通过 IP 限制访问 Orchard CMS 的管理端 [英] Restrict access to the Admin side of Orchard CMS by IP
问题描述
我试图拒绝对/Admin 的所有 IP 的访问,但有几个例外.Orchard CMS 1.8.1 应用程序在 IIS 8.5 上运行.我正在试验 IP 限制规则,但在我看来这不是正确的工具,因为我只能在文件夹而不是单个页面上设置访问权限.(设法拒绝访问 TheAdmin 主题.)
I'm trying to deny access all IPs to the /Admin with a couple exceptions. The Orchard CMS 1.8.1 app is running on IIS 8.5. I'm experimenting with IP Restrictions rule, but it seems to me that is not the right tool, as I could only set access rights on folders not individual pages. (Managed to deny access to TheAdmin theme.)
我尝试了以下代码段但没有成功:
I've tried the below snippet with no luck:
<location path="Admin">
<system.webServer>
<security>
<ipSecurity allowUnlisted="false">
</ipSecurity>
</security>
</system.webServer>
</location>
http://www.iis.net/configreference/system.webserver/安全/ipsecurity
还尝试为根目录的用户/帐户/登录创建虚拟目录并设置其访问权限,但也没有奏效.
Also tried to create a Virtual Directory for Users/Account/LogOn for the root directory and set its access rights, but that didn't work either.
我想为/Admin 设置 URL 重写,但不确定如何开始或我应该遵循什么逻辑.
I was thinking to set URL Rewrites for the /Admin, but not really sure about how to start or what logic should I follow.
有什么建议吗?
推荐答案
如果我正确理解你的动机,我认为最好编写一个过滤模块,让你完全控制在什么条件下会发生什么.
If I understand your motives correctly, I think it would be best to write a filter module, that will give you full control over what will happen under what condition.
[OrchardFeature("FeatureDefinedInModuleTxtManifest")]
public class AdminAccessFilter : FilterProvider, IAuthorizationFilter
{
private readonly IAuthorizer _authorizer;
public AdminAccessFilter(IAuthorizer authorizer)
{
_authorizer = authorizer;
Logger = NullLogger.Instance;
}
public ILogger Logger { get; set; }
public void OnAuthorization(AuthorizationContext filterContext)
{
if (!AdminFilter.IsApplied(filterContext.RequestContext) || !_authorizer.Authorize(StandardPermissions.AccessAdminPanel))
{
// Not an admin area or no permission already, do nothing
return;
}
var request = filterContext.HttpContext.Request;
var userIp =
request.ServerVariables["HTTP_X_FORWARDED_FOR"] ?? // Proxy
request.UserHostAddress;
if (userIp != "100.100.100.100") // Your logic for denying access
{
Logger.Fatal("Unauthorized admin access detected from {0}", userIp);
filterContext.Result = new HttpUnauthorizedResult();
}
}
}
这篇关于通过 IP 限制访问 Orchard CMS 的管理端的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!