Sign in Register
Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Frans de Jong 550 posts 1862 karma points MVP 4x c-trib
    Oct 03, 2019 @ 09:08
    Frans de Jong
    0

    What Umbraco Url's can I expect in V8?

    Hi all,

    I need to block access to /umbraco in a loadbalancing situation. Because I don't want to break Umbraco I need to know what calls I can expect from Umbraco itself. I know I need to negate /umbraco/api but are there others?

    I found this rule but this one is also missing forms?

     <rewrite>
        <rules>
            <!-- Restrict access to Umbraco -->
            <rule name="Restrict access" stopProcessing="true">
                <match url="umbraco(?!/Surface/)(?!/Api/)(?!/api/)(?!/webservices/)" />
                <conditions logicalGrouping="MatchAny" trackAllCaptures="false">
                    <add input="{HTTP_HOST}" pattern="(([^.]+)\.)?admin.example\.com" negate="true" />
                </conditions>
                <action type="Redirect" url="/not-found/" appendQueryString="false" />
            </rule>
        </rules>
    </rewrite>

    Thanks all

    Copy Link
  • Tobias Klika 101 posts 570 karma points c-trib
    Oct 03, 2019 @ 10:07
    Tobias Klika
    0

    ~/App_Plugins is also called from the backoffice.

    Copy Link
  • Frans de Jong 550 posts 1862 karma points MVP 4x c-trib
    Oct 03, 2019 @ 10:09
    Frans de Jong
    0

    True but that is not a subpath of Umbraco so no problems there.

    Copy Link
  • Frans de Jong 550 posts 1862 karma points MVP 4x c-trib
    Oct 03, 2019 @ 11:15
    Frans de Jong
    0

    I came to these 2 rules:

    This should prevent anyone from logging in right:

    <rule  xdt:Transform="InsertIfMissing" xdt:Locator="Match(name)" name="Restrict access to Umbraco path excluding subpaths" stopProcessing="true">
          <match url="^umbraco$" />
          <conditions logicalGrouping="MatchAny" trackAllCaptures="false">
            <add input="{HTTP_HOST}" pattern="(([^.]+)\.)?admin.domain\.nl" negate="true" />
          </conditions>
          <action type="Redirect" url="/not-found/" appendQueryString="false" />
        </rule>
        <rule  xdt:Transform="InsertIfMissing" xdt:Locator="Match(name)" name="Restrict access to login" stopProcessing="true">
          <match url="^umbraco/#/login$" />
          <conditions logicalGrouping="MatchAny" trackAllCaptures="false">
           <add input="{HTTP_HOST}" pattern="(([^.]+)\.)?admin.domain\.nl" negate="true" />
          </conditions>
          <action type="Redirect" url="/not-found/" appendQueryString="false" />
        </rule>
    Copy Link

  • This forum is in read-only mode while we transition to the new forum.

    You can continue this topic on the new forum by tapping the "Continue discussion" link below.

Please Sign in or register to post replies