+1-888-365-2779
Try Now
More in this section

Forums / Security / Prohibit administration from the Internet

Prohibit administration from the Internet

8 posts, 0 answered
  1. Jorge
    Jorge avatar
    5 posts
    Registered:
    10 Jun 2009
    22 Dec 2009
    Link to this post
    I have Sitefinity project and I want to know how to prohibit accessing administration pages (in http://myserver/myproject/Sitefinity) from the Internet. I only want to allow this operations from the internal network.

    Thanks


  2. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    Registered:
    25 Nov 2016
    22 Dec 2009
    Link to this post
    Hello Jorge,

    You can use IIS deny by IP option. You can take a look at

    Securing Sites with IP Address Restrictions (IIS 6.0)
    Configure IP Address and Domain Name Restrictions (IIS 6.0)
    HOW TO: Restrict Site Access by IP Address or Domain Name

    Another option could be creating a simple HttpModule that checks each request and deny external IP addresses if you try to request domain.com/sitefinity, but the better option is using IIS configuration.

    Sincerely yours,
    Ivan Dimitrov
    the Telerik team

    Instantly find answers to your questions on the new Telerik Support Portal.
    Watch a video on how to optimize your support resource searches and check out more tips on the blogs.
  3. SelAromDotNet
    SelAromDotNet avatar
    912 posts
    Registered:
    18 Jul 2012
    05 Feb 2010
    Link to this post
    just wanted to mention, you might not want to restrict the /sitefinity folder entirely, because some of the templates may need to be accessed. I'm not sure if this has changed but I had some issues before when I blocked the whole folder

    instead I restrict by IP to the /sitefinity/admin folder as well as the /sitefinity/login.aspx page. both of these can be setup in IIS.

    hope this was helpful!
  4. jkregala
    jkregala avatar
    159 posts
    Registered:
    22 Sep 2009
    20 Jan 2011
    Link to this post
    Hi SelArom, thanks for the tip, but could you elaborate a little bit more on the steps you did or perhaps an article that I could follow? Thanks :)
  5. Dave
    Dave avatar
    3 posts
    Registered:
    25 Feb 2009
    08 Feb 2011
    Link to this post
    I'd be interested to hear if there is any concern over restricting access to the entire Sitefinity folder.  I've done this in our test site and when testing from an external IP, all of the website functionality seems to work fine.  But based on SelArom's comment, I now have some concern about doing this.

    Is there an official recommendation from Sitefinity on this?  Can we IP address restrict the entire Sitefinity folder, or should we just be restricting access to the login.aspx and the admin folder?
  6. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    Registered:
    25 Nov 2016
    08 Feb 2011
    Link to this post
    Hi,

    There is no problem to restrict Sitefinity folder by. We use this approach on Sitefinity.com and Telerik.com. There are certain folders that reside inside Sitefinity folder that have images which are excluded from the IP restriction.

    Regards,
    Ivan Dimitrov
    the Telerik team
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  7. SelAromDotNet
    SelAromDotNet avatar
    912 posts
    Registered:
    18 Jul 2012
    08 Feb 2011
    Link to this post
    The only reason I initially had issue with restricting the entire Sitefinity folder was because that is where the external templates were located. We eventually used our own custom templates in a folder outside of /Sitefinity so, although we never changed the settings, we probably could just change it to restrict the whole folder without issue.

    @jkregala perhaps these articles will be helpful to you:

    IIS 6: http://www.hosting.com/support/dedicated/IIS/blockip
    IIS 7: http://learn.iis.net/page.aspx/548/using-dynamic-ip-restrictions/
  8. Dave
    Dave avatar
    3 posts
    Registered:
    25 Feb 2009
    08 Feb 2011
    Link to this post
    Thanks for everyone's feedback.  I did some more testing with IP Address restricting the entire folder, and as Ivan said, there are certain folders that would need to be excluded. 

    For instance, we have some image libraries in the Images and Documents module.  Normally the images open with a lightbox effect, however this is broken when restricting access to the entire Sitefinity folder.  It looks like there is an ExternalLibraries folder that contains the lightbox javascript, css, etc... and when the site is viewed by an external user, they don't have access.

    Rather than selectively removing the IP address restriction on the various folders impacted by this, we are just moving forward with IP address restricting the login.aspx page individually.  Our main goal was to reduce our security footprint and prevent potential brute-force login attempts to SiteFinity.  I think this accomplishes that for the most part.

Register for webinar
8 posts, 0 answered