Hi all, a quick question that maybe could lead to ...
# masacmss
Sebastiaan
11/12/2024, 1:46 PMHi all, a quick question that maybe could lead to a pull-request or a change in MASA CMS: I have implemented a quick fix to prevent people from being able to access the MASA CMS login screen at /admin. Maybe it could be a permanent feature in MASA CMS? Via a Settings variable or something? Changed in /admin/core/views/login/main.cfm
Copy code
<cfif getHttpRequestData().headers["X-Forwarded-For"] eq "[localIPFromSettings]">
<!-- show login -->
<cfelse>
<cflocation url="[redirect-to-some-URL]" statuscode="302" addtoken="false">
</cfif>e
Evil Ware
11/12/2024, 2:38 PMyou can always add basic authentication using. htaccess for /admin
s
Sebastiaan
11/12/2024, 3:13 PMYeah, that was also a possibility, just need to figure out how to do that in IIS - and I still need the IP-ranges to allow
e
Evil Ware
11/13/2024, 6:26 PMin IIS, go to your vhost for your site / go to the connections tab, open the URL Rewrite, then add a new rule. It would be something like ^admin(/.*)?$ , you will need to test that. Under conditions in the same Rewrite module is where you can add IP restrictions.