Deny anonymous users access to a folder

Last updated Thursday, December 1, 2016 in Sitecore Experience Platform for Administrator, Developer
Keywords: Security

You can improve security if you prevent anonymous users from accessing certain key folders. In the Internet Information Services (IIS) manager, you should prevent anonymous users from accessing the following folders:

  • /App_Config
  • /sitecore/admin
  • /sitecore/debug
  • /sitecore/login
  • /sitecore/shell/WebService

To deny anonymous users access a folder:

  1. Open IIS.
  2. Navigate to Web Sites\Default Web Site\App_Config.
  3. In the App_Config folder, in the IIS section, double-click Authentication.


  4. In the Authentication folder, click Anonymous Authentication and in the Actions panel, click Disable.


  5. Restart IIS.

Repeat this procedure for the admin folder (/sitecore/admin,) the debug folder (/sitecore/debug), and the Webservice folder (/sitecore/shell/WebService).

Send feedback about the documentation to