- How to disable Link Checker or configure to mark links as valid in AEM
- Adobe Campaign: Queries against tsEvent take a long time
- How to reset the truststore in AEM
- Audience creation options
- How to look up Launch Darkly flags?
- “User name and password do not match” on login
- Adobe Campaign Standard: File Fails to upload if email entries contain “double”
- Adobe Campaign Standard: Hotclicks reports cannot generate a cumulative report against a recurring delivery
- How to reset the admin password in AEM 6.3
- AEM redirects user back to http when accessed through SSL/TLS terminated Load Balancer | AEM
- How to set Marketing Cloud ID Service helper function in Adobe DTM
- Adobe Campaign: Is TLS 1.3 Supported?
- SMPP Protocol Analysis Using Wireshark
- The Non-Apple SSO TV Provider Authentication Flow
- How to confirm if an MVPD is enabled for Apple SSO
- Change the minification engine for client libraries in AEM
- MCID cross-domain tracking
- URL character limit for Get requests | Scene7
- Bundle Version Checker
- Adobe Campaign Standard: Can a collection within a collection be used within a JSON payload
- Google Play Rejects App Due To WebView SSL Error Handler Issue | Adobe Authentication Native Android SDK
- Remove license key | Scene7
- Error: Unable to parse expression ‘@registrationToken’
- Take thread dumps from a JVM
- How to debug client-side issues in the AEM Touch UI or Classic UI
- How to optimize Oak Lucene indexes to reduce indexing time
- Deleted Tweets still appear in moderation feed
- Fix Inconsistencies in the repository when SegmentNotFound Issue is reported in AEM 6.x
- Marketing Channel Instances on Custom Links
- How to set the Oak login token session expiration
- Custom Error Handler Pages
- Classifications API Import Error Relation 0 is not currently set up to import data
- Generating the missing renditions for AEM Assets
- Replication queue issues
- Submitting an Analytics support ticket
- Analyze Memory Problems
- Getting AEM log files quickly for users who don’t have access to the file system
- How to use a browser extension to remove x-frame-options console error
- Define a repository-based configuration for a specific instance only
- List of common AEM cURL commands
- Performance analysis using built in profiler
- Workaround and fix index corruption with AEM/AEM Forms
- SegmentNotFoundException and IllegalArgumentException
- How to delete the dispatcher cache without logging into to the Dispatcher server | AEM 6.x
- Password reset_Locked user account
- How to force a recompilation of all Sling scripts jsps, java, and sightly in AEM 6.4
- Link Clicks and Other Clicks | Post Analytics Report
- ACC: Workflow best practices - Configuration and monitoring
- Adobe Campaign: BAS-010015 Cannot open file error causing “DeliveryParts” failure
- How to enable secure cookies in AEM
- “Response is committed” error during page load in AEM6.x
- Adobe Campaign Standard: RST-360011 An error has occurred is thrown when a comma is used in the content fragment name
- Adobe Campaign Standard: API updates to profiles and services are not being reflected
- Solutions for the Chrome unsandbox access denied error in Flash
- Audience Manager to Campaign
- Changing Dynamic Media URL for DM Assets (on AEM 6.5.11 and above)
- Adobe Campaign Standard: Imported File Transfer activities cannot change external account
- Adobe Campaign Standard: Can I download a hotclicks report in ACS?
- Debug an AEM app using eclipse
- How to unlock a locked page
- How to block IP addresses at the Apache HTTP Server level?
- ProductAssetListener may cause SegmentNotFoundException and performance issues
- Check and analyze if JCR session leaks in your AEM instance
- LDAP timeout error | AEM Oak
- Classifications API: Import Error - Relation 0 is not currently set up to import data
- How to set up Adobe IO: Authentication - Step by Step
- SAML IDP POST to /saml_login URL returns 403 response
- Permission denied error from java.io.File.createTempFile
- Discover and Build Audiences
- How to Configure Target Workspaces in Adobe Admin Console
- Discontinuation of Adobe-developed Google extensions
- Average Daily Orders in Adobe Analytics
- Datastore inconsistency error obtaining “InputStream for blobId”
- AEM Thread Dump Analysis
- javax.jcr.NamespaceException: Unknown namespace prefix error in AEM
- Error: Too many open files
- How can I confirm if SSO is enabled or disabled for my Channel?
- Publishing of references broken on Touch UI
- Known issue on AEM 6.4.2+ to AEM 6.5 Upgrade
- DRM Error 3324 MachineTokenInvalid Sub Error Code = 111
- Classifications API: Import Error - Relation 0 is not currently set up to import data
- How to capture SSAI and Original Manifests Simultaneously
- Hardware sizing recommendations
- Adobe Campaign Standard: Substitution of address for transactional messages
- Manage subscription to status.adobe.com
- How to generate a Data Model or Data Dictionary
- Migrate users, groups, and ACLs between AEM instances
- How to clone a TarMK instance in AEM
- Album post containing two photos split into separate posts on Facebook
- Setup Bulk Data Insertion API
- How to avoid Internet Explorer rendering in compatibility mode
- Adobe Primetime Authentication - Most frequently used terms
- How to reindex a synchronous AEM index | AEM, Oak
- How to migrate from the legacy binary protocol to HTTP/2-based APNs provider API
- How to run a datastore consistency check via oak-run
How to block IP addresses at the Apache HTTP Server level?
Description
Our site is experiencing a denial of service attack, spam, or getting hacked. How to block IP addresses at the Apache HTTP Server (AEM Dispatcher) level?
Resolution
Most Web Application Firewalls (WAF), such as mod security, can block lists of IP addresses. However, if you are running Apache HTTP Server and would like to block IP’s immediately follow these steps:
- Create a file named block-offending-ips.conf on your server.
- Open the file in an editor and add a Location directive that blocks all offending IP’s from accessing whatever URLs you want to block. There are two options for the contents of the file below
-
If the request is proxied (via CDN, Load Balancer, etc) and the remote user’s IP is only in a Header such as X-Forwarded-For then this configuration can be used. Note that this configuration doesn’t apply if the remoteip_module is configured.
LocationMatch ``"/.*"````Order Allow,Deny``Allow from all``SetEnvif X-Forwarded-For ``"10\.42\.137\.123"DenyAccess``SetEnvif X-Forwarded-For ``"122\.6\.218\.101"`DenyAccess#Repeat the "SetEnvlf X-Forwarded-For ..." for each IP you want to blockDeny fromenv=DenyAccess````/LocationMatch``` -
Alternatively, if the remote user is directly accessing Apache or you are using remoteip_module (see 1) to extract and set it within Apache then you can use mod_authz_core’s Require feature directly (Apache 2.4).
LocationMatch "/.*"RequireAllRequire all grantedRequire not ip 10.42.137.123Require not ip 122.6.218.101#Repeat the "Require not ip ..." for each IP you want to block/RequireAll/LocationMatch1# Extract true client IP from header added by load balancer/CDNIfModule remoteip_module# valid for ELB or ELB+CloudFrontRemoteIPHeader X-Forwarded-For/IfModule
-
- Drop the file block-offending-ips.conf in /etc/conf.d folder of the Apache Web server.
- Restart the Apache HTTP Server.
Resources on adobe.com
Resources
Adobe Account
Change language
Copyright © 2021 Adobe. All Rights Reserved.
