Platform Administration and Architecture

Deny anonymous users access to a folder

Applies to

All core roles

Sitecore Installation Framework

Anonymous users access to folders is not disabled by default.

Azure Toolkit

Anonymous user access to folders is disabled by default.

You can improve security if you prevent anonymous users from accessing certain key folders. In the Internet Information Services (IIS) manager, you should prevent anonymous users from accessing the following folders:

  • /App_Config

  • /sitecore/admin

  • /sitecore/debug

  • /sitecore/login

  • /sitecore/shell/WebService

To deny anonymous users access to a folder:

  1. Open IIS.

  2. Navigate to Web Sites\Default Web Site\App_Config.

  3. In the App_Config folder, in the IIS section, double-click Authentication.

    deny-anon-users1.png
  4. In the Authentication folder, click Anonymous Authentication and in the Actions panel, click Disable.

    deny-anon-users-21.png
  5. Restart IIS.

Repeat this procedure for the admin folder (/sitecore/admin), the debug folder (/sitecore/debug), and the Webservice folder (/sitecore/shell/WebService).