Vulnerability in EPiServer.Forms
I got issue while I go to admin /Episerver it redirects to private IP under an Azure load balancer with two cms instance hosted on azure VM machine.
But it works if directly go to https://DOMAIN-NAME/util/login.aspx?ReturnUrl=%2FEPiServer
Seems like HTTPs redirect issue under a load balancer.
Why /Episerver redirect to insecure HTTP ?
How to fix this issue. Your help will be appreciated.
do you have any custom redirect rules?
what your site domain host mappings (configured in cms admin section)?
No, there is no custom redirect rule on web config.
There is one custom host binding on CMS admin's manage website section.
Host Name Culture Type Scheme
Hi, what authentication are you using for the site?
If you are using forms authentication, then check the value in web.config: authentication -> forms, what is the loginUrl value?
If you are using the ASP.NET identity (Episerver implementation) or OIDC or something that uses Owin, then check your "LoginPath" value in your OwinStartup class, where you have the code for CookieAuthentication.