Limit access to XML, XSLT, and MRT files
Applies to |
All core roles |
Sitecore Installation Framework |
Access is not limited by default. |
Azure Toolkit |
Access is not limited by default. |
To improve the security of your Sitecore installation, edit the web.config
file with general Sitecore settings, and disable the web.config
file with EXM settings.
To limit access to XML, XSLT, and MRT files:
-
Open the
web.config
file with general Sitecore settings. This is stored in the top-level folder of your installation, or in theWebsite
folder. -
In the
<system.webServer><handlers>
section, add the following lines:RequestResponse<system.webServer> <handlers> <add path="*.xml" verb="*" type="System.Web.HttpForbiddenHandler" name="xml (integrated)" preCondition="integratedMode"/> <add path="*.xslt" verb="*" type="System.Web.HttpForbiddenHandler" name="xslt (integrated)" preCondition="integratedMode"/> <add path="*.config.xml" verb="*" type="System.Web.HttpForbiddenHandler" name="config.xml (integrated)" preCondition="integratedMode"/> <add path="*.mrt" verb="*" type="System.Web.HttpForbiddenHandler" name="mrt (integrated)" preCondition="integratedMode"/>
This restricts access to all XML, XSLT, and MRT files.
-
Disable the
web.config
file that has EXM settings. This is in the\sitecore modules\Shell\EmailCampaign\
folder.
Allow unrestricted access to a specific file path
After you have disabled the general access to XML, XSLT, and MRT files, you might want to allow access to specific files.
To allow the files for a specific file path to be accessed in an unrestricted manner:
-
Open the
web.config
file with general Sitecore settings. -
In the
<system.webServer><handlers>
section, before the handlers that limit access, add the following line, wheresitemap.xml
is the file you want to allow unrestricted access to:RequestResponse<add path="sitemap.xml" verb="GET" type="System.Web.StaticFileHandler" name="xml allow" />