courier live environment security - Courier

Press Ctrl / CMD + C to copy this to your clipboard.

Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at

Laurence Gillian 600 posts 1219 karma points

Nov 27, 2013 @ 19:07

0

Courier, LIVE Environment Security

Courier

Hello!

I'm interested in how people are securing their LIVE environments.

The last time I worked on a very large Umbraco site, we used to remove the Umbraco and Umbraco_Client folders from the production environments, so there was no risk of 'unauthorised' access.

However, it seems that if you do this, Courier won't work!

To get around this would you recommend:

=========== super smart network =======

STAGING Master -> pushes content to Live master
LIVE Master (internal, not public)

=========== ultra big firewall ==========

LIVE Public Slave
LIVE Public Slave
LIVE Public Slave
LIVE Public Slave

Slaves, use the umbraco load balancing the detect any content changes. So although they are missing the Umbraco folders, they still get updated.

Copy Link

Laurence Gillian 600 posts 1219 karma points

Nov 27, 2013 @ 19:09

Just incase it's useful to anyone....

Here's how I was disabling access on those LIVE nodes.
This ensures a 404 error is returned.

<system.webServer>
  <security>
        <requestFiltering>
            <!-- Disable Umbraco Backoffice, and return 404 error -->
            <denyUrlSequences>
                <add sequence="/umbraco" />
                <add sequence="/umbraco_client" />
            </denyUrlSequences>   
        </requestFiltering>
    </security>

Copy Link

is working on a reply...

Please Sign in or register to post replies

Flag this post as spam?

Courier, LIVE Environment Security