How to avoid the external user to link to /cmspages/logon.aspx - kentico

How to avoid external users to link on /cmspages/logon.aspx.
I want when they will type the www.domainname.com/cmspages/logon.aspx to block them.

I think it really depends on what you mean by an external user.
One approach I've taken before when I only want people within my office/network to be able to access the Admin pages, it to use an IP lockdown via the UrlRewrite extension. This approach works in IIS (once the extension is installed) and Azure App Services.
A rule something like this should do the trick:
<rule name="RequestBlockingRule1" patternSyntax="Wildcard" stopProcessing="true">
<match url="cmspages*" />
<conditions>
<add input="{REMOTE_ADDR}" pattern="45.56.78.*" negate="true" />
</conditions>
<action type="CustomResponse" statusCode="401" statusReason="Unauthorized: Access is denied due to invalid credentials" statusDescription="You do not have permission to view this directory or page using the credentials that you supplied." />
</rule>
This will block access to all cmspages (possibly too agressive) if the IP of the visitor does not match the given pattern.

Related

Azure redirect from domain with expired certificate

I have chosen to move a domain with an expired SSL certificate to a subdomain on a different valid wildcard certificate.
I used the following web.config section to perform the redirect:
<rule name="Redirect corporate to subdomain" stopProcessing="true">
<match url=".*" />
<conditions>
<add input="{HTTP_HOST}" pattern="^www.woodfordcorporate.co.za$" />
</conditions>
<action type="Redirect" url="https://corporate.woodford.co.za/{R:0}" appendQueryString="true" redirectType="Permanent" />
</rule>
It doesn't seem to be working, even after I clear the browser cache, and I'm wondering if the fact that the domain is still listed in the Azure site configuration is causing the certificate to be evaluated before the web.config is processed? Surely I need the domain to be listed under custom domains and TLS/SSL settings, otherwise the users will never reach the site in the first place?
How can I achieve a redirect in this case?

Domain mapping with AzureWebAPP and Storage account

Is it possible to redirect one domain (MyMenu.com) to two different destinations?
MyMenu.com ---> AzureStorageAccount (StorageAccount URL for static website)
Admin.MyMenu.com ---> AzureWebApp (https://ExampleMenuApp.azurewebsites.net/)
Note: I have a domain from GoDaddy (MyMenu.com). How to make Admin.MyMenu.com ?
Thanks in advance.
Yes, you can use rewrite. Code like below in web.config.
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="mydomain.com" stopProcessing="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAll">
<add input="{HTTP_HOST}" pattern="^(admin.mydevapp.nl)$" />
<add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
</conditions>
<action type="Redirect" url="https://examplemenuapp.azurewebsites.net/" redirectType="Temporary" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>
Test Result:
My domain config on portal.
Yes you can do that. Say you have mymenu.com, which is the root domain, and you have admin.mymenu.com which is a subdomain of mymenu.com. The subdomain is considered as an extension or a child item of the root domain and it can have its own properties, such has pointing to different IPs/websites etc.
Because you're using Azure Storage Account and Azure Web Apps, all you need to do is create two different CNAMES in Godaddy that will each point to the different service URL you provided. You also need to verify the domains/subdomains with each individual service before you can assign a domain.
See Azure documentation to create a custom domain.

301 Redirect in Azure

This has probably been asked many times, but I have a purchased domain (through 1&1 if that matters) foobar.com. I have setup custom domains in Azure and domain to forward to an azure app service I built, and that is working fine when someone goes to foobar.com. What I am seeing is if someone goes to www.foobar.com. they get an ugly web app not found (an Azure screen). What do I need to setup to make this redirect work. Do I need to update the domain/azure in someway? I have the following rule in my Web.config
<rules>
<rule name="Redirect old-domain to new-domain" stopProcessing="true">
<match url=".*" />
<conditions>
<add input="{HTTP_HOST}" pattern="^www.foobar.com$" />
</conditions>
<action type="Redirect" url="http://foobar.com/{R:0}" redirectType="Permanent" />
</rule>
</rules>
I always solve this with CNAME not through web.config. Take a look if you followed the steps described in here:
https://learn.microsoft.com/en-us/azure/cloud-services/cloud-services-custom-domain-name-portal

