Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Dave Forster 28 posts 74 karma points
    Sep 03, 2010 @ 17:03
    Dave Forster
    1

    Prevent browsing to Umbraco Admin url

    Hi,

    This is my first post and I'm an Umbraco newbie so not sure whether i'm in the correct forum or whether this question has been asked/answered before (a search didn't throw up any results).. here goes :

    Is it possible to prevent a site visitor from accessing the admin login page for Umbraco.  I would like to make the standard admin url inaccessible and instead set up a dedicated url for it.

    example :
    prevent any visitor typing in http://www.mysite.com/umbraco/

    then have the admin area accessible via :
    http://cms.mysite.com/

    Having browsed some of the "sites using umbraco" I've noticed that some use default behaviour where you can browse directly to admin login and others seem to have this disabled (e.g. heinze.com).  I'd like to know how this is achieved.

    Any help appreciated

    Dave

  • Dave Forster 28 posts 74 karma points
    Sep 10, 2010 @ 17:15
  • Connie DeCinko 931 posts 1160 karma points
    Oct 04, 2010 @ 20:34
    Connie DeCinko
    0

    The discuss never came to a solid conclussion, just a hack of renaming the login file.

     

  • Seth Niemuth 275 posts 397 karma points
    Oct 05, 2010 @ 10:25
    Seth Niemuth
    0

    http://our.umbraco.org/forum/getting-started/installing-umbraco/13272-How-to-Lock-Down-Umbraco-Backend

     

    Ismail makes a good point that you could ip restrict the backend. Another thing that you could do is on the IIS site for mysite.com you could redirect anyone going to the umbraco folder back to the main site and for cms.mysite.com you can set the home as /umbraco/umbraco.aspx.

  • Tim 1193 posts 2675 karma points MVP 3x c-trib
    Oct 05, 2010 @ 11:14
    Tim
    1

    There are several ways you can do this.

    The simplest is to simply rename the Umbraco folder to something else (works best with 4.5+), and set the folder name to something that's hard to guess.

    Next is to restrict the access via IIS. You can set the IP Address(es) that are allowed to view the /umbraco folder (usually restructed to the client's IP addresses, and maybe the agency responsible for the site so they cab carry out maintenance if necessary). Anyone not in the address range will simply get a 404 error, and for al intents and purposes the site will not exist for them.

    Next is to restrict access at the firewall. If the server is behind a firewall, you can set up a rule to restrict access to the /umbraco folder there. The error the user will get will depend on the way your firewall is configured.

    If you're running IIS7+, you could write a .Net module to handle the filtering for you and add that to the website, but that would be a bit pointless as the functionality you need is already built into IIS, but it might be an option if you want to make the IP ranges that have access to the site manageable via the umbraco interface.

    Finally, if your server has ISAPI_Rewrite on it, you can use conditional rules to redirect all users except for the IP ranges you want to the homepage if they try and access the umbraco admin URL.

    Hope that's useful!

    :)

  • Dave Forster 28 posts 74 karma points
    Oct 05, 2010 @ 11:31
    Dave Forster
    0

    @Tim @Seth

    Hi thanks guys, very useful info.  I'd forgot i'd even posted this question :)

  • Scott McCown 15 posts 37 karma points
    Sep 18, 2011 @ 07:41
    Scott McCown
    0

    Here's the link to restrict access to the Umbraco login to a certain set of IP addresses...

  • Yitro Kurniawan 2 posts 22 karma points
    Jun 17, 2016 @ 03:23
    Yitro Kurniawan
    0

    Hi,

    In case you found the ipSecurity won't worked. Please enable read/write in feature delegation as described here : http://stackoverflow.com/questions/16220819/internal-server-error-with-web-config-ipsecurity

    For others that run into this issue. The cause of the issue is that Feature Delegation doesn't allow the feature to be managed by web.config.

    To Fix:

    Verify that the Feature is enabled for web.config management

    In IIS 7, click on the root server Double click Feature Delegation (under management) Scroll down to IPv4 Address and Domain Restrictions Change the delegation to Read/Write (in my case it was Read Only, which was the issue)

Please Sign in or register to post replies

Write your reply to:

Draft