Forums

Skip Navigation LinksHome / Developer Network / Forums / Sitefinity Older Versions (3.x): Security > Prohibit administration from the Internet

Prohibit administration from the Internet

Feed from this thread
  • Jorge avatar

    Posted on Dec 22, 2009 (permalink)

    I have Sitefinity project and I want to know how to prohibit accessing administration pages (in http://myserver/myproject/Sitefinity) from the Internet. I only want to allow this operations from the internal network.

    Thanks


    Reply

  • Ivan Dimitrov Ivan Dimitrov admin's avatar

    Posted on Dec 22, 2009 (permalink)

    Hello Jorge,

    You can use IIS deny by IP option. You can take a look at

    Securing Sites with IP Address Restrictions (IIS 6.0)
    Configure IP Address and Domain Name Restrictions (IIS 6.0)
    HOW TO: Restrict Site Access by IP Address or Domain Name

    Another option could be creating a simple HttpModule that checks each request and deny external IP addresses if you try to request domain.com/sitefinity, but the better option is using IIS configuration.

    Sincerely yours,
    Ivan Dimitrov
    the Telerik team

    Instantly find answers to your questions on the new Telerik Support Portal.
    Watch a video on how to optimize your support resource searches and check out more tips on the blogs.

    Reply

  • SelAromDotNet Master avatar

    Posted on Feb 5, 2010 (permalink)

    just wanted to mention, you might not want to restrict the /sitefinity folder entirely, because some of the templates may need to be accessed. I'm not sure if this has changed but I had some issues before when I blocked the whole folder

    instead I restrict by IP to the /sitefinity/admin folder as well as the /sitefinity/login.aspx page. both of these can be setup in IIS.

    hope this was helpful!

    Reply

  • jkregala Intermediate avatar

    Posted on Jan 19, 2011 (permalink)

    Hi SelArom, thanks for the tip, but could you elaborate a little bit more on the steps you did or perhaps an article that I could follow? Thanks :)

    Reply

  • Damon avatar

    Posted on Feb 8, 2011 (permalink)

    I'd be interested to hear if there is any concern over restricting access to the entire Sitefinity folder.  I've done this in our test site and when testing from an external IP, all of the website functionality seems to work fine.  But based on SelArom's comment, I now have some concern about doing this.

    Is there an official recommendation from Sitefinity on this?  Can we IP address restrict the entire Sitefinity folder, or should we just be restricting access to the login.aspx and the admin folder?

    Reply

  • Ivan Dimitrov Ivan Dimitrov admin's avatar

    Posted on Feb 8, 2011 (permalink)

    Hi,

    There is no problem to restrict Sitefinity folder by. We use this approach on Sitefinity.com and Telerik.com. There are certain folders that reside inside Sitefinity folder that have images which are excluded from the IP restriction.

    Regards,
    Ivan Dimitrov
    the Telerik team
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items

    Reply

  • SelAromDotNet Master avatar

    Posted on Feb 8, 2011 (permalink)

    The only reason I initially had issue with restricting the entire Sitefinity folder was because that is where the external templates were located. We eventually used our own custom templates in a folder outside of /Sitefinity so, although we never changed the settings, we probably could just change it to restrict the whole folder without issue.

    @jkregala perhaps these articles will be helpful to you:

    IIS 6: http://www.hosting.com/support/dedicated/IIS/blockip
    IIS 7: http://learn.iis.net/page.aspx/548/using-dynamic-ip-restrictions/

    Reply

  • Damon avatar

    Posted on Feb 8, 2011 (permalink)

    Thanks for everyone's feedback.  I did some more testing with IP Address restricting the entire folder, and as Ivan said, there are certain folders that would need to be excluded. 

    For instance, we have some image libraries in the Images and Documents module.  Normally the images open with a lightbox effect, however this is broken when restricting access to the entire Sitefinity folder.  It looks like there is an ExternalLibraries folder that contains the lightbox javascript, css, etc... and when the site is viewed by an external user, they don't have access.

    Rather than selectively removing the IP address restriction on the various folders impacted by this, we are just moving forward with IP address restricting the login.aspx page individually.  Our main goal was to reduce our security footprint and prevent potential brute-force login attempts to SiteFinity.  I think this accomplishes that for the most part.

    Reply

    • Register for webinar
Skip Navigation LinksHome / Developer Network / Forums / Sitefinity Older Versions (3.x): Security > Prohibit administration from the Internet