How To Disable Sitecore Admin From Your Content Delivery Servers

When you work with any CMS platform, in order for a content editor to access the CMS, they have to type in the back-end URL into a browser; with Sitecore this URL will look like this:

www.website.com/sitecore

The whole point of a website is so people can come and take a look at your site and out of the box, anyone can access this URL. This means if some clever dick typed /Sitecore to the end of your domain they will get access to the login page. If they combine this with a brute forcing technique they may eventually get access to the backend.

For this reason, it’s always best practice to prevent a site visitor, or anyone external to your company, from accessing the admin login page.

If you run your Sitecore environment in a staging/live environment then this is pretty easy. You can disable the Sitecore admin on the live nodes and keep it open in your auth/staging environment.

sitecore_Authoring_Enviroment

Exposing the Sitecore backend to the whole world adds quite a big security vulnerability. The quick and easy way to lock an environment down is via IIS authentication. In IIS, open up your website and open the Sitecore folder.

sitecore_Authoring_Enviroment_1

Select the ‘Admin’ folder and select ‘Authentication’.

sitecore_Authoring_Enviroment_2

From the authentication dialog, make sure Anonymous Authentication is set to disable. You also need to repeat this on the ‘login’ folder:

sitecore_Authoring_Enviroment_3

After doing this, try to load your Sitecore admin.

sitecore_Authoring_Enviroment_4

When you try and view the back-end Sitecore login page you will now see 401.2 – Unauthorized error, instead of the Sitecore log-in page.

Jon D Jones

Software Architect, Programmer and Technologist Jon Jones is founder and CEO of London-based tech firm Digital Prompt. He has been working in the field for nearly a decade, specializing in new technologies and technical solution research in the web business. A passionate blogger by heart , speaker & consultant from England.. always on the hunt for the next challenge

More Posts

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *