Rules of AEM

LOGGING OF THE X-FORWARDED-FOR HEADER FOR BETTER SECURITY & ATTACK MITIGATION In enterprise Adobe Experience Manager (AEM) environments, security and visibility are crucial, especially when responding to suspicious or malicious traffic patterns such as DoS or DDoS attacks. One common challenge DevOps teams face during such incidents is tracing the actual end-user IP address — especially when traffic is routed through load balancers, proxies, or CDNs. This is where the X-Forwarded-For (XFF) HTTP header becomes vital. In this blog, we’ll explore how to properly log the X-Forwarded-For header in AEM Dispatcher (both Apache and IIS) and configure debugging for better traceability. Why X-Forwarded-For Matters   The X-Forwarded-For header is widely used to preserve the original client IP address when requests pass through a proxy or load balancer. Without logging this header, access logs might only show internal IPs of the proxy, which is not helpful when analyzing or block...

Prevent Denial of Service (DoS) Attacks : AEM  A denial of service (DoS) attack is an attempt to make a computer resource unavailable to its intended users. You can get more information on DDoS prevention in Apache At the dispatcher level, there are two methods of configuring to prevent DoS attacks: Use the mod_rewrite module (for example,  Apache 2.4 ) to perform URL validations (if the URL pattern rules are not too complex). Prevent the dispatcher from caching URLs with spurious extensions by using  filters .  For example, change the caching rules to limit caching to the expected mime types, such as .html .jpeg .gif .swf .js .doc .pdf .ppt .... as per your project requirement. An example configuration file is given below,  for  this includes restrictions for mime types.      When configuring Dispatcher you should restrict external access as much as possible. The      following example provides example for the minimal access ...

Added Security in AEM via Headers:-  In design a robust architecture AEM Architects, Developers, Infrastructure Engineers regularly come across a challenge for adding the additional security in AEM.  In this article, we will understand the key security headers which can be used in webserver and give an additional layer of security for your Publish server and content.  I have used Apache webserver for all the examples.  This article covers -  1 - X-XSS protection  2 - HTTP Strick Transport Security 3 - X-Frame Option  4 - Content Security  1- X-XSS Protection:-  X-XSS-Protection header can prevent some level of XSS (cross-site-scripting ) attacks.  Configure the x-xss-protection header to 1 in your apache httpd.conf file or Vhost file if you have for all domains as applicable.   <IfModule mod_headers.c>   <FilesMatch "\.(htm|html)$">               ...