Thursday, September 15, 2011

How to allow only certain IP address to connect to author instance

Problem: You want only certain IP address to access your author instance

Use case: You have a dispatcher in front of author instance and you want everyone to access author through dispatcher.

Approach1: You can have your author in a DMZ or behind the firewall and open firewall port for only dispatcher.

modify server.xml under /crx-quickstart/server/etc/ and add following entry

<ip-address><IP address you want to deny></ip-address>

<ip-address><IP you want to allow></ip-address>

See server_3_0.dtd for details of tags.

Approach 3:

You can also use dispatcher.any file to allow specific IP

          /glob "*"
          /type "deny"
          /glob "localhost"
          /type "allow"
           /glob ""
           /type "allow"


  1. how to put many ip address? example deny from all except certain ip address?

    1. I have updated blog with approach 3 where you can leverage dispatcher.any to do this task.


  2. There is no server.xml file under /crx-quickstart/server/etc/ directory in AEM 5.6.1 installation.
    We have the requirement to allow only certain IP addresses to access Author instance and want every one else to go through Author Dispatcher.

    Approach 1 and 3 are not viable options. Approach 2 looks promising, but server.xml file is not available with AEM 5.6.1. Are there any other alternatives available for AEM 5.6.1?