Using IIS 7 URL rewrite rules to block the public "access" to SharePoint "_layouts" pages

When you use MS SharePoint 2007 / 2010 site as a Internet public facing site, it's smart and safe to block the anonymous access to back-end "_layouts" pages.

It's easy to use IIS 7 URL rewrite rules to perform the access blocking.
Below is the sample rule.

     <rule name="_layouts" stopProcessing="true">
          <match url="^_layouts($|/.*)" />
          <conditions logicalGrouping="MatchAny">
               <add input="{HTTP_HOST}" pattern="^pub\.stag\.moevenpick-icecream\.com$" />
               <add input="{HTTP_HOST}" pattern="^pub\.prod\.moevenpick-icecream\.com$" />
                <add input="{HTTP_HOST}" pattern="^www\.moevenpick-icecream\.com$" />
          </conditions>
          <action type="None" />
        </rule>

If you want to black the access to "_layouts/login.aspx" page, then use this rule:

        <rule name="Disable SharePoint login.aspx Page" enabled="false" stopProcessing="true">
            <match url="^(.*|/)Login.aspx.*$" />
            <action type="AbortRequest" />
        </rule>

For more SharePoint 2013 Administration tips, see below book.



Comments

Post a Comment

Popular posts from this blog

Top JavaScript courses helping you develop SPFx webPart with ReactJS and AngularJS

Image
As SharePoint 2016 is launched and the SharePoint Framework was announced on 4th of May,  for a SharePoint developer, these are the technologies that you should learn in the next months in order to be prepared to the new framework. They are AngularJS, ReactJS, Node.js and TypeScript. I shared those best online courses from "Udemy.com" in here. Learn anytime, anywhere, on most devices. Each course comes with a 30-day money-back guarantee. Course : Sharepoint: SPFx Development Model - It's providing clear instructions on this new SPFx framework. It delivers an example of full development workflow using Knockout.js JavaScript framework and PnP helper code. Instructor: OLEG RUMIANCEV is a full-time SharePoint ninja currently living in Biddulph, United Kingdom. His interests range from Microsoft and SharePoint to AI, and inspirational TED talks. ReactJS - React is straight JavaScript and more smaller compare with Angular JS. It's emerging in an ecosystem of
Read more

SharePoint 2013 error - "Application error when access /_vti_bin/client.svc"

I had been received a error message " Application error when access /_vti_bin/client.svc, Error=Path '/_vti_bin/client.svc/ProcessQuery' is forbidden " when try to add user account to a user group in SharePoint 2013 Portal . I searched the issue in google and found out it may related to security issue in local folder  "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\15\ISAPI" of " /_vti_bin/client.svc ". I verified the user permission on this folder and found out that "IUSR" for IIS is not there, and so I granted user account "IUSR" read and execute permission in this folder. I went back to try add user account in SharePoint again, and it worked successfully this time! This issue is related to error "The server was unable to save the form at this time. Please try again." which can be resolved using above configuration. In addition, if this error still occur, check the windows features in con
Read more

Enable the Microsoft Power BI report file type (.pbix) in SharePoint Search

Image
By default, the Microsoft Power BI report file (.pbix) is not in the list of file type in SharePoint 2013 search configuration in Central Admin, and so you wouldn't open the Power BI file directly by clicking the link from the search result page. However, it's easy to add this file type by following configuration. Open “Central Admin” site, and then go to "Manage service applications”->”Search Service Application XX” (use the actual name of the “Search Service Application” in your site). Click on the “File Type” in left side navigation. Click the New File Type button and type PBIX (no period needed) in the File extension box and click OK. Restart the Search Service: Go to local “services”, stop the SharePoint Server Search service and start it again. Reset Your Index: Back on the Search Administration page within Central Administration you will want to click on the Index Reset link under Crawling on the left side menu. Press the Reset Now button. Rem
Read more