/ Azure

Securing Directories on Sitecore Azure Web App Instances

Quick post today: If you're wondering how Sitecore secures the client and other sensitive directories when deploying to Azure Web Apps, it's quite simple. And you can use the same trick to protect other sensitive folders in your instance.

The secret is in the Web.Config's location directives. For example, these rules allow access to the /api directory, and deny it to the /sitecore directory:

<location path="sitecore">
    <system.web>
      <authorization>
        <deny users="*"/>
      </authorization>
    </system.web>
  </location>
<location path="sitecore/api">
  <system.web>
    <authorization>
      <allow users="*"/>
    </authorization>
  </system.web>
</location>
Derek Correia

Derek Correia

Technology addict, avid homebrewer, Oxford comma fan, and Senior Technical Account Manager at Sitecore. Posts here are based on my thoughts and opinions and do not represent Sitecore.

Read More