how to restrict Umbraco backoffice access from external users
Hi
I am working on one website build on Umbraco 7.1.6
Now i need to published the website. So user can access it.
Now the main concerns is that I don't want external user to bee able to access Umbraco backoffice through URL like below
www.<mydomain>.com/Umbraco/
I know i can restrict the IP in IIS for specific IP addess. But it's causing the issue in my website.
In my website i have used AJAX call on some methods with ANTI FORGERY stuff. So restrict the IP in IIS , stop the functionality on my website where i have used AJAX call.
Is ther any other way i can prevent external user to browser Umbraco back office ?
I don't think the issue is that you are using "anti forgery stuff"?
Which URL do you need to be accessible? As you say AJAX I assume you call SurfaceControllers?
If this is the case you could try the following:
Use the URL Rewrite module in IIS and create a new rule, which only allows access from your specified IPs to the URL /umbraco. Exactly this URL, and not an URL that starts with umbraco. All URIs in the backend are hashes, which don't get send to the server.
how to restrict Umbraco backoffice access from external users
Hi
I am working on one website build on Umbraco 7.1.6
Now i need to published the website. So user can access it.
Now the main concerns is that I don't want external user to bee able to access Umbraco backoffice through URL like below
www.<mydomain>.com/Umbraco/
I know i can restrict the IP in IIS for specific IP addess. But it's causing the issue in my website.
In my website i have used AJAX call on some methods with ANTI FORGERY stuff. So restrict the IP in IIS , stop the functionality on my website where i have used AJAX call.
Is ther any other way i can prevent external user to browser Umbraco back office ?
Your help would be really appreciated !
Thanks in advance !
Rohan Dave
Hi!
I don't think the issue is that you are using "anti forgery stuff"?
Which URL do you need to be accessible? As you say AJAX I assume you call SurfaceControllers?
If this is the case you could try the following:
Use the URL Rewrite module in IIS and create a new rule, which only allows access from your specified IPs to the URL
/umbraco
. Exactly this URL, and not an URL that starts with umbraco. All URIs in the backend are hashes, which don't get send to the server.Hi Tobias
Thanks for your guidance here.
Yes i am usign SurfaceController.
Can you please share any link to implement URL rewrite in IIS and creating rule etc ?
Thanks,
Rohan Dave
Please take a look at this short video on how to implement it.
Hi Tobias
Thanks for the link. It's just what I needed. :)
Tony
Guys,
I am trying https://our.umbraco.org/forum/getting-started/installing-umbraco/63352-Restrict-access-to-Umbraco but only my first url works any ideas?
Cheers
Ismail
is working on a reply...