Vulnerability in EPiServer.Forms
I have a request that I would guess it not that unique but I cannot find much info about. My customer wants to block access to edit/admin login from the internet on their public site. By default it is available on port 80. My idea was to put the admin login on another port, e.g. 8080 and let the firewall block all access. I found this technote on the subject and thought it would do the trick: http://world.episerver.com/Documentation/Items/Tech-Notes/EPiServer-CMS-5/EPiServer-CMS-5-R2-SP2/Securing-Edit-and-Admin/
However, when I follow the outlined steps and change e.g. the uiUrl in web.config from a relative path to an absolute path including protocol and portnumber (e.g. http://localhost:8080/test/) I get an error saying that this is not a valid virtual path and the site is not acessible. I have tried variations on this but I haven't got it working.
Have anyone done this and know how to mode tha admin login to another port?
I suggest you create a new site just for testing. In the wizard, set the UI binding to a different port. Then check what it puts in web.config. I can't remember having any problems with an absolute uiUrl. You have "test" in your URL - did you create a location and a virtual path mapping for that as well? If you changed the path in the URL when you added the host and port your locations and path mappings will still be for the old path. Or do you have some code in your solution that reads the uiUrl (through the Settings class for example) and does something with it, so that's where the error comes from?
You may create two row in "Web Server Bindings" in the installation wizard. One for Default and other for UI Binding. I recommend you use the HTTPS protocol and special Relative Path for UI Binding.