Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Vaidas 22 posts 65 karma points
    Oct 16, 2015 @ 09:22
    Vaidas
    0

    Disabling access to umbraco backoffice

    Hey all,

    Is it possible to disable access to umbraco's backoffice while leaving all the surface and api contorllers working? What would be the correct way to achieve this?

    I have 2 copies of the same solution running on the IIS in different websites. One is used as "backend", the other - "frontend". I would like to restrict the access to "frontend"'s /umbraco url aka backoffice.

    Umbraco 7.2.6

  • Dennis Aaen 4500 posts 18255 karma points admin hq c-trib
    Oct 16, 2015 @ 09:51
    Dennis Aaen
    1

    Hi Vaidas,

    Try to check this blogpost out, http://tcmorris.net/blog/custom-domain-for-umbraco/ with this approach the Surface controllers should still work.

    Hope this helps and works for you.

    /Dennis

  • Jeavon Leopold 3074 posts 13632 karma points MVP 11x admin c-trib
    Oct 16, 2015 @ 10:50
    Jeavon Leopold
    103

    Yes as Dennis mentioned about using a rewrite rule is the best way, based on the article this is the rule we currently use:

        <rewrite>
            <rules>
                <!-- Restrict access to Umbraco -->
                <rule name="Restrict access" stopProcessing="true">
                    <match url="umbraco(?!/Surface/)(?!/Api/)(?!/api/)(?!/webservices/)" />
                    <conditions logicalGrouping="MatchAny" trackAllCaptures="false">
                        <add input="{HTTP_HOST}" pattern="(([^.]+)\.)?admin.example\.com" negate="true" />
                    </conditions>
                    <action type="Redirect" url="/not-found/" appendQueryString="false" />
                </rule>
            </rules>
        </rewrite>
    
  • Cristhian Amaya 52 posts 423 karma points
    Sep 14, 2017 @ 10:49
    Cristhian Amaya
    1

    This works perfect! A little improvement is that the regex for the backoffice can be simplified to:

              <match url="^umbraco$" />
    

    If there's something else after /umbraco (surface, api, etc.) the rule wouldn't be triggered.

    Cheers!

  • Vaidas 22 posts 65 karma points
    Oct 16, 2015 @ 12:09
    Vaidas
    0

    Thanks! It worked.

  • Trey 14 posts 108 karma points
    Sep 28, 2016 @ 21:46
    Trey
    0

    Hey All,

    We are trying to set up something similar in our environments, but the links in this thread are no longer active.

    Our particular situation is that we would like to disable access to the back office on our slave servers, but retain their ability to use umbraco/api etc. Ideally we would want to have the /umbraco only url redirect to the master server's /umbraco.

    Could we get an update on this topic?

  • MuirisOG 382 posts 1284 karma points
    Mar 24, 2017 @ 10:54
    MuirisOG
    0

    Just been looking into this and found the link above is broken, but this is the page you are looking for.

    https://tcmorris.net/blog/custom-domain-for-umbraco

  • John Oxenbridge 3 posts 74 karma points
    Jun 04, 2018 @ 13:40
    John Oxenbridge
    1

    In case anyone is having problems with Umbraco Forms asset files failing to serve when this rule is applied in a split environment, we had to add a "negate condition" to the rule to allow the assets to be served on the public frontend:

    <conditions logicalGrouping="MatchAny" trackAllCaptures="false">
    <add input="{PATH_INFO}" pattern="/App_Plugins/UmbracoForms/Assets/" negate="true" />
    </conditions>
    
  • Minh Chau 1 post 71 karma points
    Nov 03, 2020 @ 03:17
    Minh Chau
    0

    I use the regex as ^umbraco(|\/)$. and it will match both "/umbraco" and "umbraco/", but ignore the /umbraco/api

    <rewrite>
            <rules>
                <rule name="disable umbraco backoffice" stopProcessing="true">
                    <match url="^umbraco(|\/)$" />
                    <conditions logicalGrouping="MatchAny" trackAllCaptures="false">
                        <add input="{HTTP_HOST}" pattern="(([^.]+)\.)?admin.example\.com" negate="true" />
                    </conditions>
                    <action type="Redirect" url="/not-found/" appendQueryString="false" />
                </rule>
            </rules>
        </rewrite>
    
Please Sign in or register to post replies

Write your reply to:

Draft