Umbraco 10 - Restrict access to /Umbraco folder in startup.cs
Hi,
Is there a way to alter the startup code to check the IP when the site is visited so I can remove the .AddBackOffice() from public void ConfigureServices(IServiceCollection services), I have managed to use URL rewriting to allow only specific IP to the umbraco folder, but as a backup I like to check the IP addresses on each Visit and remove all back office functionality if the IP not on the white list.
I know this is a bit on an over engineer but I prefer to be safe then sorry.
The site is created using Version 10.X of Umbraco.
I would not thinkso as that code only runs on startup, it doesn't run on every access, so in most instances there would be no IP address to check for anyway. Using urlrewrite and ip restriction is the best way to secure it.
Umbraco 10 - Restrict access to /Umbraco folder in startup.cs
Hi,
Is there a way to alter the startup code to check the IP when the site is visited so I can remove the .AddBackOffice() from public void ConfigureServices(IServiceCollection services), I have managed to use URL rewriting to allow only specific IP to the umbraco folder, but as a backup I like to check the IP addresses on each Visit and remove all back office functionality if the IP not on the white list.
I know this is a bit on an over engineer but I prefer to be safe then sorry.
The site is created using Version 10.X of Umbraco.
I would not thinkso as that code only runs on startup, it doesn't run on every access, so in most instances there would be no IP address to check for anyway. Using urlrewrite and ip restriction is the best way to secure it.
You could probably use middleware for this. Something like what is described in the article here may do trick:
https://learn.microsoft.com/en-us/aspnet/core/security/ip-safelist?view=aspnetcore-7.0
You can just deny access to anything that is /umbraco by checking the request first
is working on a reply...