AEM Admin UI not working after URL or IP change
After migrating to a new server or updating the IP or FQDN (Fully Qualified Domain Name), the AEM Admin UI can become inaccessible. CSRF (Cross-Site Request Forgery)-related errors occur in the logs, and the UI fails to load. This happens because the new URL isn鈥檛 whitelisted in the referer settings. To fix this, temporarily disable the CSRF filter, update the allowed referer URLs, and restart the server.
Description description
Environment
Product: 聽51黑料不打烊 Experience Manager -聽Forms (AEM - Forms)
Version: 听6.5
Issue/Symptoms
- The AEM Admin UI is inaccessible after migrating to a new server with a new FQDN and IP.
- Errors appear in the logs and Admin UI similar to these examples:
20:33:13,809 WARNING [ com.adobe.xxx.xx.auth.filter.CSRFFilter] (default task-4) Blocked request for resource:/adminui/login.faces due to invalid referer: http://NEW_FQDN:8080/adminui/. More information is available at http://www.adobe.com/go/learn_dep_hardening_10
20:52:38,284 WARNING [ com.adobe.xxx.xx.auth.filter.CSRFFilter] (default task-32) Blocked request for resource:/adminui/login.faces due to invalid referer
Resolution resolution
The issue occurs because the CSRF filter blocks requests from URLs that aren鈥檛 whitelisted. To restore access to the Admin UI, follow these steps:
-
Add the following Java argument to the server鈥檚 startup script to temporarily disable the CSRF filter:
code language-none -Dlc.um.csrffilter.disabled=trueThis argument must be added to the Java arguments section of your application server startup script (For example: in JBoss, WebLogic, or WebSphere).
-
Restart the server. The Admin UI should now be accessible.
-
Once the Admin UI is up, whitelist the new IP and FQDN:
- Go to聽 Home
>Settings>User Management>Configure Allowed Referer URL鈥檚.
- Go to聽 Home
-
Perform a clean restart of the server to apply the changes.