As a web administrator, you would probably want to restrict the editing portal to the public and one way to achieve this is applying rules directly on yout configuration file so the access can be restricted by IP.
You probably have read this article from Optimizely (CMS 11) https://docs.developers.optimizely.com/digital-experience-platform/v1.3.0-DXP-for-CMS11-COM13/docs/restricting-environment-access where it describes how you can restrict the access by IP and how you can prevent public users to get into “/episerver” portal.
This is the rule you could use to restrict access:
<rule name="Block logins and dashboard in production" stopProcessing="true">
<match url="login.aspx|episerver" />
<conditions>
<add input="{HTTP_HOST}"
pattern="www\.mydxcsite\.com|prod\." />
<add input="{HTTP_True_Client_IP}"
pattern="^88\.250\.74\.6$"
negate="true"/>
</conditions>
<action type="CustomResponse"
statusCode="403"
statusReason="Forbidden"
statusDescription="Site is not accessible" />
</rule>
I just found an issue with this rule.
One of our clients reported that EpiForms were not working. The submit button was not doing anything. I looked at the console and see some error logs related to EpiForms
It seems the rule also block incoming requests to Episerver.Forms and that’s why the form was not responding. In order to make this work, you just need to update the match url and it will fix this issue:
<match url="^episerver$|^episerver/" />
Now, the submit button will work and the “/episerver” editing portal will be blocked if you don’t belong to a specific IP specified in the rule.
If you have a better pattern to apply, please add comments to the post 😉
Optimizely Developer Blog 