I'm currently using uSync complete and think it's fantastic.
Since adding some code which locks down the front end of our site on the staging and test servers I'm seeing issues (even development checking itself!). When I go to uSync Publisher and do a local Check Access I get an Api Mismatch. As soon as I disable the locking of the site it all works correctly. Could you let me what paths are used to publish so I can whitelist these?
yes, the API endpoint between servers is at umbraco/uSyncReceive so this will need to be something servers can see on the other servers.
you should see something at the end of the web.config for this -
<location path="umbraco/uSyncReceive">
<!-- Up the file upload limit to 500mb, this is for moving media around -->
<system.web>
<httpRuntime maxRequestLength="512000"/>
</system.web>
<system.webServer>
<security>
<!-- Restrict API access by IP - you can here restrict so only servers can talk to each other -->
<!--
<ipSecurity allowUnlisted="false">
<add allowed="true" ipAddress="192.168.0.1" subnetMask="255.255.255.0" />
<add allowed="true" ipAddress="127.0.0.1" subnetMask="255.255.255.0" />
</ipSecurity>
-->
<requestFiltering>
<requestLimits maxAllowedContentLength="524288000" />
</requestFiltering>
</security>
</system.webServer>
</location>
Thanks for that we can't lock by IP but instead, lock the frontend by password on staging and test. looking at this should be OK as /umbraco/* should be accessible I'll investigate further.
uSync V8 Publish
Hi Kevin,
I'm currently using uSync complete and think it's fantastic.
Since adding some code which locks down the front end of our site on the staging and test servers I'm seeing issues (even development checking itself!). When I go to uSync Publisher and do a local Check Access I get an Api Mismatch. As soon as I disable the locking of the site it all works correctly. Could you let me what paths are used to publish so I can whitelist these?
Thanks Andy
Hi Andy,
yes, the API endpoint between servers is at
umbraco/uSyncReceiveso this will need to be something servers can see on the other servers.you should see something at the end of the web.config for this -
this gives you a space to restrict by IP etc.
Hi Kevin,
Thanks for that we can't lock by IP but instead, lock the frontend by password on staging and test. looking at this should be OK as /umbraco/* should be accessible I'll investigate further.
Thanks Andy
Hi Andy,
feel free to reach out with anything you find.
the traffic is signed using HMAC Auth, this page sort of explains the flow https://dotnettutorials.net/lesson/hmac-authentication-web-api/
but all that happens between servers on the umbraco/uSyncReceive endpoint.
Hi Kevin,
Actually now having the URL I've sorted it - we were blocking more URLs than I thought we were!
Thanks for the speedy response!
Andy
is working on a reply...