Use case: You have a dispatcher in front of author instance and you want everyone to access author through dispatcher.
Solution:
Approach1: You can have your author in a DMZ or behind the firewall and open firewall port for only dispatcher.
Approach2: (Only available CQ 5.4 or lower)
modify server.xml under /crx-quickstart/server/etc/ and add following entry
<listener>
<access-constraint>
<deny>
<ip-address><IP address you want to deny></ip-address>
</deny>
<allow>
<ip-address><IP you want to allow></ip-address>
</allow>
</access-constraint>
......
</listener>
See server_3_0.dtd for details of tags.
Approach 3:
You can also use dispatcher.any file to allow specific IP
/allowedClients
{
/0000
{
/glob "*"
/type "deny"
}
/0001
{
/glob "localhost"
/type "allow"
}
/0002
{
/glob "127.0.0.1"
/type "allow"
}
}
Approach 4:
Use Mod security apache module to restrict IP address. More detail about module can be found here
About Mod security Module: https://www.modsecurity.org/
Set up Mod security module in Apache: https://linode.com/docs/web-servers/apache-tips-and-tricks/configure-modsecurity-on-apache/
Restrict IP address using Mod security: https://www.codeproject.com/Articles/574935/BlockplusIPplususingplusModSecurity
No comments:
Post a Comment
If you have any doubts or questions, please let us know.