Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Andy Felton 146 posts 425 karma points c-trib
    1 week ago
    Andy Felton
    0

    uSync V8 Publish

    Hi Kevin,

    I'm currently using uSync complete and think it's fantastic.

    Since adding some code which locks down the front end of our site on the staging and test servers I'm seeing issues (even development checking itself!). When I go to uSync Publisher and do a local Check Access I get an Api Mismatch. As soon as I disable the locking of the site it all works correctly. Could you let me what paths are used to publish so I can whitelist these?

    Thanks Andy

  • Kevin Jump 1562 posts 10037 karma points MVP 3x c-trib
    1 week ago
    Kevin Jump
    100

    Hi Andy,

    yes, the API endpoint between servers is at umbraco/uSyncReceive so this will need to be something servers can see on the other servers.

    you should see something at the end of the web.config for this -

      <location path="umbraco/uSyncReceive">
        <!-- Up the file upload limit to 500mb, this is for moving media around -->
        <system.web>
          <httpRuntime maxRequestLength="512000"/>
        </system.web>
        <system.webServer>
          <security>
            <!-- Restrict API access by IP - you can here restrict so only servers can talk to each other -->
            <!--
            <ipSecurity allowUnlisted="false">
              <add allowed="true" ipAddress="192.168.0.1" subnetMask="255.255.255.0" />
              <add allowed="true" ipAddress="127.0.0.1" subnetMask="255.255.255.0" />
            </ipSecurity>
            -->
            <requestFiltering>
              <requestLimits maxAllowedContentLength="524288000" />
            </requestFiltering>
          </security>
        </system.webServer>
      </location>
    

    this gives you a space to restrict by IP etc.

  • Andy Felton 146 posts 425 karma points c-trib
    1 week ago
    Andy Felton
    0

    Hi Kevin,

    Thanks for that we can't lock by IP but instead, lock the frontend by password on staging and test. looking at this should be OK as /umbraco/* should be accessible I'll investigate further.

    Thanks Andy

  • Kevin Jump 1562 posts 10037 karma points MVP 3x c-trib
    1 week ago
    Kevin Jump
    0

    Hi Andy,

    feel free to reach out with anything you find.

    the traffic is signed using HMAC Auth, this page sort of explains the flow https://dotnettutorials.net/lesson/hmac-authentication-web-api/

    but all that happens between servers on the umbraco/uSyncReceive endpoint.

  • Andy Felton 146 posts 425 karma points c-trib
    1 week ago
    Andy Felton
    0

    Hi Kevin,

    Actually now having the URL I've sorted it - we were blocking more URLs than I thought we were!

    Thanks for the speedy response!

    Andy

Please Sign in or register to post replies

Write your reply to:

Draft