Rules of AEM

Prevent DDoS in Apache & IP Block Automation DDoS (Distributed Denial of Service) attacks are a type of cyberattack that can cause serious damage to your web server. These attacks involve flooding your server with a huge volume of traffic, overwhelming its resources and causing it to crash. In this blog post, we'll discuss how to prevent DDoS attacks in Apache, without using any third part tool/application.     Available Options to Prevent DDoS : You can use various mentioned methods to achieve the same. But using WAF, CDN, etc will cost extra dollars. Which might not be necessary for a small scale application.   Use a Web Application Firewall (WAF): A WAF can help detect and block malicious traffic before it reaches your Apache server. It can also help block common attack vectors, such as SQL injection and cross-site scripting (XSS). Install mod_evasive: mod_evasive is an Apache module that helps detect and block DDoS attac...

How to protect AEM against CSRF Attack ? Adobe Experience Manager (AEM) is a popular content management system that is widely used to develop and manage websites, mobile apps, and other digital experiences. However, like any other web application, AEM is vulnerable to cross-site request forgery (CSRF) attacks. CSRF attacks are malicious attacks where an attacker tricks a user into performing an action they did not intend to perform by exploiting the user's active session on a website. In this blog, we will discuss some measures that can be taken to protect AEM from CSRF attacks.   Implement CSRF protection in AEM:   The first and most important step to protect AEM from CSRF attacks is to implement CSRF protection in the application. AEM provides a built-in CSRF protection mechanism that can be enabled by setting the "sling.filter.methods" property in the OSGi configuration.  Navigate to the OSGi Web Console (/system/console/configMgr). Search for Apache Sling Refe...

Prevent Denial of Service (DoS) Attacks : AEM  A denial of service (DoS) attack is an attempt to make a computer resource unavailable to its intended users. You can get more information on DDoS prevention in Apache At the dispatcher level, there are two methods of configuring to prevent DoS attacks: Use the mod_rewrite module (for example,  Apache 2.4 ) to perform URL validations (if the URL pattern rules are not too complex). Prevent the dispatcher from caching URLs with spurious extensions by using  filters .  For example, change the caching rules to limit caching to the expected mime types, such as .html .jpeg .gif .swf .js .doc .pdf .ppt .... as per your project requirement. An example configuration file is given below,  for  this includes restrictions for mime types.      When configuring Dispatcher you should restrict external access as much as possible. The      following example provides example for the minimal access ...

How to Delete Dispatcher cache without logging into the Dispatcher servers? Our Authoring team faces day to day challenges while deleting/flush the dispatcher cache. when the changes are not visible on server. They have to be depended on the IT operations/Dev ops teams to do the same. Which some time get very much time consuming for a small work.  In this article we will see it can be configure and used by Author UI itself.  This will allow  AEM authors (or “super authors”) to flush parts of the dispatcher cache manually without the involvement of IT Operations. How to Use 1. Log in to AEM Author 2. Download the ACS commons tool from  ACS Commons Official page 3. Install the downloaded package via aem package manager.   4. Make sure you create the dispatcher flush agents on Author for all Dispatchers. from http://<<host:port>>/miscadmin#/etc/replication/agents.author, check the NOTE's part at the end of page. 5. Navigate to Tools 6. Under the ac...

How to Allow Block IP through AEM Dispatcher ?   AEM Dispatcher works as last man standing for your AEM servers. Many business has the requirement to allow only their internal network IP for Author or publish servers. To achieve this use case for the customer we can use dispatcher configuration explained below. The dispatcher is used as a load balancing/caching tool by AEM. It can also be used to block anyone from accessing your AEM author instance. This is to ensure that no one outside the client’s network can access it. AEM Author and publisher should never be exposed directly. In most cases, clients may also require a block to be put on AEM pub dispatchers before going live. This is to ensure that no one can see the site except for the client so performance, penetration, and UAT testing can be performed before going live. In this article, we will see, 5 easy steps to enable IP whitelisting in Apache so only the allowed list of IPs have access to AEM through the dispatcher. Or yo...