Cover Image for Restricting environment access in Episerver DXP

Restricting environment access in Episerver DXP

SEE: https://world.episerver.com/digital-experience-cloud-service/dxc-security/restricting-environment-access/

The example provided does work but the DXP warmup will fail due to the service not being able to reach the application. In order to have the warmup work for deployments to restricted environments the following input should be added.

<add input=”{HTTP_USER_AGENT}” pattern=”Episerver\sDXC\sAutomation\s*Engine” negate=”true” /><!– Allow warmup service >

The functioning example becomes

<rewrite>
  <rules>
    <rule name="Block unauthorized traffic" stopProcessing="true">
      <match url=".*" />
      <conditions>
        <add input="{HTTP_HOST}" pattern="custom12a3binte\.dxcloud\.episerver\.net|custom12a3bprep\.dxcloud\.episerver\.net" />
        <add input="{HTTP_USER_AGENT}" pattern="Episerver\sDXC\sAutomation\s*Engine" negate="true" /><!-- Allow warmup service -->
        <add input="{HTTP_True_Client_IP}" pattern="^88\.250\.74\.6$" negate="true"/>
      </conditions>
      <action type="CustomResponse" statusCode="403" statusReason="Forbidden" statusDescription="Site is not accessible" />
    </rule>
  </rules>
</rewrite>