Limit access to .XML, .XSLT, and .MRT files
Current version: 8.1
To improve the security of your Sitecore installation, you must edit the web.config
file. This file is stored in the Website
folder of your installation, for example at: C:\Inetpub\wwwroot\YourWebsite\Website.
To limit access to .XML
, .XSLT
, and .MRT
files:
-
Open the
web.config
file. -
In the
<system.webServer><handlers>
section, add the following lines:RequestResponseshell<system.webServer> <handlers> <add path="*.xml" verb="*" type="System.Web.HttpForbiddenHandler" name="xml (integrated)" preCondition="integratedMode"/> <add path="*.xslt" verb="*" type="System.Web.HttpForbiddenHandler" name="xslt (integrated)" preCondition="integratedMode"/> <add path="*.config.xml" verb="*" type="System.Web.HttpForbiddenHandler" name="config.xml (integrated)" preCondition="integratedMode"/> <add path="*.mrt" verb="*" type="System.Web.HttpForbiddenHandler" name="mrt (integrated)" preCondition="integratedMode"/>
This restricts access to all .XML
, .XSLT
, and .MRT
files.
To allow a specific file path to be accessed in an unrestricted manner, such as, /sitemap.xml
:
-
Open the
web.config
file. -
In the
<system.webServer><handlers>
section, before the handlers that limit access, add the following line:RequestResponseshell<add path="sitemap.xml" verb="GET" type="System.Web.StaticFileHandler" name="xml allow" />