Dispatcher flush requests receive a "403 Forbidden" response from the web server.

Environment

Apache 2.x

Cause

There can be many causes including web server access control and dispatcher misconfiguration.

Resolution

I. Check the /allowedClients configuration

On the web server, check in the dispatcher .any configurations for the /allowedClients configuration and make sure that it lists the IP address of the AEM server where the flush agent exists.  Note that host names will not work in this configuration.

II. Send the Host header

If you have DispatcherDeclineRoot set to 1 in your http configuration for dispatcher, then you can set the Host header in the dispatcher flush agent.

  1. Go to the flush agent queue page.
  2. Click Edit.
  3. Go to the Extended tab.
  4. Add a Header.
  5. Set the value as "Host: www.geometrixx.com" where www.geometrixx.com is the site's external DNS.

III. Check Apache 2.4 Access Control

If this is occurring on Apache 2.4 and this error is observed in the Apache error_log:

AH01630: client denied by server configuration

In Apache HTTP Server 2.4, the access control is done in the same way as other authorization checks in earlier versions.  However, it uses the new module mod_authz_host, so there is new syntax.

To fix the client denied error, add the below location to httpd configuration file in the directive for the site:

<Location /dispatcher>
  Require all granted
</Location>

Or define specific IP addresses that are allowed:

<Location /dispatcher>
  Require ip 192.168.1.104 192.168.1.205
</Location>

This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License  Twitter™ and Facebook posts are not covered under the terms of Creative Commons.

Legal Notices   |   Online Privacy Policy