Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Darren Hunter 140 posts 232 karma points
    Jan 20, 2023 @ 16:07
    Darren Hunter
    0

    Umbraco 10 - Restrict access to /Umbraco folder in startup.cs

    Hi,

    Is there a way to alter the startup code to check the IP when the site is visited so I can remove the .AddBackOffice() from public void ConfigureServices(IServiceCollection services), I have managed to use URL rewriting to allow only specific IP to the umbraco folder, but as a backup I like to check the IP addresses on each Visit and remove all back office functionality if the IP not on the white list.

    I know this is a bit on an over engineer but I prefer to be safe then sorry.

    The site is created using Version 10.X of Umbraco.

  • Huw Reddick 1929 posts 6717 karma points MVP 2x c-trib
    Jan 20, 2023 @ 18:02
    Huw Reddick
    0

    I would not thinkso as that code only runs on startup, it doesn't run on every access, so in most instances there would be no IP address to check for anyway. Using urlrewrite and ip restriction is the best way to secure it.

  • Conor Howe 36 posts 137 karma points
    Jan 21, 2023 @ 22:28
    Conor Howe
    0

    You could probably use middleware for this. Something like what is described in the article here may do trick:

    https://learn.microsoft.com/en-us/aspnet/core/security/ip-safelist?view=aspnetcore-7.0

    You can just deny access to anything that is /umbraco by checking the request first

Please Sign in or register to post replies

Write your reply to:

Draft