I do not want people visiting my site to have access to umbraco backend. so I want to whitelist IP range through IIS who can visit backend url.
I know I can use whitelist and blacklist for IP ranges but it works for the whole site and not for a specific page.
Other approach is to write in global.asax check address from request like Request.UserHostAddress and compare it with my list and set the response.
But I want this to be handled through IIS settings.
Is this achievable or it has to be handled by code as below.
if(Request.UserHostAddress.Contains("aaa.bbb.cc") // part of IP address here
{
Response.Redirect("myurl");
}
You can use IIS Url Rewrite module to control this. There is a blog post here which discusses this and the rule has been reposted below for posterity.
<rule name="Restrict Access to Umbraco" stopProcessing="true">
<match url="^/umbraco/(.*)" />
<conditions>
<add input="{LOCAL_ADDR}" pattern="123\.123\.123\.123" />
</conditions>
<action type="Rewrite" url="/update-notice/" />
</rule>