Adobe Experience Manager Sites & More

ramgopalm545617 · 4/13/18

Hi,

Is there a way to stop AEM instance directly using AEM server IP and the port on which the instance is started?

is there an AEM configuration which could help us stop user's access AEm directly on the server port?

Regards,

Ramgopal.

Kunwar · 4/24/18

yes I see it’s single valued so you need to restrict that on the network layer to complete this task

In AWS hosted environment, you should be able to create policies to restrict this easily

View solution in original post

smacdonald2008 · 4/13/18

Strange request - an Admin should be in charge of who can and cannot access AEM.

ramgopalm545617 · 4/13/18

Hi Donald,

It's not access to login into AEM.

For example if my hostname is asdfg01 and my server is started on port 4502, in general we can access the server by accessing asdfg01:4502.

We are trying to restrict people who know the server name/IP and the port, so is there a way at all to achieve this?

If so how can we achieve it?

smacdonald2008 · 4/13/18

This is not really an AEM issue but a network/server issue. You can setup your network to block people from accessing the server that is hosting AEM.

ramgopalm545617 · 4/13/18

Hi Donald,

Have you heard of this requirement before and do you know if anyone has ever implemented this scenario?

We want to be more precise about this implementation because we fear that it might block any services in future.

Regards,

Ramgopal

smacdonald2008 · 4/13/18

AEM does not have a configuration settings that acts as a network whitelist/blacklist.

Kunwar · 4/13/18

You can set the Jetty config in Felix console which allows to accept connections from specific IP addresses only.

By default it is set to 0.0.0.0 which means accept all and you can adjust the list per your need. I think it is a multivalued property

Hope this helps.

ramgopalm545617 · 4/14/18

Hi Kunwar,

Thanks for your reply, in my previous project we had issues with monitoring tools accessing the server, so we had to revert to 0.0.0.0.

If we whitelist the monitoring server IP, will it fix the issue?

Regards,

Ramgopal.

Kunwar · 4/14/18

Yes should be fine given we whitelist the ip of monitoring tools in this config

ramgopalm545617 · 4/16/18

Hi Kunwar,

I wanted to test the configurations suggested by you, I have updated it to an IP address which is not my system IP and once i changed the Ip address in the jetty configurations, the server went unavailable.

we use VM ware and i'm not sure how to find the IP address in the entire company to revert the change, is there a way we can revert this configuration with out logging into AEM. (something from crx-quick start)

Regards,

Ramgopal.

ramgopalm545617 · 4/16/18

Hi Kunwar,

Jetty is not a multi field config, even if we whitelist the IP, we are still not able to access the server.

We had to revert it through launchpad configurations back to the hostname and then only we are able to retrieve the server.

please let us know if there is any other possibility.

Regards,

Ramgopal.

Kunwar · 4/24/18

yes I see it’s single valued so you need to restrict that on the network layer to complete this task

In AWS hosted environment, you should be able to create policies to restrict this easily

Adobe Experience Manager Sites & More

How to stop user access to AEM instance directly?

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe