Securing Directories on Sitecore Azure Web App Instances

Quick post today: If you're wondering how Sitecore secures the client and other sensitive directories when deploying to Azure Web Apps, it's quite simple. And you can use the same trick to protect other sensitive folders in your instance.

The secret is in the Web.Config's location directives. For example, these rules allow access to the /api directory, and deny it to the /sitecore directory:

<location path="sitecore">
    <system.web>
      <authorization>
        <deny users="*"/>
      </authorization>
    </system.web>
  </location>
<location path="sitecore/api">
  <system.web>
    <authorization>
      <allow users="*"/>
    </authorization>
  </system.web>
</location>

Securing Directories on Sitecore Azure Web App Instances

Checklist: Preparing Your Sitecore Solution for the Move to Azure

Working with Right-To-Left Languages in Sitecore Content Editor