For "REMOTEADDR" and "HTTPXFORWARDEDFOR" I would add IP addresses as "IP1|IP2|IP3" and this would allow access. Am I right?
"HTTPXFORWARDED_FOR" - Would this work when your site is behind a Microsoft Application Gateway V1? The V1 does not have the facility to remove port numbers from the IP addresses.
first part of your question, yes, add the IP's as you suggest to allow access.
can't answer your second question specifically as not used Microsoft application gateway, but it may work, it is for exposing the originating callers ip when behind a proxy or load balancing
How do I block access to /Umbraco in IIS 10?
I wish Umbraco had a config flag to switch off access or restrict it to a set of IP addresses.
I have tried URL rewrite etc... but always see errors. Tried restricting the Umbraco directory access too without success.
Has anyone successfully done this and how?
you should be able to set ip restrictions in your web.config.
What are the errors you are getting?
How to deny and allow access certain path/directory/file based on IP Address without changing codes?
Would this work? It says that generally these should be applied at the site level and not the folder or file level.
The last time I setup IP restrictions for the Umbraco folder we were seeing files not getting saved and 403s for the whole Umbraco login page.
what url's were you restricting access to?
This is what I use and not had any issues so far
For "REMOTEADDR" and "HTTPXFORWARDEDFOR" I would add IP addresses as "IP1|IP2|IP3" and this would allow access. Am I right?
"HTTPXFORWARDED_FOR" - Would this work when your site is behind a Microsoft Application Gateway V1? The V1 does not have the facility to remove port numbers from the IP addresses.
first part of your question, yes, add the IP's as you suggest to allow access.
can't answer your second question specifically as not used Microsoft application gateway, but it may work, it is for exposing the originating callers ip when behind a proxy or load balancing
Thank you. I am trying this out. I have also added:
Any other ones you use?
Hi Nikhil,
there's some excellent documentation available: https://our.umbraco.com/documentation/Reference/Security/Security-hardening/
Kindest regards, Jeffrey
Thank you. I am trying this out. I have also added:
Any other ones you use?
is working on a reply...