Can I define an IP restriction in my web.config that only applies to
/blog/admin.php
I could only find information about restricting access to everything.
Related
Some of my apps are not working from some customers site, I later discovered that this was because I am using the default websites for my app hosting that is the url is myapp.azurewebsites.net which was not whitelisted on the customers firewall. The customer whitelisted my website domain name and its sub domain names .i.e mywebsite.com and *.mywebsite.com are all whitelisted.
If i were to create CNAME record which has a CNAME pointer to the azure default web app for example myapp.mywebsite.com points to myapp.azurewebsites.net, will this get around the issue ? Or do I need to whitelist myapp.azurewebsites.net Or its IP address that is the IP address of myapp.azurewebsites.net ?
Firstly, by default, apps hosted in App Service are accessible directly through the internet and can reach only internet-hosted endpoints. So, typically, anyone with the URL without any specific local network/firewall/proxy restrictions can access the WebApp URL.
As I understand, your WebApp is open to the public and only a few users (on a specific network), have trouble accessing the site. Plus, there are no access restrictions that you have implemented from the WebApp side.
Just to highlight,
Network administrators often deploy proxy servers, firewalls, or other
devices, which can help secure and give control over how users access
the internet. Rules designed to protect users can sometimes block or
slow down legitimate business-related internet traffic. This traffic
includes communications between you and Azure over the URLs listed
here.
Reference : Allow the Azure portal URLs on your firewall or proxy server
So, on case-case basis, for the affected network, you may have them add appservice.azure.com (Azure App Services) in the allowed list.
Or
As your customer performed – “The customer whitelisted my website domain name and its sub domain names .i.e mywebsite.com and *.mywebsite.com are all whitelisted.” have them add the URLs to allowedlist.
Or
Since IP address of your WebApp (see the reasons for the change), the best route would be for you to set up a custom domain for your WebApp.
Kindly check this doc - Tutorial: Map an existing custom DNS name to Azure App Service
The CNAME maps to the app's default hostname instead, which is less susceptible to change. | | Wildcard | *.contoso.com | CNAME record. |
-- As a side note (as indicated above), by setting up access restrictions, you can define a priority-ordered allow/deny list that controls network access to your app. Which is the opposite of your scenario, just sharing as FYI, in case you wish to know about access restrictions from WebApp side. Set up Azure App Service access restrictions
In a web.config, how can I incapacitate a specific page, which would be accessible for one subdomain only?
Example:
*.domain.com/tsointsoin is inaccessible all the time, for all users
test.domain.com/tsointsoin is accessible
*.domain.com/* are all accessible
One of our customers is planning to change the public IP address of their server where their website is hosted (in-house on IIS).
The website was built with Classic ASP.
What changes are needed on the server after the IP address change, and where would they be?
(I know this question is very vague but this is all the information I have for now - apologies.)
Normally there will be no dependencies on a specific IP address in classic ASP.
IIS ofcourse manages on which IP address(es) and which hostnames the (asp) site will respond (in the bindings setting for the site), and the public DNS settings are responsible for routing the proper hostname to the correct (new) IP address, but ASP code doesn't care about hostnames or ip-addresses, it just responds to whatever IIS thinks should be handled by the site in question.
The DNS will propably be hosted at the companies Internet provider, you should check if the site in IIS has the correct bindings, and if it is not configured to respond to specifically the old IP address.
If the server uses multiple IP addresses you may need to alter the bindings in IIS manager to ensure that the domain of your website is associated with the correct IP, and obviously you will need to update the DNS record for your domain. Neither of these are specific to Classic ASP
On a legacy server, we have an IIS7 site that has multiple IP addresses listed in the IPv4 Address and Domain Restrictions list. We are migrating this site to a new server. When I opened the web.config for the site expecting to find these IP addresses, I was unable to find any of these IPs listed (or even an ipSecurity section). I confirmed this is a custom list (not inherited from parent) and confirmed no IP restrictions exist for the server level either. I even checked my machine.config files for all .net versions.
Where does IIS store these IP restrictions settings if not in the web.config?
%windir%\system32\inetsrv\config\applicationHost.config is the file.
I am using multiple domains to access liferay portal instance.
For example following are the domains mapped in hosts file of windows:
www.liferaytest1.com
www.liferaytest2.com
and in Liferay's Control Panel → Portal Settings, www.liferaytest1.com is set as virtual host.
I can access portal instance with all above mention domains along with localhost.
When I access portal with www.liferaytest1.com then I can access Guest site pages directly. Say, home is a page in Guest site then instead of accessing with www.liferatest1.com/web/guest/home I can access it directly with www.liferaytest1.com/home
So URL is shortened to some extend.
So far so good.
First Concern
Now when I try to access portal via www.liferaytest2.com and when I click any sites listed in My Sites portlet of Liferay, it redirects me to that site with the domain mentioned in virtual host i.e. www.liferaytest1.com instead of retaining www.liferaytest2.com.
Suppose I have a Site named Help, so when I click on help site link in My Sites portlet then instead of staying with www.liferaytest2.com domain it redirects me with www.liferaytest1.com domain.
This is due to virtual host mapping done in liferay.
Second Concern
When I am accessing the portal with www.liferaytest2.com and subscribe to any of the Assets then the links in email contain the virtual host domain i.e www.liferaytest1.com.
How to overcome above mention issues?
My requirement is to stay relative to the portal accessing domain.
When I access portal via www.liferaytest2.com then it should not redirect me to www.liferaytest1.com on-click of any of the Site-links as explained above and also emails that I would be getting should also be relative to the domain I am accessing i.e. www.liferaytest2.com.
First of all: You're not required to use that feature - it's implemented in a certain way (e.g. as you describe) and if that doesn't suit your needs, there's no need to configure individual virtual hosts. There's no problem serving all content through just a single virtual host or do the resolution on Apache (e.g.) - that is, fully external to Liferay. The only drawback is that you'll need the clue of the site you want to access (e.g. /web/guest as part of the URL) so that Liferay knows what content to serve.
However, you might be closer to what you'd like to achieve if you change URLs to a structure like test1.example.com and test2.example.com - this way you share at least the toplevel domain and might be able to do some cheaper single-sign-on (you can still do SSO with completely different domains)
You don't need to change the virtual host in Control Panel → Portal Setting for such requirement. Rather keep it to localhost. This will resolve both of your concerns.
Next you want to access portal using two different domain, you can do it through DNS settings. Map both to same IP (the IP of Liferay portal) and you will reach Liferay portal using any one. It will not change the url and will stay from the name initiated.