dcsimg
www.webdeveloper.com
Results 1 to 6 of 6

Thread: restricting access to CMS not working

  1. #1
    Join Date
    May 2015
    Posts
    1

    restricting access to CMS not working

    I wanted to hide my website's CMS login page from public and restrict access to it to the 2 public ips which where assigned to our enterprise's PCs by the hosting . so I added the following lines to .htaccess file:
    Order deny,allow
    Deny from all
    Allow from 'first public ip'
    Allow from 'second public ip'
    It worked pretty well as long as we request the website by ip. Once we requested it by domain name it gives a forbidden page even if the connection is made by a pc from within the enterprise. I searched over and over again and haven't got to what went wrong.any help?

    *** Moderator note: Please do not use a large font for your posts, it is equivalent to shouting ***
    Last edited by jedaisoul; 07-23-2015 at 03:28 PM. Reason: font size deleted

  2. #2
    Join Date
    Apr 2016
    Posts
    7
    Ismail makes a good point that you could ip restrict the backend. Another thing that you could do is on the IIS site for mysite.com you could redirect anyone going to the umbraco folder back to the main site and for cms.mysite.com you can set the home as /umbraco/umbraco.aspx.

  3. #3
    Join Date
    Oct 2016
    Posts
    1
    sorry I have no idea about that

  4. #4
    Join Date
    Nov 2016
    Posts
    12
    Tell people to request it by IP Address and stop pestering you?

    You can add the hostname, being FQDN if the box is not local. If on the LAN you can simply add the host name. Host names should be separate from I.P. address unless mod_authz_host in enabled and configured to do DNS lookups. Then it will resolve host

    Allow from firstIP
    Allow from secondIP
    Allow from pc1.yourdomain.com
    Allow from pc2.yourdomain.com

  5. #5
    Join Date
    Nov 2016
    Posts
    4
    thank you for infor

  6. #6
    Join Date
    Apr 2016
    Posts
    7
    CMS permissions allow you to grant (or not grant) access to entire sections of CiviCRM to user roles, such as CiviMail, CiviEvent, etc. They also allow you to restrict the user's ability to view, edit, add and delete records such as contacts, events and contributions. However, this is an 'all or nothing' approach: you cannot differentiate between contacts who fall into different groups, for instance.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles