is good as it works for other AEM Dispatchers.

 

Anybody have any suggestion what can be issue here..?

Accepted Solutions (1)

Accepted Solutions (1)

Avatar

Avatar
Establish
MVP
BrianKasingli
MVP

Likes

612 likes

Total Posts

590 posts

Correct Reply

230 solutions
Top badges earned
Establish
Ignite 1
Give Back 5
Give Back 3
Give Back 10
View profile

Avatar
Establish
MVP
BrianKasingli
MVP

Likes

612 likes

Total Posts

590 posts

Correct Reply

230 solutions
Top badges earned
Establish
Ignite 1
Give Back 5
Give Back 3
Give Back 10
View profile
BrianKasingli
MVP

01-04-2021

@Mayukh007 have a look at this easy to follow the guide, https://sourcedcode.com/blog/aem/how-to-setup-the-aem-dispatcher-flush-agent

- How is the /dispatcher/invalidate.cache generated

- How do we securely allow only specific IP addresses to make a flush cache request?

- How to configure a basic dispatcher flush agent on the AEM publish?

 

As a quick test, please try:

 

# The allowedClients section restricts the client IP addresses that are
# allowed to issue activation requests.
/allowedClients
{
# deny all clients
/0000 { /glob "*" /type "allow" }
}

 

 

Answers (3)

Answers (3)

Avatar

Avatar
Coach
Employee
jbrar
Employee

Likes

387 likes

Total Posts

869 posts

Correct Reply

283 solutions
Top badges earned
Coach
Establish
Give Back 50
Give Back 5
Give Back 3
View profile

Avatar
Coach
Employee
jbrar
Employee

Likes

387 likes

Total Posts

869 posts

Correct Reply

283 solutions
Top badges earned
Coach
Establish
Give Back 50
Give Back 5
Give Back 3
View profile
jbrar
Employee

01-04-2021

The forbidden(403) error means the Publish IP is not allowed to make flush requests to the dispatcher. Basically, the dispatcher checks all the allowedclients and if publish IP is not there, It does not allow any requests from that IP to be run on the dispatcher.

 

Although it seems like a user permissions issue but Its related to allowedlist of IP's

Avatar

Avatar
Give Back 100
Level 10
asutosh_jena
Level 10

Likes

551 likes

Total Posts

668 posts

Correct Reply

191 solutions
Top badges earned
Give Back 100
Boost 500
Affirm 100
Ignite 1
Establish
View profile

Avatar
Give Back 100
Level 10
asutosh_jena
Level 10

Likes

551 likes

Total Posts

668 posts

Correct Reply

191 solutions
Top badges earned
Give Back 100
Boost 500
Affirm 100
Ignite 1
Establish
View profile
asutosh_jena
Level 10

31-03-2021

Hi @Mayukh007 

 

You will need to allow the Jenkins IP from your dispatcher allowedClients section in .any file where you have allowed the publish IP already.

 

/allowedClients{
/0000 {
/glob "*.*.*.*"
/type "deny"
}
/0001 {
/glob "10.000.12.00" /* AEM PUBLISH IP */
/type "allow"
}
/0002 {
/glob "10.000.12.98" /* Jenkins IP */
/type "allow"
}
}   

 Thanks!

Avatar

Avatar
Boost 100
Level 7
rush_pawan
Level 7

Likes

120 likes

Total Posts

192 posts

Correct Reply

77 solutions
Top badges earned
Boost 100
Validate 1
Ignite 1
Give Back 5
Give Back 3
View profile

Avatar
Boost 100
Level 7
rush_pawan
Level 7

Likes

120 likes

Total Posts

192 posts

Correct Reply

77 solutions
Top badges earned
Boost 100
Validate 1
Ignite 1
Give Back 5
Give Back 3
View profile
rush_pawan
Level 7

31-03-2021