Wednesday, October 9, 2019

Debugging Dispatcher Authorization Issues


Hello Everyone,

Recently while doing dispatcher configuration for an AEM Website, I realized
that the cache ratio was 0% and the requests were not caching in the dispatcher.

While checking the dispatcher logs in detail I realized that dispatcher is considering
every request as a secure request.
Here, The website is completely static and there is no login and secured content. So why the dispatcher is showing “request contains authorization”.

Because of this issue, all the requests were hitting to publisher every time and that
makes the page performance low.

The simple and quick solution for this is to allow caching of authorized content with the
dispatcher setting.
But this is not an ideal way of doing it. We need to figure out why this issue is coming.

However this setting now allows caching of secure content, which may be a security concern.

But this is not an ideal way of doing it. We need to figure out why this issue is happening.

So I figured out that Dispatcher was having a public domain and can be accessed from anywhere and client don’t want people to access it before going live.

To resolve this I had added a secure layer in Apache. Because of that additional
security, every request contains “Authorization” in header and
dispatcher understood it as a secure content.
So remember, don’t simply set /allowAuthorized to “1” in order to solve an authorisation
problem unless you actually have secured content that you want to cache –
there may be other reasons your dispatcher is thinking your request contains authorisation
headers.

To solve my issue, I added allowAuthorized as “1” for the appropriate performance testing on
pre production server, as client don't want to remove this security layer from dispatcher until
go live.
If i don't do that this may impact the Performance Test results but I will again make it “0”
once we go live.

Hope it will help you guys !!
Thanks and Happy Learning.

1 comment:

  1. This comment has been removed by a blog administrator.

    ReplyDelete