Restricting Environment Access “/Episerver”

As a web administrator, you would probably want to restrict the editing portal to the public and one way to achieve this is applying rules directly on yout configuration file so the access can be restricted by IP.

You probably have read this article from Optimizely (CMS 11) https://docs.developers.optimizely.com/digital-experience-platform/v1.3.0-DXP-for-CMS11-COM13/docs/restricting-environment-access where it describes how you can restrict the access by IP and how you can prevent public users to get into “/episerver” portal.
This is the rule you could use to restrict access:

<rule name="Block logins and dashboard in production" stopProcessing="true">
  <match url="login.aspx|episerver" />
  <conditions>
	<add input="{HTTP_HOST}" 
		 pattern="www\.mydxcsite\.com|prod\." />
	<add input="{HTTP_True_Client_IP}" 
		 pattern="^88\.250\.74\.6$" 
		 negate="true"/>
  </conditions>
  <action type="CustomResponse" 
		  statusCode="403" 
		  statusReason="Forbidden" 
		  statusDescription="Site is not accessible" />
</rule>

I just found an issue with this rule.

One of our clients reported that EpiForms were not working. The submit button was not doing anything. I looked at the console and see some error logs related to EpiForms

Chrome console logs

It seems the rule also block incoming requests to Episerver.Forms and that’s why the form was not responding. In order to make this work, you just need to update the match url and it will fix this issue:

<match url="^episerver$|^episerver/" />

Now, the submit button will work and the “/episerver” editing portal will be blocked if you don’t belong to a specific IP specified in the rule.

If you have a better pattern to apply, please add comments to the post 😉

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: