I do not want people visiting my site to have access to umbraco backend. so I want to whitelist IP range through IIS who can visit backend url.
I know I can use whitelist and blacklist for IP ranges but it works for the whole site and not for a specific page.
Other approach is to write in global.asax check address from request like Request.UserHostAddress and compare it with my list and set the response.
But I want this to be handled through IIS settings.
Is this achievable or it has to be handled by code as below.
if(Request.UserHostAddress.Contains("aaa.bbb.cc") // part of IP address here
{
Response.Redirect("myurl");
}
You can use IIS Url Rewrite module to control this. There is a blog post here which discusses this and the rule has been reposted below for posterity.
<rule name="Restrict Access to Umbraco" stopProcessing="true">
<match url="^/umbraco/(.*)" />
<conditions>
<add input="{LOCAL_ADDR}" pattern="123\.123\.123\.123" />
</conditions>
<action type="Rewrite" url="/update-notice/" />
</rule>
Related
I have a web application running on one server and use IIS with rewriteURL on another server as a reverse proxy.
I configured the incoming rules to rewrite the reverse proxy address with the address of the web application server. This works fine.
However, the application allows users to download some content and redirects them to the download address. Right now, users get forwarded to the local IP address of the web application server, not the public address of the reverse proxy.
I understand, I need to edit the outbounding rules as well to catch this, but I somehow don't get it right.
I followed the instructions here
https://learn.microsoft.com/en-us/iis/extensions/url-rewrite-module/modifying-http-response-headers
and my current rewrite rules look like this
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="er-platform" stopProcessing="true">
<match url="^er-platform(.*)" />
<conditions>
<add input="{CACHE_URL}" pattern="^(https?)://" />
</conditions>
<action type="Rewrite" url="{C:1}://192.168.80.6:8443/{R:0}" />
<serverVariables>
<set name="ORIGINAL_HOST" value="{HTTP_HOST}" />
</serverVariables>
</rule>
</rules>
<outboundRules>
<rule name="er-platform" preCondition="IsRedirection" enabled="true">
<match serverVariable="RESPONSE_LOCATION" pattern="^(https?)://[^/]+/(.*)" />
<conditions logicalGrouping="MatchAny">
<add input="{ORIGINAL_HOST}" pattern=".+" />
</conditions>
<action type="Rewrite" value="{R:1}://{ORIGINAL_HOST}/{R:2}" />
</rule>
<preConditions>
<preCondition name="IsRedirection">
<add input="{RESPONSE_STATUS}" pattern="3\d\d" />
</preCondition>
</preConditions>
</outboundRules>
</rewrite>
</system.webServer>
</configuration>
I still get redirected to the local IP when trying to download something.
How do I need to change the rules to get this right?
Thanks,
Thomas
I don't think your outbound rule is incorrect. I have a couple of guesses for why it is failing.
First: Your inbound rule must match for your outbound rule to work. This is because ORIGINAL_HOST is captured when the inbound rule executes. Right now, your inbound rule is match the URL against ^er-platform(.*). I am going to assume that since this is a reverse proxy, that it is working because you wouldn't be able to start the download if it wasn't.
Second: The output rule only triggers on a 3xx code. This isn't the only way to redirect though. It's possible that you're redirecting using JavaScript. E.g. `window.location = 'http://wrongaddress'. In which case your outbound rule wouldn't work.
Next steps for debugging this:
Turn on Logging for the inbound rule.
Your logs will be written to %SystemDrive%\inetpub\logs\LogFiles\. Verify the inbound rule is being hit.
Verify what's happening on the wire:
Fiddler is a great tool for understanding what's actually happening on the wire. Use this to confirm that the URL rewrite rules should be hitting. I.e. that the request URL matches ^er-platform(.*) and that the response code is in the 300s.
Alternatively to Fiddler you could just get away with using Chrome Developer Tools Network tab. Turn on the 'Preserve log' checkbox so that it doesn't clear after you've been redirected. Verify what you think should be happening is actually happening.
None of the answers I've found to questions like this (notably this one) work for me, so here I go.
We are running IIS 8 on Windows Server 2012 R2. We have a wildcard certificate (*.mydomain.com) installed on the server. On the Default Web Site we have a single binding to accept incoming https requests on port 443. I have a second Web Site set with a single binding to accept incoming http requests on port 80.
On the latter Web Site I've created a URL Rewrite rule to redirect all incoming non-HTTP traffic to https://myserver.mydomain.com{REQUEST_URI}, and this works perfectly. If I browse to either http://myserver.mydomain.com/homepage or http://myserver/homepage, I am sucessfully redirected to the HTTPS version of the site with the full domain name included and thus it loads just fine.
