- Scenario:
- If I are using an EXTERNAL URL to access admin page on the CD(Content Delivery server) – e.g https://Your_Website_ExternalDNSName/sitecore/admin – it should redirect you to CD login page or may be home page of the site
- But you would still like to access the admin page by using INTERNAL URL(by server name e.g https://Your_Website_InternalServerName/sitecore/admin)
- Solutions:
- There are many method which can be used for security hardening of Sitecore admin pages but URL Rewrite is one of the easiest to implement.
- First of all the the URL Rewrite module on the IIS must be installed.
- Now in your web.config file in the “rewrite” section add the below rules
- In the rule you are defining the match pattern that if the URL contains sitecore/admin, sitecore/login, sitecore/diag, sitecore/debug, sitecore/shell or sitecore/, then redirect to the CD login page if the condition that the URL matches the EXTERNAL website URL. If the condition of EXTERNAL URL does not match, let the user open these admin pages using INTERNAL URL)
- <rewrite>
<rules>
<rule name=”Disable Admin tool“ stopProcessing=”true“>
<match url=”^sitecore/(admin|login|diag|debug|shell).*[^s]*$“/>
<action type=”Redirect“ url=”https://{HTTP_HOST}/Login/Login.aspx“ appendQueryString=”false“/>
<conditions>
<add input=”{HTTP_HOST}“ pattern=”Your_Website_ExternalDNSName“/>
</conditions>
</rules></rewrite>