Restrict access to the client
How to restrict access to Sitecore client with IP Security or by disabling anonymous access.
Applies to | All Core roles except Content Management. |
Sitecore Installation Framework | Anonymous users access to folders is not disabled by default. |
Azure Toolkit | Anonymous user access to folders is disabled by default. |
Unauthorized access to Sitecore client is a potential security risk, and we recommend that you prevent access to it on all instances where you do not need it.
To restrict access to the client, disable IIS anonymous access:
Open the IIS Manager application.
To see a list of all you IIS websites, in the Connections pane, double-click the name of your server and then double-click the Sites icon.
Double-click the website of the role you want to configure.
Click the first folder or file from this list:
<webroot>\App_Config\<webroot>\sitecore\admin\<wwwroot>\sitecore\debug\<webroot>\sitecore\login\<webroot>\sitecore\shell\<webroot>\sitecore\default.aspx<webroot>\sitecore modules\debug\<webroot>\sitecore modules\Shell\<webroot>\xsl\
Note
To select a file instead of a folder, right-click the role website and click Switch to Content View to see the website files. Then click the file, right-click the role website again, and click Switch to Feature View.
In the center application pane, in the IIS section, double-click the Authentication icon.
On the Authentication list, click Anonymous Authentication.
In the Actions pane, click Disable.
Repeat steps 5 to 7 for all the listed folders and files in step 4.
In the Connections pane, click the name of your server.
To restart IIS and activate your configurations, in the Actions pane, in the Manage Server section, click Restart.