If like me, you use Umbraco, you'll probably be familiar with the UrlRewriting.Net module that the site uses that can be used to create rewrites and redirects on your site. However, if your site is running IIS7 or later, you should really be using the IIS Url Rewrite Module instead. It's MUCH faster, supports more advanced rule matching and conditions that UrlRewriting.Net, and is extensible too if you want to write your own rewrite matching code.
If you've never come across the module before, you can learn all about it's many features and there's a ton of useful tutorials and info over on the IIS.net website.
I'm going to assume that you're familiar with how the module works, and I'm going to show you a couple of nifty tricks that you can use to use the module to restrict acess to your site, say during testing, or an Umbraco upgrade, and how to do it in an SEO friendly way.
First, how can you restrict access to the site?
Lets say you're updating a section of your website and you want to lock people out of the section temporarily. I'd normally create a page that tells the user about this, and then create a rule something like this:
<rule name="Restrict Access to Umbraco" stopProcessing="true"> <match url="^/umbraco/(.*)" /> <conditions> <add input="{REMOTE_ADDR}" pattern="123\.123\.123\.123" /> </conditions> <action type="Rewrite" url="/update-notice/" /> </rule>
How the rule works is that it checks the path for the path ("/umbraco/" in this example) and if their IP address doesn't match a specified address (you can add as many clauses as you want for different addresses), they're shown a rewritten update notification page ("/update-notice/"). IN this example, the original URL is kept, but you could change the rule to a redirect if you'd prefer.
Secondly, how can we make it more SEO friendly?
The above approach is fine for quick stuff, or things that need to be permanently locked down, but what about SEO? What am I talking about? Let's say you lock everyone out of your site while performing an Umbraco upgrade, what happens when Google or any of the other search engines try and spider the site while you've locked them out? They'll probably see the page you've set up, and flag that the content has been redirected (or re-written, depending on how you've implemented the rule). This can negatively affect your SEO. What you REALLY want to do is return a 503 HTTP status. This tells the visiting client that the page is unavailable, but only temporarily, due to server maintenance. This will mean that Google will ignore the fact that your site is down, and stop indexing and try again later (and most other search bots will do the same).
So here's an example rule that returns a 503 status for the entire site, EXCEPT for a specific IP address:
<rule name="Return 503 For Whole Site" stopProcessing="true"> <match url=".*" /> <conditions> <add input="{REMOTE_ADDR}" pattern="123\.123\.123\.123" /> </conditions> <action type="CustomResponse" statusCode="503" subStatusCode="0" statusReason="Site is unavailable" statusDescription="Site is down for maintenance" /> </rule>
This works very similarly to the previous rule, except that the ENTIRE site returns a 503, unless you are coming from the specified IP address. Using this technique, it is possible to safely make the site unavailable for users/search bots, while still having it available to you for testing etc.
There's a lot more that you can do with the module, and I shall post some more tutorials soon, mostly focused around SEO!
:)
Thanks for the blog post, I was just doing a little research on making SEO friendly "site offline" solutions and have ended up with a solution very similar to yours. Yours however is the first one to make use of additional rules to avoid sending the HTTP 503 to a specific remote address but I noticed your rule essentially sends the 503 only to that IP - adding negate=true to the condition would give the desired outcome.
<add input="{REMOTE_ADDR}" pattern="123\.123\.123\.123" negate="true" />
This would effectively be "Does Not Match the Pattern" in the URL-Rewrite Module.
How would you use this method but then use a surface controller?
Surface controllers are /umbraco/surfacecontroller/.....
Its really causing me an issue?
I am trying to use either sample and nothing happens. I have the URL Rewrite module in IIS as I can see and edit the rules. I tried your exact example to try and block access to the entire site. Nothing happens. Ideas?