One of the frequent questions I am hearing besides development related stuff is configuration related. In world, there is always plenty of options available for you in terms of configuring your production environment. Not to get carried away, but this is really a critical aspect, especial for large enterprises. When your product cannot be flexible enough to be decoupled in components, this may represent quite a challenge. Systems forcing large footprint are more difficult to maintain, backup, secure, etc.
A quick and proven way to handle this it rely on native IIS securing features. With IIS7 you can do that even easier. What you can do is simply deny access to /sitecore folder based on IP restrictions.
- Make sure you have “IP Security” feature installed for IIS:
- Locate your site in IIS, select /sitecore folder:
- On the _Features _view, select “IP Address and Domain Restrictions”:
- Configure any allow/deny rules you want:
Isn’t it easy?