Restrict access to the client

Last updated Tuesday, April 12, 2016 in Sitecore Experience Platform for Administrator, Developer

In the xDB, when you configure servers for different purposes, depending on the role, you may need to disable the Sitecore client. For example, if you configure a content delivery server or processing server it is not necessary to access the client application, so in this case disabling the client is recommended.

To prevent unauthorized access to the Sitecore client interfaces, you need to restrict access on every instance of your content delivery or processing environments.

There are two ways to restrict access to the client:

Implement IP-based security restrictions

To restrict access to client interfaces, you can implement IP-based security restrictions.

Note

The steps you follow to implement IP-based security restrictions vary depending on which operating system you have.

To implement IP-based security restrictions in Windows 7:

  1. Open the Control Panel.
  2. In the Control Panel, click Programs.
  3. Under Programs and Features, click Turn Windows Features on or off.
  4. In the Windows Features window, select IP Security.

    Picture 5

For instructions on how to configure IP-based security restrictions in IIS 7 and later, see http://www.iis.net/ConfigReference/system.webServer/security/ipSecurity.

For instructions on how to configure IP-based security restrictions in IIS 6 and earlier, see http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/128d26dd-decb-42f9-8efb-30724d1a2f29.mspx?mfr=true.

Disable Anonymous IIS access

Another way to restrict access to the client is by disabling Anonymous IIS access to the following folders and files in your Website\sitecore folder:

  • admin folder
  • login folder
  • shell folder
  • default.aspx page

Note

You need to exclude the /sitecore/service folder from the IIS restrictions because it contains several service .ASPX pages that are used when reporting conditions or information back to the web client. For example: 404 Page Not Found and 403 Forbidden

You can move files from the /sitecore/service folder to sit outside the /sitecore folder, but you must also remember to update the following settings in the web.config file: ErrorPage, NoAccessUrl, NoLicenseUrl, LayoutNotFoundUrl, ItemNotFoundUrl, LinkItemNotFoundUrl

To disable Anonymous IIS access:

  1. Open Internet Information Services (IIS).
  2. In IIS, click Features View and then in the Security category, select Authentication.
  3. In your website folder structure, click, for example, the admin folder.

    Picture 7

  4. To set Anonymous Authentication to Disabled, in the Actions panel, click Disable.

Send feedback about the documentation to docsite@sitecore.net.