Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Darren Hunter 50 posts 120 karma points
    16 days ago
    Darren Hunter
    0

    Umbraco 10 - Restrict access to /Umbraco folder in startup.cs

    Hi,

    Is there a way to alter the startup code to check the IP when the site is visited so I can remove the .AddBackOffice() from public void ConfigureServices(IServiceCollection services), I have managed to use URL rewriting to allow only specific IP to the umbraco folder, but as a backup I like to check the IP addresses on each Visit and remove all back office functionality if the IP not on the white list.

    I know this is a bit on an over engineer but I prefer to be safe then sorry.

    The site is created using Version 10.X of Umbraco.

  • Huw Reddick 1052 posts 3511 karma points c-trib
    16 days ago
    Huw Reddick
    0

    I would not thinkso as that code only runs on startup, it doesn't run on every access, so in most instances there would be no IP address to check for anyway. Using urlrewrite and ip restriction is the best way to secure it.

  • Conor Howe 30 posts 130 karma points
    15 days ago
    Conor Howe
    0

    You could probably use middleware for this. Something like what is described in the article here may do trick:

    https://learn.microsoft.com/en-us/aspnet/core/security/ip-safelist?view=aspnetcore-7.0

    You can just deny access to anything that is /umbraco by checking the request first

Please Sign in or register to post replies

Write your reply to:

Draft