Vulnerability in EPiServer.Forms
I set up the site for IIS.
I wrote such settings in the web.config:
siteUrl="http://localhost/test/" uiUrl="http://localhost/test/ui/" utilUrl="http://localhost/test/util/"After i authorized, the edit mode and admin worked perfectly.
But l need to map this IIS site for external access from Internet. For this purpose i redirect http://myExternalSite/test to http://localhost/test. After this i changed the settings in the web.config to these:
siteUrl="http://myExternalSite/test/" uiUrl="http://myExternalSite/test/ui/" utilUrl="http://myExternalSite/test/util/"
When i browse the http://myExternalSite/test i can authorize and view my site, BUT when i try to go to the edit or admin mode, i'll get such message:
Incorrect link The link you gave does not work, either because the page it points to has been deleted or moved. If you clicked on a link, please inform the site’s webmaster that the link is faulty.
How i can access the edit and admin mode. when i use the mapping to my site?
A common misstage is to write www.mydomain.se instead of mydomain.se or vice versa. IIS might respond to both host-headers but only one can match the uiUrl.
Also note that the port must match. If you bind to www.mydomain.se:8080 the uiUrl must also have the same port. I guess a firewall with a port map can do intresting things to the checks...
We are having the same problem with our deployment. Is there any update on a solution for this? Please note, we have our port binding in place following the change to our uiUrl and still face this issue.
Also, we're using CMS 10, not 5...