Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Laurence Gillian 600 posts 1219 karma points
    Nov 27, 2013 @ 19:07
    Laurence Gillian
    0

    Courier, LIVE Environment Security

    Hello!

    I'm interested in how people are securing their LIVE environments.

    The last time I worked on a very large Umbraco site, we used to remove the Umbraco and Umbraco_Client folders from the production environments, so there was no risk of 'unauthorised' access.

    However, it seems that if you do this, Courier won't work!

    To get around this would you recommend:

    =========== super smart network =======

    STAGING Master -> pushes content to Live master
    LIVE Master (internal, not public)

    =========== ultra big firewall ==========

    LIVE Public Slave
    LIVE Public Slave
    LIVE Public Slave
    LIVE Public Slave

    Slaves, use the umbraco load balancing the detect any content changes. So although they are missing the Umbraco folders, they still get updated.

  • Laurence Gillian 600 posts 1219 karma points
    Nov 27, 2013 @ 19:09
    Laurence Gillian
    0

    Just incase it's useful to anyone....

    Here's how I was disabling access on those LIVE nodes.
    This ensures a 404 error is returned.

    <system.webServer>
      <security>
            <requestFiltering>
                <!-- Disable Umbraco Backoffice, and return 404 error -->
                <denyUrlSequences>
                    <add sequence="/umbraco" />
                    <add sequence="/umbraco_client" />
                </denyUrlSequences>   
            </requestFiltering>
        </security>
    

Please Sign in or register to post replies

Write your reply to:

Draft