Rules of AEM

LOGGING OF THE X-FORWARDED-FOR HEADER FOR BETTER SECURITY & ATTACK MITIGATION In enterprise Adobe Experience Manager (AEM) environments, security and visibility are crucial, especially when responding to suspicious or malicious traffic patterns such as DoS or DDoS attacks. One common challenge DevOps teams face during such incidents is tracing the actual end-user IP address — especially when traffic is routed through load balancers, proxies, or CDNs. This is where the X-Forwarded-For (XFF) HTTP header becomes vital. In this blog, we’ll explore how to properly log the X-Forwarded-For header in AEM Dispatcher (both Apache and IIS) and configure debugging for better traceability. Why X-Forwarded-For Matters   The X-Forwarded-For header is widely used to preserve the original client IP address when requests pass through a proxy or load balancer. Without logging this header, access logs might only show internal IPs of the proxy, which is not helpful when analyzing or block...

Migrating from AEM 6.x to AEM as a Cloud Service: What to Expect ? Introduction If you're currently managing an AEM 6.x project, chances are you’ve heard about AEM as a Cloud Service (AEMaaCS). Adobe is clearly shifting toward this cloud-native model for low/medium complex customers and while there are definite benefits, developers should be prepared for a few surprises too. I recently worked on a migration project and wanted to share what developers should expect , from code refactoring and CI/CD changes to losing root access and dealing with strict dispatcher rules.     Whats is Great about AEMaaCS  1. Automatic Upgrades Say goodbye to manual patching. AEMaaCS updates automatically.  Adobe handles the platform updates, with no need to plan downtime or test service packs. 2. CI/CD with Cloud Manager Deployments go through Adobe Cloud Manager, which checks for code quality, security, and performance before pu...

Prevent Denial of Service (DoS) Attacks : AEM  A denial of service (DoS) attack is an attempt to make a computer resource unavailable to its intended users. You can get more information on DDoS prevention in Apache At the dispatcher level, there are two methods of configuring to prevent DoS attacks: Use the mod_rewrite module (for example,  Apache 2.4 ) to perform URL validations (if the URL pattern rules are not too complex). Prevent the dispatcher from caching URLs with spurious extensions by using  filters .  For example, change the caching rules to limit caching to the expected mime types, such as .html .jpeg .gif .swf .js .doc .pdf .ppt .... as per your project requirement. An example configuration file is given below,  for  this includes restrictions for mime types.      When configuring Dispatcher you should restrict external access as much as possible. The      following example provides example for the minimal access ...

 Adobe Experience Manager (AEM) is a popular content management system that is widely used by businesses to manage and publish digital content. With the increasing amount of sensitive data being stored and shared online, it's important for AEM users to be aware of the security features that the platform offers. In this blog, we'll discuss some of the key security features of AEM and provide tips for keeping your AEM instance secure. Authentication and Authorization AEM provides several options for authentication and authorization. Users can log in using their credentials, which can be verified using LDAP or other external identity providers. Once authenticated, users are assigned roles and permissions, which determine what actions they can perform within AEM. To keep your AEM instance secure, it's important to ensure that users only have the permissions they need to perform their jobs. For example, if a user doesn't need to publish content, they should not be given perm...

Added Security in AEM via Headers:-  In design a robust architecture AEM Architects, Developers, Infrastructure Engineers regularly come across a challenge for adding the additional security in AEM.  In this article, we will understand the key security headers which can be used in webserver and give an additional layer of security for your Publish server and content.  I have used Apache webserver for all the examples.  This article covers -  1 - X-XSS protection  2 - HTTP Strick Transport Security 3 - X-Frame Option  4 - Content Security  1- X-XSS Protection:-  X-XSS-Protection header can prevent some level of XSS (cross-site-scripting ) attacks.  Configure the x-xss-protection header to 1 in your apache httpd.conf file or Vhost file if you have for all domains as applicable.   <IfModule mod_headers.c>   <FilesMatch "\.(htm|html)$">               ...