If I browse to https://myserver.mydomain.com/homepage, the site also loads perfectly.
However, I am trying to create another URL Rewrite rule on the Default Web Site so that requests to https://myserver/homepage (Note: HTTPS but the full domain name is omitted) are redirected to the https://myserver.mydomain.com/homepage. The reason for this is that the SSL certificate is only matched if the full domain is included. As it stands, if I enter https://myserver/homepage I get a security warning (NET::ERR_CERT_COMMON_NAME_INVALID).
I've created the rule which I think should work, based on the answer I linked to above, but it doesn't work and I don't know why. My rule look like this:
<rewrite>
<rules>
<rule name="Redirect to FQDN" enabled="true" patternSyntax="ECMAScript" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTP_HOST}" pattern="^myserver$" />
<add input="{HTTPS}" pattern="^ON$" />
</conditions>
<action type="Rewrite" url="https://myserver.mydomain.com/{R:1}" />
</rule>
</rules>
</rewrite>
Even with this rule in place and enabled, when I browse to https://myserver/homepage I get the security message. What am I doing wrong with this rule?
Problem is that you have SSL only for *.mydomain.com. And when you accessing https://myserver it will return certificate error because your cert is not valid for this domain.
For better understanding about steps during SSL connection:
In your case, the problem is between step 2 and 3
I am having a classic ASP application which demands URL Rewriting like below
mysite.com/product.asp?prid=100
must be written like this
mysite.com/product/100/
I dont have direct server access as I am on a shared server, Here they provide Plesk as hosting panel
you need to set rule like this
<rule name="Rewrite to product">
<match url="^product/([_0-9a-z-]+)" />
<action type="Rewrite" url="/product.asp?&prid={R:1}" />
</rule>
I have a website running on IP address 1.2.3.4 with hostname www.host.com. The web server only have one website running on it, and it can be accessed by http://1.2.3.4, http://www.host.com, http://www.cname.com. I prefer users to access it by a CNAME www.cname.com (which maps to www.host.com), so I want to redirect traffic coming from http://1.2.3.4 or http://www.host.com to http://www.cname.com. Is it possible to achieve it with IIS URL Rewrite?
I tried the following rule but keeps getting redirect loop error.
<rule name="RedirectToMitigatr" stopProcessing="true">
<match url="^((?!www.cname.com).)*$" />
<action type="Redirect" url="https://www.cname.com/{R:1}" />
</rule>
What I think the rule should do is that it matches anything doesn't contain www.cname.com to https://www.cname.com. But apparently it's not :p
Thanks!
You cannot actually redirect traffic from an IP address to another.
I'm making the following assumptions:
1. you want your website on www.cname.com
2. host.com should redirect to www.cname.com
You are receiving an error since you are essentially redirecting traffic from www.cname.com to www.cname.com . You need to set url match to www.host.com
To do this,first you need to point www.cname.com to the same directory as your website host.com
Assuming you have mapped the name servers correctly, create a new virtual host for cname.com and point it to the SAME directory where you want your website
Visit http://support.microsoft.com/kb/816576 for more information
<rule name="RedirectToMitigatr" stopProcessing="true">
<match url="^((?!www.host.com).)*$" />
<action type="Redirect" url="https://www.cname.com/{R:1}" />
</rule>
I'm trying to use the URL Rewrite module for IIS 7.5 to redirect all HTTP requests to HTTPS for my ASP.NET website. The site works fine at the moment but forces the user to type the https:// in the address bar.
I followed the instructions in this article. Everything seems to be fine: I've tried putting the rule in the web.config and it shows up in the UI as it should; I've also done the reverse and can see the changes in the web.config when I use the UI to add the rule. I have RequireSSL unchecked for the site. Unfortunately I still just get a 404 when I try to hit the site via http://.
I've tried a few different action urls including {HTTP_HOST}/{R:1} and the one shown below.. nothing works.
<system.webServer>
<rewrite>
<rules>
<rule name="Redirect to https" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}"
redirectType="SeeOther" />
</rule>
</rules>
</rewrite>
</system.webServer>
I'm fairly new to this and pretty frustrated at this point. Seems like this should be a lot easier. Any advice would be appreciated, thanks..
Reposting from ServerFault as it's been sitting unanswered for a while.
HTTP Error 404. The requested resource is not found
Do you actually have binding for HTTP 80 port? Sounds like you do not have it (only HTTPS).
The reason I'm asking is the quoted text is the exact message that I would see if I request unknown to IIS domain (when there is no catch-all defined) or domain is not bound to the requested port.