Currently this is an option only in the cloud environment.
Access to the Admin Console can be disabled for any website within its environment. Consider the following scenario: My environment has 6 web servers, 3 of them are exposed to the public and 3 are internal facing. I only want to allow people to access to the Admin Console features for the 3 web servers that are on an internal network. The other 3 external web servers need to be locked down for security reasons and therefore, I do not want people access the Admin Console.
To facilitate this behavior, the DisableAdminAccess appSetting (web.config) needs to be set to "true". When set to a value of "true" the Admin Console, CMS shell, and the admin api's will be disabled and return error messages if someone attempts to use them.
Blocking /admin on the public domain will disable impersonation of users via the admin console. We do not block sub domain integration URLs.
- main.com ~ /admin can be blocked.
- main.insitesofthosting.com ~ /admin cannot be blocked.
- eu-main.com ~ /admin can be blocked.
- eu-main.insitesofthosting.com ~ /admin cannot be blocked.
Updated 9 months ago