MS azure remove default domain

I created web app named XYZ in MS Azure. It automatically created domain XYZ.azurewebsites.net. Then I bought and added a custom domain. The problem now is the XYZ.azurewebsites.net still shows what has been deployed to my domain MYDOMAIN.COM. How can I remove the default domain?
You can't remove Azure's DNS record - that is how everything for your web app is controlled/managed in Azure. You can add no-index and no-follow options for search engines and add a permanent redirect in your app from the Azure DNS to yours.
Alright, so after some googling, I found out this is a common problem with using Azure (shame MS doesnt makes life easier here).
I solved it by using permanent redirect in web.config from this thread
Getting mapped custom domain url in Azure
Thank you for taking interest
Petr
I was using the Web Application Gateway with my Azure App service and I found the below option of 'Access Restrictions' after that it stopped all the traffic on my default DNS link of https://SAMPLE.azurewebsites.net
Here is the way to look for 'Access Restrictions'
I added two rules to my web.config file. The first was a rule to perform a permanent redirect from the default domain to the custom domain. You can also throw a forbidden error message with HTTP status code 403. The second rule was an outbound rule to block search engine requests to the default domain.
<system.webserver>
<rewrite>
<rules>
<rule name="Redirect old-domain to new-domain" stopProcessing="true">
<match url=".*" />
<conditions>
<add input="{HTTP_HOST}" pattern="^old-domain.azurewebsites.net$" />
</conditions>
<action type="Redirect" url="https://new-domain.com/{R:0}" redirectType="Permanent" />
</rule>
</rules>
<outboundRules>
<rule name="Noindex Domains">
<match serverVariable="RESPONSE_X_Robots_Tag" pattern=".*" />
<conditions>
<add input="{HTTP_HOST}" pattern="^old-domain.azurewebsites.net$" />
</conditions>
<action type="Rewrite" value="NOINDEX, NOFOLLOW"/>
</rule>
</outboundRules>
</rewrite>
</system.webServer>
If your site is verified with Google under its Search Console, you can also temporarily remove a URL from search results; it lasts 6 months. Go to Removals, click the "New Request" button and then use a URL prefix as the option for blocking indexing; it will block all requests beginning with the URL instead of the root URL only. This request can take a little while to process. You can also submit a Change of Address request to let Google know you have changed site URLs by going to Settings > Change of address, where you can specify the old domain and new/moved domain.

Getting mapped custom domain url in Azure

My azure web application (myapp.azurewebsites.net) is mapped to a custom domain (client1.mycompany.com).
I will be mapping it to some more custom domains (client2.mycompany.com, client3.mycompany.com etc.) one per each client.
In web application I am using
HttpContext.Current.Request.Url.Host
to get custom domain address which is accessing the application. But it is sometimes returning myapp.azurewebsites.net instead of custom domain.
Any idea how I can custom domain url in Azure in reliable way?
As Admir said in his answer the default *.azurewebsites.net binding cannot be removed, but it is very easy to prevent users from using this domain name for your site.
<rewrite>
<rules>
<rule name="Canonical Host Name" patternSyntax="Wildcard" stopProcessing="true">
<match url="*" />
<conditions logicalGrouping="MatchAll">
<add input="{HTTP_HOST}" pattern="client1.mycompany.com" negate="true" />
</conditions>
<action type="Redirect" url="http://client1.mycompany.com/{R:1}" redirectType="Permanent" />
</rule>
</rules>
</rewrite>
*.azurewebsites.net is not removable which means it is out of your control if someone will access your website through that DNS binding, which explains why you get that when you attempt to inspect HttpContext.Current.Request.Url.Host.
Only thing you can do is to choose to ignore requests coming directly to that binding, by redirecting user to:
Custom page (i.e. 404)
Some default custom domain

Resources