IP Address restrictions on a folder

If you have questions about using mojoPortal, you can post them here.

You may want to first review our site administration documentation to see if your question is answered there.

This thread is closed to new posts. You must sign in to post in the forums.
10/14/2015 12:15:38 PM
Gravatar
Total Posts 22

IP Address restrictions on a folder

Dear Jo,

Is it possible to have the IIS setting IP Address and Domain Restrictions menu work on a folder inside the Data structure. 

I run my own IIS server so have full access to the IIS Manager. 

and would like to restrict 

Server\Sites\Default Web Site\mojoportal\Data\Sites\58\media\oxfordonly folder to a certain IP address range. 

It doesn't seem to be working, because if slect the folder and press on IIS IP Restrictions  and then Edit the feature setting to have Deny - Access for unspecified clients 

I can still access any file and this is before I even add an IP address range which can access the folder.

Should I be doing this in the user.config file and not in IIS, if so can you point me in the correct direction. 

Many thanks, Karl

10/14/2015 1:20:24 PM
Gravatar
Total Posts 503
feet planted firmly on the ground

Re: IP Address restrictions on a folder

I don't think I've ever tried this but it should be possible, e.g. see http://stackoverflow.com/questions/8147804/ip-restriction-for-a-folder-of-a-web-application-in-iis7

But I wonder if this is the best way of doing things? It would be very easy to forget about those restrictions. I've not actually checked this but I think the restrictions are written into / defined in web.config, which gets overwritten in a mojoPortal upgrade, so you would need to be careful to put them back again.

Another way might be to use a mojoPortal Shared Files module and restrict access to the module and/or the page it is on using a role that you only give to the users who normally occupy that i.p. range (I assume they are from a particular organisation or something). The Shared Files module does not allow IIS to serve up the files except through the module, so it is automatically secured from direct access.

10/14/2015 2:20:53 PM
Gravatar
Total Posts 22

Re: IP Address restrictions on a folder

Thanks Crispin, that the setting that I have been trying to set but mojoportal appears to ignore the IIS setting. 

I cannot really use the role management functions because in principle the oxford only folder is aimed to provide content for the whole of the University which would be 50K+ users, so IP address access is a simple approach and allows for VPN services to allow access to the oxford only folder. 

Karl

10/14/2015 2:35:38 PM
Gravatar
Total Posts 18444

Re: IP Address restrictions on a folder

IIS settings affect IIS not mojoPortal though mojoPortal runs in the context of an IIS web site. mojoPortal is not capable of interfering with IIS configuration. It is not up to mojoportal to honor or ignore those settings since it doesn't even know about them. In short, if the settings are not doing what you expect don't blame mojoportal, there is nothing in mojoportal preventing any IIS settings from working.

If you are having trouble with IIS settings, a better place to get help is the IIS forums.

10/14/2015 2:59:13 PM
Gravatar
Total Posts 22

Re: IP Address restrictions on a folder

Thanks Joe, for the feedback, I'll explore more about what currently going wrong with my IIS site infrastructure. Currently I have the IP restriction feature on a folder set to Deny all and it is still serving files. Glad to hear it not do with mojoportal.

Regards, Karl

10/15/2015 3:52:55 AM
Gravatar
Total Posts 22

Re: IP Address restrictions on a folder

I must apologise, I tried the folder IP restriction on another server install and it worked fine and then retrying on the one I was working on it then worked. I have no idea what weirdness was happening, but as Joe pointed out mojoportal obey IIS settings.

Regards, Karl

10/15/2015 7:55:42 AM
Gravatar
Total Posts 18444

Re: IP Address restrictions on a folder

Technically it is not correct to think mojoportal is obeying. IIS request filtering rules happen first and the request would never even reach mojoportal. 

web requests come in to IIS and IIS must decide the correct handler to delegate the request to, filtering would happen first and the request would not be delegated to a handler. For static files, if there was no filter blocking the request, it would ultimately be handled by the static file handler, not by mojoportal code.

You must sign in to post in the forums. This thread is closed to new posts.