Restrict access to admin url to internal network only

Jon Bowen asked on January 25, 2018 15:43

I have a client with a public facing site that wants to prevent users outside their network from navigating to /admin. I'm pretty sure this isn't possible through Kentico (or any website for that matter) and has to be applied somewhere else like a firewall. But I wanted to ask to double check.

Thanks in advance.

Correct Answer

Peter Mogilnitski answered on January 25, 2018 16:05

You can do at the IIS level: select the admin folder in the IIS manager, and from the right hand, select IP Address and Domain Restrictions (which if is not visible, must be reached via Features View tab).

You have to enter the IP and Mask: google internal "private ip ranges and masks" and get the addresses and mask that you can put in.

1 votesVote for this answer Unmark Correct answer

Recent Answers

Michal Samuhel answered on January 25, 2018 15:57

Hi Jonathan,

In this case you might want to go above application level ans set ip restrictions on server.

IPSecurity element along with location.path specification should work fine for your client. For example: 

<location path="restricted">
   <system.webServer>
      <security>
        <ipSecurity allowUnlisted="false">
           <clear/>
            <!-- ADD IP-ADDRESSES TO ALLOW ACCESS -->
           <add ipAddress="10.10.10.10" allowed="true" />
           <add ipAddress="10.10.10.11" allowed="true" />
           <add ipAddress="10.10.10.12" allowed="true" />
           <add ipAddress="10.10.10.13" allowed="true" />
        </ipSecurity>
      </security>
      <modules runAllManagedModulesForAllRequests="true"/>
   </system.webServer>
 </location>
0 votesVote for this answer Mark as a Correct answer

   Please, sign in to be able to submit a new answer.