IntroductionSitecore best practice states that pages under
That can be importnat and useful due to quite few reasons:
- investigating of performance problem
- audit of Sitecore setup
- continuous monitoring
- and so on...
Step 1. Make sure ipSecurity is installed on Windows Server (install if not)Just follow simple steps described in this article
Step 2. Allow overriding ipSecurity configuration on site level
This is optional step, which depends on your requirements. By default ipSecurity is configured on application host level. However, in my case, it is better to have those site specific settings to be stored in web.config file in Sitecore root.
To do this, open "%WINDIR%\system32\inetsrv\config\applicationHost.config" and change following setting to "Allow":
Step 3. Whitelist IP addresses in Sitecore web.config file
Go to web.config file and whitelist IP addresses as it is showed on example below.
Make sure to add property allowUnlisted="false"
Step 4. Try it out
Restart IIS, login to backend and try to open any of the pages under /sitecore/admin.
Expected result from when opening website from whitelisted URL would be success.
From not whitelisted URL - it would be "403 - Forbidden" (can be changed to another respone code)
What about Sitecore on Azure PaaS?
IP Security should work on Azure App Service, therefore no need to perform any extra steps to install it. You should be able to proceed from step #3 above.