/ Sitecore

Sitecore 9: Restrict Access to the Client

0 Shares

Locking down your Content Delivery servers so external users can’t access your content management capabilities and Admin pages is one of the top security steps you need to undertake when deploying a new Sitecore environment.

The first step is to implement IP-based security restrictions:

Instructions for IIS 7 and greater are as follows: https://docs.microsoft.com/en-us/iis/configuration/system.webServer/security/ipSecurity/

The second step is disabling Anonymous IIS access:

This can be achieved by changing the authentication mode in the web.config to none:

<authentication mode="None">

Or by disabling anonymous access to the following via IIS:

  • admin folder
  • login folder
  • shell folder
  • default.aspx page

One of the benefits of Sitecore 9 is that for XM1 and XP1 deployments the authentication node is already set to none for the Content Delivery Server. For XP0, as this is intended for development environments, if you attend to use it for a CD role you will need to set the mode to none (It is not recommended to use XP0 if you have anything beyond a Development Server, use XM1 or XP1 as its intended).

References:

Restrict access to the client – https://doc.sitecore.net/sitecore_experience_platform/setting_up_and_maintaining/security_and_administration/access_rights/restrict_access_to_the_client

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Share via
Facebook
X (Twitter)
LinkedIn
Mix
Pinterest
Tumblr
Skype
Buffer
Pocket
VKontakte
Parler
Xing
Reddit
Line
Flipboard
MySpace
Delicious
Amazon
Digg
Evernote
Blogger
LiveJournal
Baidu
MeWe
NewsVine
Yummly
Yahoo
WhatsApp
Viber
SMS
Telegram
Facebook Messenger
Like
Email
Print
Copy Link
Powered by Social Snap
Copy link
CopyCopied
Powered by Social Snap