Platform Administration and Architecture

Disable administrative tools

Applies to

All core roles

Sitecore Installation Framework

Most administrative tools are not disabled by default. In 9.0.2 and later, SqlShell is disabled by default.

Azure Toolkit

Most administrative tools are not disabled by default. In 9.0.2 and later, SqlShell is disabled by default.

Sitecore contains a number of helpful administrative tools. While these tools can be useful when troubleshooting issues in a production environment, we recommend that you disable them when you are not using them.

Important

Administrative tools should only be enabled on Content Management servers that are not exposed to the internet. You must never enable these administrative tools on roles such as Content Delivery, xDB Reporting, or xDB Processing.

To disable an administrative tool:

  1. In the <Webroot>/sitecore/admin folder, locate the relevant file.

  2. Add .disabled at the end of the existing file name. For example:

    • Old name: logs.aspx

    • New name: logs.aspx.disabled

You can disable the following ASPX pages:

  • Cache.aspx

  • DBCleanup.aspx

  • dbbrowser.aspx

  • ShowServicesConfig.aspx

  • eventqueuestats.aspx

  • FillDB.aspx

  • InstallLanguage.aspx

  • Jobs.aspx

  • LinqScratchPad.aspx

  • Logs.aspx

  • MediaHash.aspx

  • PackageItem.aspx

  • PathAnalyzer.aspx

  • Pipelines.aspx

  • PublishQueueStats.aspx

  • RawSearch.aspx

  • RebuildKeyBehaviorCache.aspx

  • RebuildReportingDB.aspx

  • RedeployMarketingData.aspx

  • RemoveBrokenLinks.aspx

  • restore.aspx

  • SecurityTools.aspx

  • serialization.aspx

  • SetSACEndpoint.aspx

  • ShowConfig.aspx

  • SqlShell.aspx

  • stats.aspx

  • unlock_admin.aspx

The following administrative tools are disabled by default:

  • FillDB.aspx

  • Unlock_admin.aspx

  • SqlShell.aspx

Secure the SqlShell.aspx tool

The SqlShell.aspx tool is a very powerful tool for which some extra rules apply.

To control the availability of the SqlShell.aspx tool, you can create an empty file in the <Webroot>/sitecore/admin folder named enabled or disabled. This file must not have an extension and does not need to contain any information. These files are not part of the default Sitecore installation.

When you run the SqlShell.aspx tool, it checks for files named enabled or disabled. If there is no enabled or disabled file:

  • The tool is available if you are using HTTPS.

  • The tool is not available if you are using HTTP.

If there is an enabled file:

  • The tool is available if you are using either HTTPS or HTTP.

If there is a disabled file:

  • The tool is not available if you are using either HTTP or HTTPS.

Important

To prevent anyone from accessing the SqlShell.aspx tool, we recommend that you create a disabled file.