Blocking public access to the publisher’s default URL

Description

One customer wants o to block the public access to their production publish URL - https://publish-pxxxxx-eyyy.adobeaemcloud.com/, for it to be accessible only via their custom domain name (www.example.com).

As per the custom domain name setup, the DNS record for ‘www.example.com’ contains a CNAME entry of https://publish-pxxxxx-eyyy.adobeaemcloud.com ‘.

They do not have a separate CDN and are using AEMs’ Fastly CDN

Resolution

In this scenario, you cannot block by a certain domain at the edge.
The workaround is to create a vhost in the dispatcher to match your default domain https://publish-pxxxxx-eyyy.adobeaemcloud.com/ and deny access for all requests in the vhost 1.

However, the /systemready path should be allowed because that is Adobe’s healthcheck.

1 https://experienceleague.adobe.com/docs/experience-manager-dispatcher/using/configuring/dispatcher-domains.html?lang=en

On this page