Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Timon 2 posts 85 karma points
    Nov 27, 2018 @ 09:19
    Timon
    2

    Backend IPSecurity with Umbraco Forms

    Hi everyone

    I've got a page with Umbraco forms installed and a contact form set up.

    Now the customer requested to lock backend access by ip address. I successfully implemented the ipsecurity feature from iis. So far this worked without a problem. But since I’ve locked the Umbraco folder for unauthorized visitors the contact form cant access the backend either. Which means the contact form won't send.

    My question is, how to lock the Umbraco backend for unauthorized access but still being able to use api's on the frontend that need to access Umbraco's backend.

    Any ideas?

  • Frans de Jong 454 posts 1576 karma points c-trib
    Dec 06, 2018 @ 09:12
    Frans de Jong
    0

    Did you update with nuget or did you update by manually copying the files? Did you follow the version specific update guide? https://our.umbraco.com/documentation/getting-started/setup/upgrading/version-specific

  • Severin 6 posts 97 karma points
    Dec 14, 2018 @ 14:00
    Severin
    101

    Hi Timon

    You can lock the access to umbraco via a web.config rewrite rule.

    Add this to the systam.webServer section in your web.config.:

    <rewrite>
      <rules>
        <rule name="BlockUmbracoByIP" stopProcessing="true">
          <match url="^umbraco.*"/>
          <conditions>
                        <!-- Allow access to surface and api controllers -->
            <add input="{PATH_INFO}" pattern="^/umbraco/surface.*" negate="true"/>
            <add input="{PATH_INFO}" pattern="^/umbraco/.*api.*" negate="true"/>
            <!-- External IP -->
            <add input="{REMOTE_ADDR}" pattern="<<<ADD YOUR EXTERNAL IP HERE>>>" negate="true" />
            <!--Also allow the local IP -->
            <add input="{REMOTE_ADDR}" pattern="::1" negate="true" />
            <add input="{REMOTE_ADDR}" pattern="127.0.0.1" negate="true" />
          </conditions>
          <action type="Rewrite" url="<<<PATH TO ERROR PAGE>>>"/>
        </rule>
      </rules>
    </rewrite>
    

    Hope this helps!

    Cheers

  • Timon 2 posts 85 karma points
    Dec 14, 2018 @ 14:02
    Timon
    1

    Hi Severin

    Thanks a lot! That totally did the job for me!

    Cheers

  • Sebastiaan Janssen 4805 posts 13986 karma points MVP admin hq
    Dec 18, 2018 @ 10:04
    Sebastiaan Janssen
    1

    @Timon: I don't know why you keep flagging a comment in this thread as spam, there's no spam to be found.

Please Sign in or register to post replies

Write your reply to:

Draft