Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Frans de Jong 499 posts 1708 karma points c-trib
    Oct 03, 2019 @ 09:08
    Frans de Jong
    0

    What Umbraco Url's can I expect in V8?

    Hi all,

    I need to block access to /umbraco in a loadbalancing situation. Because I don't want to break Umbraco I need to know what calls I can expect from Umbraco itself. I know I need to negate /umbraco/api but are there others?

    I found this rule but this one is also missing forms?

     <rewrite>
            <rules>
                <!-- Restrict access to Umbraco -->
                <rule name="Restrict access" stopProcessing="true">
                    <match url="umbraco(?!/Surface/)(?!/Api/)(?!/api/)(?!/webservices/)" />
                    <conditions logicalGrouping="MatchAny" trackAllCaptures="false">
                        <add input="{HTTP_HOST}" pattern="(([^.]+)\.)?admin.example\.com" negate="true" />
                    </conditions>
                    <action type="Redirect" url="/not-found/" appendQueryString="false" />
                </rule>
            </rules>
        </rewrite>
    

    Thanks all

  • Tobias Klika 99 posts 543 karma points c-trib
    Oct 03, 2019 @ 10:07
    Tobias Klika
    0

    ~/App_Plugins is also called from the backoffice.

  • Frans de Jong 499 posts 1708 karma points c-trib
    Oct 03, 2019 @ 10:09
    Frans de Jong
    0

    True but that is not a subpath of Umbraco so no problems there.

  • Frans de Jong 499 posts 1708 karma points c-trib
    Oct 03, 2019 @ 11:15
    Frans de Jong
    0

    I came to these 2 rules:

    This should prevent anyone from logging in right:

    <rule  xdt:Transform="InsertIfMissing" xdt:Locator="Match(name)" name="Restrict access to Umbraco path excluding subpaths" stopProcessing="true">
              <match url="^umbraco$" />
              <conditions logicalGrouping="MatchAny" trackAllCaptures="false">
                <add input="{HTTP_HOST}" pattern="(([^.]+)\.)?admin.domain\.nl" negate="true" />
              </conditions>
              <action type="Redirect" url="/not-found/" appendQueryString="false" />
            </rule>
            <rule  xdt:Transform="InsertIfMissing" xdt:Locator="Match(name)" name="Restrict access to login" stopProcessing="true">
              <match url="^umbraco/#/login$" />
              <conditions logicalGrouping="MatchAny" trackAllCaptures="false">
               <add input="{HTTP_HOST}" pattern="(([^.]+)\.)?admin.domain\.nl" negate="true" />
              </conditions>
              <action type="Redirect" url="/not-found/" appendQueryString="false" />
            </rule>
    
Please Sign in or register to post replies

Write your reply to:

Draft