Join our community!

Get everything you need to start developing EPiServer solutions.

Securing EPiServer edit and admin mode by IP address

David Knipe
Monday, 20 September 2010
Security  Edit Mode  Admin mode 

  • Number of votes: 4
  • Views: 4291
  • Average rating:

Recently I read an EPiServer forum post about securing EPiServer edit and admin mode. If I understood the post correctly then there is a public facing EPiServer site, using the standard SQL providers. The requirement was to prevent access to edit and admin mode to all but a restricted set of IP addresses.

This is quite easily achieved by following these steps:

IIS 6

  • Under your site > Create a virtual directory name that matches /path/to/your/UI (e.g. /epiUI/)
  • Ensure the virtual directory points to an EMPTY directory on your machine
  • Right click on new folder > Click "Properties"
  • "Directory Security" Tab
  • "IP address and domain name restrictions" > Edit button
  • Edit IP restrictions as appropriate
  • Click OK
  • Click OK to close the "Properties" window

IIS 7

  • Under your site > Create a virtual directory name that matches /path/to/your/UI (e.g. /epiUI/)
  • Ensure the virtual directory points to an EMPTY directory on your machine
  • Click the newly folder created folder
  • Double click "IP Address and Domain Restrictions" (if you do have have access to this feature see my other post which describes how to enable features in IIS 7 amongst other things)
  • Under actions > Click "Edit Feature settings"
  • In "Access for unspecified clients" select Deny > Click OK
  • Under actions > Click > Add Allow Entry
  • Add IP entries or ranges as appropriate
  • Click OK

If you try to access the restricted folder and are denied access then you will get a HTTP 403.6 error. In the light of recent Microsoft Security Announcements you should monitor for this error and take appropriate action.

You may need to restart you site/IIS for the changes to take effect.

Comments

About the blogger

David Knipe
EPiServer Ltd
Esteemed Citizen

I work in London for EPiServer as a Principal Solution Architect. Before joining EPiServer I was a EPiServer Most Valued Professional

Syndication and Sharing