what umbraco urls can i expect in v8 - Using Umbraco and getting started

Press Ctrl / CMD + C to copy this to your clipboard.

Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at

Frans de Jong 548 posts 1840 karma points MVP 4x c-trib

Oct 03, 2019 @ 09:08

What Umbraco Url's can I expect in V8?

Hi all,

I need to block access to /umbraco in a loadbalancing situation. Because I don't want to break Umbraco I need to know what calls I can expect from Umbraco itself. I know I need to negate /umbraco/api but are there others?

I found this rule but this one is also missing forms?

 <rewrite>
        <rules>
            <!-- Restrict access to Umbraco -->
            <rule name="Restrict access" stopProcessing="true">
                <match url="umbraco(?!/Surface/)(?!/Api/)(?!/api/)(?!/webservices/)" />
                <conditions logicalGrouping="MatchAny" trackAllCaptures="false">
                    <add input="{HTTP_HOST}" pattern="(([^.]+)\.)?admin.example\.com" negate="true" />
                </conditions>
                <action type="Redirect" url="/not-found/" appendQueryString="false" />
            </rule>
        </rules>
    </rewrite>

Thanks all

Copy Link

Tobias Klika 101 posts 570 karma points c-trib

Oct 03, 2019 @ 10:07

0

~/App_Plugins is also called from the backoffice.

Copy Link
Frans de Jong 548 posts 1840 karma points MVP 4x c-trib

Oct 03, 2019 @ 10:09

0

True but that is not a subpath of Umbraco so no problems there.

Copy Link

Frans de Jong 548 posts 1840 karma points MVP 4x c-trib

Oct 03, 2019 @ 11:15

I came to these 2 rules:

This should prevent anyone from logging in right:

<rule  xdt:Transform="InsertIfMissing" xdt:Locator="Match(name)" name="Restrict access to Umbraco path excluding subpaths" stopProcessing="true">
          <match url="^umbraco$" />
          <conditions logicalGrouping="MatchAny" trackAllCaptures="false">
            <add input="{HTTP_HOST}" pattern="(([^.]+)\.)?admin.domain\.nl" negate="true" />
          </conditions>
          <action type="Redirect" url="/not-found/" appendQueryString="false" />
        </rule>
        <rule  xdt:Transform="InsertIfMissing" xdt:Locator="Match(name)" name="Restrict access to login" stopProcessing="true">
          <match url="^umbraco/#/login$" />
          <conditions logicalGrouping="MatchAny" trackAllCaptures="false">
           <add input="{HTTP_HOST}" pattern="(([^.]+)\.)?admin.domain\.nl" negate="true" />
          </conditions>
          <action type="Redirect" url="/not-found/" appendQueryString="false" />
        </rule>

Copy Link

is working on a reply...

Please Sign in or register to post replies