Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at

  • Tom Newt 28 posts 181 karma points
    Oct 26, 2023 @ 15:44
    Tom Newt

    CloudFlare Backoffice Security and IP Whitelisting?

    I'm trying to use CloudFlare as a proxy in front of Umbraco hosted on IIS. Prior to this we could whitelist IPs to limit access to the backoffice. However, with the switch to CloudFlare all traffic is coming from their proxy. Is there a way to limit access to the backoffice with this setup?

  • Damiaan 442 posts 1299 karma points MVP 6x c-trib
    Oct 26, 2023 @ 20:25

    I think there are two solutions:

    1. You can add a different hostname to the site which resolves (on your internal dns) allowing content editors to use the "backoffice" DNS name.

    2. Based on the same idea as the previous one: make two deployments (on the same server if you need) as if you are load balancing, one for the front-end and one for the back-end. If you host the backend on a different hostname, you can add your good old IP restrictions. The advantage of this setup is that you can diminish the attack surface on the front-end by removing the " .AddBackOffice() "

  • Tom Newt 28 posts 181 karma points
    Oct 27, 2023 @ 12:56
    Tom Newt

    Turns out we have the IP ranges of our organization. Is it secure to move the entire URL rewrite rule from IIS to the CloudFlare WAF rules? Would these be equivalent to what's suggested by umbraco?

    skip rule block rule rule order

Please Sign in or register to post replies

Write your reply to: