Sitecore contains a number of helpful administrative tools. While these tools can be useful when troubleshooting issues in a production environment, we recommend that you disable them when you are not using them.
You must never enable these administrative tools in a Content Delivery environment, or in a Content Management environment that is exposed to the internet.
To disable an administrative tool:
- In the
<Webroot>/sitecore/adminfolder, locate the relevant file.
.disabledat the end of the existing file name:
You can disable the following ASPX pages:
The following administrative tools are disabled by default:
Secure the SqlShell.aspx tool
SqlShell.aspx tool is a very powerful tool for which some extra rules apply.
To control the availability of the
SqlShell.aspx tool, you can create an empty file in the
<Webroot>/sitecore/admin folder called
disabled. This file must not have an extension and does not need to contain any information. These files are not part of the default Sitecore installation.
When you run the
SqlShell.aspx tool, it checks for these files.
If there is no
- The tool is available if you are using HTTPS.
- The tool is not available if you are using HTTP.
If there is an
- The tool is available if you are using either HTTPS or HTTP.
If there is a
- The tool is not available if you are using either HTTP or HTTPS.
To prevent anyone from accessing the
SqlShell.aspx tool, we recommend that you create a