Production environment: limiting access to the content authoring interface

Dean Lynn asked on August 16, 2015 21:14

I would like to restrict access to the content authoring elements of a production site. By default these components will be accessible by any user via the public internet, a weak username and password combination would pose a security vulnerability using this configuration.

Can anyone provide guidance on Kentico best practice for protecting the website authoring components i.e. how should I limit access to the CMS login page for recognised networks/users only e.g. IP restrictions.

Thanks,

Dean

Recent Answers

Suneel Jhangiani answered on August 17, 2015 14:04

You can use the IIS URL Rewrite module for this http://www.iis.net/learn/extensions/url-rewrite-module/request-blocking-rule-template

0 votesVote for this answer Mark as a Correct answer

Dean Lynn answered on August 17, 2015 19:31

Thanks for the reply Suneel.

Do you know if this is the recommended approach for preventing CMS access over the public internet? Have you implemented a similar configuration successfully?

0 votesVote for this answer Mark as a Correct answer

Suneel Jhangiani answered on August 17, 2015 21:59

This is actually very tricky to answer as it would depend on how you have structured the web app within Kentico as you may have modules that allow the addition of content within your web app (ie. the user doesn't need to go to the Kentico Backend). However, since the other thread you started is about staging, I would presume you will go that route and hence you should be able to use the IIS rewrite module on the live servers to stop all access to the '/Admin' sub-folder.

Note: the login page would still be accessible as it is in the CMSPages sub-folder. Hence you need to be aware about pages which have modules that users can use to add content.

0 votesVote for this answer Mark as a Correct answer

   Please, sign in to be able to submit a new answer.