Rules of AEM

LOGGING OF THE X-FORWARDED-FOR HEADER FOR BETTER SECURITY & ATTACK MITIGATION In enterprise Adobe Experience Manager (AEM) environments, security and visibility are crucial, especially when responding to suspicious or malicious traffic patterns such as DoS or DDoS attacks. One common challenge DevOps teams face during such incidents is tracing the actual end-user IP address — especially when traffic is routed through load balancers, proxies, or CDNs. This is where the X-Forwarded-For (XFF) HTTP header becomes vital. In this blog, we’ll explore how to properly log the X-Forwarded-For header in AEM Dispatcher (both Apache and IIS) and configure debugging for better traceability. Why X-Forwarded-For Matters   The X-Forwarded-For header is widely used to preserve the original client IP address when requests pass through a proxy or load balancer. Without logging this header, access logs might only show internal IPs of the proxy, which is not helpful when analyzing or block...

AEM Developers, Infrastructure Engineers / Dev-ops teams working in the financial domain regularly come across a challenge for event auditing in AEM. This helps in identifying most of the activities happening in AEM. Audit logs are a very effective way to debug the content issue & to know what all is happening in your environment and by whom. This article addresses in a simple way on how to enable the audit logs, its different ways, and how to understand the audit logs.  This article covers the following - How can we enable Audit logs in AEM. How can we read and understand the Audit logs/ tools to use it. Audit log on file system in crx-quickstart/logs folder.   Audit logs for User creation / Modification. How can you archive/purge the audit logs. How can we enable Audit logs in AEM?            By Default, the Audit logs are pre-configured in AEM, for a few basic operations of DAM and for all other operations of Pages ...