Set IP restriction for the Kentico administration login

Stefan Sturm asked on November 23, 2016 17:26

Hello,

is there a kentico default way to restrict access to the login page (/CMSPages/logon.aspx?ReturnUrl=%2fAdmin%2fCMSAdministration.aspx) by ip.

If not what approach would be the best to achief this.

Currently working with kentico 8.

Kind regards Stefan

Recent Answers

Peter Mogilnitski answered on November 23, 2016 18:06 (last edited on November 23, 2016 18:07)

I would try to experiment with editing web.config in cms\admin\ folder: put there something like

<system.webServer>
<security>
    <ipSecurity allowUnlisted="false">    <!-- this line blocks everybody, except those listed below -->                
        <clear/> <!-- removes all upstream restrictions -->
        <add ipAddress="127.0.0.1" allowed="true"/>    <!-- allow requests from the local machine -->
    </ipSecurity>
</security>
</system.webServer>

P.S. Do it in a test environment :)

1 votesVote for this answer Mark as a Correct answer

Stefan Sturm answered on November 23, 2016 18:12

Hello Peter M,

this was my first atemped. Currently im trying this.

<location path="Admin/CMSAdministration.aspx">
    <system.webServer>
      <security>
        <ipSecurity allowUnlisted="false">
          <clear />
          <add ipAddress="144.3.26.10" allowed="true"/> (sample ip) 
        </ipSecurity>
      </security>
    </system.webServer>
  </location>

Unfortunatly this causes a 500 error although i ensured that the server role "IP and Domain Restrictions" is installed.

IIS version 8.

0 votesVote for this answer Mark as a Correct answer

Peter Mogilnitski answered on November 23, 2016 18:23

Stefan, You may try to do it via IIS Manager: pick your site, choose admin folder and click "IP Address and Domain Restrictions" see if you can do from there.

0 votesVote for this answer Mark as a Correct answer

Anton Grekhovodov answered on November 24, 2016 06:12

Hi Stefan,

Maybe you need to enable this feature on your webserver before using. Read documentation IP Security

1 votesVote for this answer Mark as a Correct answer

Chetan Sharma answered on November 28, 2016 11:32

There is a Kentico module "Banned IPS", I think we can utilize this too

https://docs.kentico.com/display/K9/Banning+IP+addresses

1 votesVote for this answer Mark as a Correct answer

Om Anand answered on December 5, 2016 07:03

Thanks Chetan, that helped for me.

0 votesVote for this answer Mark as a Correct answer

   Please, sign in to be able to submit a new answer.