April 1, 2020
Estimated Post Reading Time ~

How to allow only certain IP address to connect to author instance

Problem: You want only certain IP address to access your author instance
Use case: You have a dispatcher in front of author instance and you want everyone to access author through dispatcher.

Solution:
Approach1: You can have your author in a DMZ or behind the firewall and open firewall port for only dispatcher.

Approach2: (Only available CQ 5.4 or lower)
modify server.xml under /crx-quickstart/server/etc/ and add following entry

<listener>
<access-constraint>
<deny>
<ip-address><IP address you want to deny></ip-address>
</deny>

<allow>
<ip-address><IP you want to allow></ip-address>
</allow>
</access-constraint>
......
</listener>

See server_3_0.dtd for details of tags.

Approach 3:
You can also use dispatcher.any file to allow specific IP

/allowedClients
{
/0000
{
/glob "*"
/type "deny"
}
/0001
{
/glob "localhost"
/type "allow"
}
/0002
{
/glob "127.0.0.1"
/type "allow"
}
}

Approach 4:
Use Mod security apache module to restrict IP address. More detail about module can be found here

About Mod security Module: https://www.modsecurity.org/

Set up Mod security module in Apache: https://linode.com/docs/web-servers/apache-tips-and-tricks/configure-modsecurity-on-apache/

Restrict IP address using Mod security: https://www.codeproject.com/Articles/574935/BlockplusIPplususingplusModSecurity


By aem4beginner

No comments:

Post a Comment

If you have any doubts or questions, please let us know.