Sign in Register
Go to solution
Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Timon 2 posts 85 karma points
    Nov 27, 2018 @ 09:19
    Timon
    2

    Backend IPSecurity with Umbraco Forms

    Umbraco Forms
    Umbraco 7

    Hi everyone

    I've got a page with Umbraco forms installed and a contact form set up.

    Now the customer requested to lock backend access by ip address. I successfully implemented the ipsecurity feature from iis. So far this worked without a problem. But since I’ve locked the Umbraco folder for unauthorized visitors the contact form cant access the backend either. Which means the contact form won't send.

    My question is, how to lock the Umbraco backend for unauthorized access but still being able to use api's on the frontend that need to access Umbraco's backend.

    Any ideas?

    Copy Link
  • Frans de Jong 548 posts 1840 karma points MVP 3x c-trib
    Dec 06, 2018 @ 09:12
    Frans de Jong
    0

    Did you update with nuget or did you update by manually copying the files? Did you follow the version specific update guide? https://our.umbraco.com/documentation/getting-started/setup/upgrading/version-specific

    Copy Link
  • Severin 7 posts 98 karma points
    Dec 14, 2018 @ 14:00
    Severin
    101

    Hi Timon

    You can lock the access to umbraco via a web.config rewrite rule.

    Add this to the systam.webServer section in your web.config.:

    <rewrite>
  <rules>
    <rule name="BlockUmbracoByIP" stopProcessing="true">
      <match url="^umbraco.*"/>
      <conditions>
                    <!-- Allow access to surface and api controllers -->
        <add input="{PATH_INFO}" pattern="^/umbraco/surface.*" negate="true"/>
        <add input="{PATH_INFO}" pattern="^/umbraco/.*api.*" negate="true"/>
        <!-- External IP -->
        <add input="{REMOTE_ADDR}" pattern="<<<ADD YOUR EXTERNAL IP HERE>>>" negate="true" />
        <!--Also allow the local IP -->
        <add input="{REMOTE_ADDR}" pattern="::1" negate="true" />
        <add input="{REMOTE_ADDR}" pattern="127.0.0.1" negate="true" />
      </conditions>
      <action type="Rewrite" url="<<<PATH TO ERROR PAGE>>>"/>
    </rule>
  </rules>
</rewrite>

    Hope this helps!

    Cheers

    Copy Link
  • Timon 2 posts 85 karma points
    Dec 14, 2018 @ 14:02
    Timon
    1

    Hi Severin

    Thanks a lot! That totally did the job for me!

    Cheers

    Copy Link
  • Sebastiaan Janssen 5045 posts 15476 karma points MVP admin hq
    Dec 18, 2018 @ 10:04
    Sebastiaan Janssen
    1

    @Timon: I don't know why you keep flagging a comment in this thread as spam, there's no spam to be found.

    Copy Link
Please Sign in or register to post replies

Write your reply to:

Draft